New VCE and PDF– You can prepare Cisco 500-254 exam easily with Cisco 500-254 questions and answers.By training our Cisco 500-254 vce dumps with all the latest questions, you can pass the Cisco 500-254 exam on the first attempt.
QUESTION 34
Refer to the exhibit.
Which two statements about the exhibit are true? (Choose two.)
A. The default behavior is shown in the exhibit.
B. The default behavior should be Continue/Continue/Continue.
C. If Continue/Continue/Continue is configured, the endpoint is allowed on the network.
D. The default Identity Source is shown in the exhibit.
Correct Answer: AD QUESTION 35
Refer to the exhibit.
Which two statements are true about identity groups and their use in an authorization policy? (Choose two.)
A. Only user identity groups can be created in Cisco ISE.
B. User identity groups can reference internal and external stores.
C. The Whitelist identity group that is shown in the exhibit can be used to contain MAC addresses that are statically entered into Cisco ISE.
D. The Whitelist identity group is one of the predefined identity groups in Cisco ISE.
E. Identity groups can only reference internal endpoints and users in the local database.
Correct Answer: BC
QUESTION 36
Refer to the exhibit.
The authorization policy is using “Multiple Matched Rule Applies” for rule matching.
ProfileA = VLAN attribute 10
ProfileB = DACL= Employee, Voice DomainPermission = TRUE
Which statement is correct with regards to the Multiple Matched rule?
A. The Multiple Matched rule is not supported in Cisco ISE.
B. If both Rule 1 and Rule 2 are matched based on the conditions, the switch port will only receive VLAN attribute 10.
C. If both Rule 1 and Rule 2 are matched based on the conditions, the switch port will receive VLAN attribute 0, DACL= Employee, Voice DomainPermission = TRUE.
D. If both Rule 1 and Rule 2 are matched based on the conditions, the switch port will only receive DACL= Employee, Voice DomainPermission = TRUE.
Correct Answer: C
QUESTION 37
How are access control lists implemented on a Cisco WLC in a Cisco ISE authorization policy?
A. Dynamic access lists are configured in Cisco ISE.
B. Named access lists are configured in Cisco ISE.
C. Named access lists are pushed down to the WLC.
D. Named access lists are configured on the WLC.
Correct Answer: D
QUESTION 38
Which two statements are correct about Change of Authorization? (Choose two.)
A. Different Change of Authorization types of action can be set based on authorization policy.
B. Change of Authorization exception actions are configured globally in Cisco ISE.
C. Port bounce, reauth, and port shun are supported Change of Authorization types in Cisco ISE.
D. No CoA, port bounce, and reauth are supported Change of Authorization types in Cisco ISE.
Correct Answer: BD
QUESTION 39
Which two statements are correct regarding Cisco ISE Guest Services? (Choose two.)
A. Guest portals must be located on the same secondary node where Cisco ISE network access is configured to handle RADIUS requests in the NAD.
B. A guest administration user interface action can be made from the primary and secondary administration interfaces.
C. The configuration mode for guest services can be different for each node in the deployment.
D. Multiportal uploads to the primary node are replicated to the secondary node and installed as part of the standard data replication system.
Correct Answer: AD
QUESTION 40
What are the Cisco ISE posture building blocks?
A. posture check, posture rules, posture requirement, role requirements
B. posture condition, compound posture condition, posture requirements, posture policy
C. network access devices, Policy Service node, Administration node
D. posture condition, posture rules, role requirements
Correct Answer: B
QUESTION 41
Which three of these are viable endpoint posture compliance statuses? (Choose three.)
A. unknown
B. infected
C. clean
D. compliant
E. noncompliant
F. quarantine
Correct Answer: ADE QUESTION 42
Which three conditions can be used for posture checking? (Choose three.)
A. application
B. operating system
C. file
D. certificate
E. service
Correct Answer: ACE
QUESTION 43
Client provisioning resources can be added into the Cisco ISE Administration node from which three of these? (Choose three.)
A. www.cisco.com
B. local disk
C. Posture Agent Profile
D. FTP
E. TFTP
Correct Answer: ABC
QUESTION 44
Which element is not included in the redirect URL?
A. hostname
B. port
C. ACL
D. session ID
E. action
Correct Answer: C
QUESTION 45
Which Cisco ISE component intercepts HTTP and HTTPS requests and redirects them to the Guest User Portal?
A. Policy Service node
B. Administration node
C. Monitoring node
D. network access device
Correct Answer: D
QUESTION 46
Which of these is not a method that is used to obtain Cisco ISE profiling data?
A. NetFlow
B. DNS
C. RADIUS
D. QoS
E. active scans
F. SNMP query
Correct Answer: D QUESTION 47
Which three client provisioning policies can an administrator create to provision different resources? (Choose three.)
A. endpoint operating system
B. user identity group
C. dictionary-based conditions
D. certificates
Correct Answer: ABC
QUESTION 48
Which of these is NOT a Cisco ISE deployment recommendation?
A. Create a secondary Administration node before adding a Policy Service node.
B. Ensure that node groups are L2-adjacent.
C. Profiling requires maintenance of L3 information.
D. Avoid installing Policy Service and Monitoring personas on the same node.
Correct Answer: C
QUESTION 49
Which option represents the default action or actions that ISE 1.x 1.0 takes when the endpoint usage count exceeds licensed endpoint values?
A. block all traffic
B. block all traffic, and generate alarms
C. do not block traffic, and generate an INFO, WARNING, or CRITICAL alarm
D. do not take any action
Correct Answer: C
Flydumps.com helps millions of candidates pass Cisco 500-254 exams and get the certifications.We have tens of thousands of successful stories.Our dumps are reliable,affordable,updated and of really best quality to overcome the difficulties of any IT certifications. Flydumpsrs.com exam dumps are latest updated in highly outclass manner on regular basis and material is released periodically.Latest Cisco 500-254 are available in testing centers with whom we are maintaining our relationship to get latest material.