Implementing and Configuring Cisco Identity Services
Questions, Answers, Braindumps (500-254)
Hi to all, Thanks to
www.examcheets.com for helping me in such a
manner. I purchased their study material and got
through the exam.
QUESTION NO: 1
Which two elements must you configure on a Cisco Wireless
LAN Controller to allow Cisco ISE to authenticate wireless
users? (Choose two.)
A. Configure Cisco ISE as a RADIUS authentication
server and enter a shared secret.
B. Configure Cisco ISE as a RADIUS accounting
server and enter a shared secret.
C. Configure all attached LWAPs to use the
configured Cisco ISE node.
D. Configure RADIUS attributes for each SSID.
E. Configure each WLAN to use the configured Cisco
F. Configure the Cisco Wireless LAN Controller to
join a Microsoft Active Directory domain.
QUESTION NO: 2
Which three Cisco TrustSec enforcement modes are used to
help protect network operations when securing the network?
A. logging mode
B. monitor mode
C. semi-passive mode
D. low-impact mode
E. closed mode
QUESTION NO: 3
Which statement is correct about Change of Authorization?
A. Change of Authorization is a fundamental
component of Cisco TrustSec and Cisco ISE.
B. Change of Authorization can be triggered
dynamically based on a matched condition in a policy, and
manually by being invoked by an administrator operation.
C. It is possible to trigger Change of
Authorization manually from the ISE interface.
D. Authentication is the supported Change of
Authorization action type.
QUESTION NO: 4
The default Cisco ISE node configuration has which role or
roles enabled by default?
A. Administration only
B. Inline Posture only
C. Administration and Policy Service
D. Policy Service, Monitoring, and Administration
QUESTION NO: 5
Inline Posture nodes support which enforcement mechanisms?
A. VLAN assignment
B. downloadable ACLs
C. security group access
D. dynamic ACLs
QUESTION NO: 6
What is the process for Cisco ISE to obtain a signed
certificate from a CA?
A. Request a certificate from the CA, and import
the CA-signed certificate into ISE.
B. Generate a CSR; download the certificate from
the CA; bind the CA-signed certificate with its private
key, and import the CA-signed certificate into ISE.
C. Generate a CSR; export the CSR to the local file
system and send to the CA; download the certificate from
the CA, and bind the CA-signed certificate with its
D. Submit a CSR to the CA; download the certificate
from the CA; bind the CA-signed certificate with its
private key, and import the CA-signed certificate into ISE.
QUESTION NO: 7
What is the Cisco ISE default admin login name and
D. admin/no default password—the admin password is
configured at setup
QUESTION NO: 8
What are two methods to verify that Cisco ISE is properly
connected to AD? (Choose two.)
A. Use the Test Connection feature in the Cisco ISE
External Identity Sources Active Directory.
B. View the Active Directory Log /opt/CSCOcmp/logs/ad_agent.log.
C. Use the ISE Dashboard Summary alarms.
D. Use ktpass to determine if the Kerberos ticket
QUESTION NO: 9
Where is the license installed within Cisco ISE
A. A license is installed on the Policy Service
node within ISE deployment.
B. A license is installed on the primary or
secondary Administration node within ISE deployment.
C. A license is installed only on the primary
Administration node within ISE deployment.
D. A license is preinstalled for ISE deployment.
QUESTION NO: 10
Which of these is NOT a high-availability option that is
available for Cisco ISE deployments?
A. In the event of failure of the Primary
Administration node, the standby instance automatically
B. In the event of failure of the Primary
Monitoring node, the standby instance automatically
C. Clustering of Policy Service nodes to provide
D. Stateless failover of Inline Posture nodes
QUESTION NO: 11
What are the three default Cisco ISE identity user groups?
C. activated guest