Introduction to 802.1X
Operations for Cisco Security Professionals Exam
Questions, Answers, Braindumps (650-472)
Submitting dumps with some changes. The original is
also available in
QUESTION NO: 1
Which EAP method requires a digital
certificate on the client?
QUESTION NO: 2
Which two choices are valid methods of
authorizing a wired supplicant? (Choose two.)
B. VLAN assignment
QUESTION NO: 3
Which two statements about MACsec
security are true? (Choose two.)
A. MACsec is an IEEE standard
that is defined by 802.3AE.
B. MACsec leverages an 802.1X
EAP framework to negotiate the MACsec Key Agreement.
C. MACsec is an IETF standard
that is defined by RFC 4501.
D. MACsec can negotiate a
MACsec Key Agreement without 802.1X.
E. MACsec is an IETF standard
that is defined by RFC 4505.
F. MACsec is an IEEE standard
that is defined by 802.1AE.
QUESTION NO: 4
Which statement correctly defines a
A. A Cisco ISE node can be
configured as a primary or backup persona.
B. Persona refers to
collections of services running on a Cisco ISE node.
C. A Cisco ISE node can be
configured as a wired or wireless persona.
D. Persona relates to the
collection of 802.1X services configured on a Cisco
E. Persona refers to the
collection of EAP methods available to a supplicant.
F. A Cisco ISE node can be
configured as a standalone or distributed persona.
QUESTION NO: 5
Which two EAP methods are examples of
challenge-response methods? (Choose two.)
QUESTION NO: 6
On a Cisco Catalyst switch, which
default ports will the radius-server host command use
for RADIUS authentication and accounting messages?
A. TCP - Authentication
B. TCP - Authentication
C. TCP - Authentication
D. UDP - Authentication
E. UDP - Authentication
F. UDP - Authentication
QUESTION NO: 7
Which three modules are valid
components of Cisco AnyConnect Secure Mobility Client
for Windows? (Choose three)
A. Network Access Manager
B. VPN Module
C. Network Authentication
D. Telemetry and Profiling
E. Profiling Module
F. Posture Module
G. Profiling Module
QUESTION NO: 8
Which section of the 802.1X standard
cites other 802 standards needed to Wry understand the
scope of 802.1X?
A. Section 3 - Definitions
B. Section 2 - Normative
C. Section 5 - Acronyms and
D. Section 4 - Normative
E. Section 6 - Conformance
QUESTION NO: 9
Which three RADIUS attributes art
required to dynamically assign a VIAN? (Choose three)
A. Attribute 65
B. Attribute 26
C. Attribute 64 (Tunnel-Type)
D. Attribute 8
E. Attribute 5 (NASPort)
F. Attribute 81
QUESTION NO: 10
Consider the example of an end user
plugging an unmanaged third-party switch into a port in
a conference room. If the wiring closet switch port
requires 802.1X authentication (and the authentication
host mode is set to the default), what would be the
result of multiple 802.1X clients attempting to access
the network from the unmanaged switch?
A. After the first supplicant
authenticates, other hosts connected to the unmanaged
switch will be blocked from the network.
B. After 802.1X times out three
times, all hosts on the unmanaged switch will have
access to the network.
C. Up to eight hosts and one IP
phone can be authenticated.
D. After the first supplicant
authenticates, all other hosts connected to the
unmanaged switch have access to the network.
QUESTION NO: 11
Which two Cisco Catalyst switch
command fragments enable WebAuth support on an
interface? (Choose two.)
authentication dotlx webauth
D. 3k-access(config-if)# dotlx
E. 3k-access(config-if)- ip
F. 3k-access(config-if)ff dotlx
authentication order dotlx webauth
QUESTION NO: 12
Which two statements are true with
regard to the inner and outer phases of an EAP method?
A. PEAP can include an optional
phase 0 for PAC provisioning.
B. All EAP methods include an
inner and outer phase.
C. The outer phase is used for
D. The inner phase is used for
E. The outer phase is used for
securing the communication channel.
F. The inner phase is used for
securing the communication channel.
QUESTION NO: 13
Which Cisco ISE persona must run on
A. Inline Posture
E. Distributed Policy
F. Policy Services
QUESTION NO: 14
What must be configured on a Microsoft
Windows 7 host to enable the Microsoft 802.1X supplicant
for wired networks?
A. Wired 802.1X support
requires installation of Windows 7 Service Pack JL
B. The 802.1X supplicant in the
Authentication tab of interface Properties must be
C. The host must acquire its IP
address from DHCP.
D. The Microsoft Wired
AutoConfig service must be started.
E. 802.1X must be enabled in
F. On systems running Intel
82566 Ethernet controllers, Intel driver vl6.1 or higher
is required to enable 802.1X support