Valid 500-490 Exam Dumps Ensure you a HIGH SCORE (2024) [Q20-Q44]

Share

Valid 500-490 Exam Dumps Ensure you a HIGH SCORE (2024)

Pass 500-490 Exam with Latest Questions

NEW QUESTION # 20
Which option will help build your customers platform during the discovery phase?

  • A. POV report
  • B. PO
  • C. detailed design
  • D. high-level design
  • E. business case

Answer: E


NEW QUESTION # 21
Which are the three focus areas for reinventing the WAN? (Choose three.)

  • A. Secure Elastic Connectivity
  • B. Cloud Fast
  • C. Operations
  • D. Centralized device authentication
  • E. Application Quality of Experience
  • F. Execution

Answer: A,B,E


NEW QUESTION # 22
Which are two advantages of a "one switch at a tune' approach to integrating SD-Access into an existing brownfield environment? (Choose two.)

  • A. allows simplified testing prior to cutover
  • B. deal for protecting recent investments while upgrading legacy hardware
  • C. involves the least risk of all approaches
  • D. opens up many new design and deployment opportunities
  • E. allows simplified roll back
  • F. appropriate for campus and remote site environments

Answer: A,D


NEW QUESTION # 23
Which two statements regarding Cisco SD-WAN vEdge routers can mitigate DoS attacks against the infrastructure? (Choose two.)

  • A. Open Certificate Authority and automated enrollment feature.
  • B. The vEdge routers run on hardened Linux operating systems.
  • C. By default, all incoming traffic is denied at the transport (WAN) side interfaces.
  • D. Only authorized controllers are allowed to communicate back to the vEdg e router after the vEdge router establishes connection with the controllers.
  • E. In case of direct Internet access, the only traffic allowed back is the traffic matching the state table entries on the vEdge router.

Answer: C,D

Explanation:
Explanation
Cisco SD-WAN vEdge routers can mitigate DoS attacks against the infrastructure by using two mechanisms:
Only authorized controllers are allowed to communicate back to the vEdge router after the vEdge router establishes connection with the controllers. This means that the vEdge router initiates a secure connection to the vSmart controller and the vBond orchestrator using DTLS or TLS, and verifies their identity using certificates. The vEdge router does not accept any incoming connections from the controllers, and only responds to the messages that match the established sessions. This prevents unauthorized or malicious traffic from reaching the vEdge router and consuming its resources12.
By default, all incoming traffic is denied at the transport (WAN) side interfaces. This means that the vEdge router applies an implicit deny-all policy to any traffic that arrives from the WAN side, unless it is explicitly allowed by a security policy. The security policy can be configured to permit only the traffic that matches certain criteria, such as source, destination, protocol, port, or application. This reduces the attack surface of the vEdge router and protects it from unwanted or harmful traffic34.
References:
Cisco SD-WAN Security Features
Cisco SD-WAN Design Guide
Cisco SD-WAN Security Policy Configuration Guide
Cisco SD-WAN vEdge Routers Denial of Service Vulnerability


NEW QUESTION # 24
What should you do if you are looking at a strategic win with a customer and the customer wants to examine Cisco ISE for longer than a few weeks?

  • A. Provide them with a downloadable POV lit.
  • B. Set them up with a dCloud account.
  • C. Give them some of our flash files that can be played on any browser.
  • D. Point them to our dCloud demo library.
  • E. Give them our ISE YouTube videos.
  • F. Set them up with an account on a Cisco UCS server that hosts ISE.

Answer: B


NEW QUESTION # 25
Which protocol runs between the vSmart controllers and between the vSmart controllers and the vEdge routers, and unifies all control plane functions under a single protocol umbrella?

  • A. OMP
  • B. BGP
  • C. IKE
  • D. OSPF
  • E. VRRP

Answer: A


NEW QUESTION # 26
Which two options help you sell Cisco ISE? (Choose two.)

  • A. Referring to Trust Sec as being only supported on Cisco networks
  • B. Discussing (he importance of custom profiling
  • C. Show casing the entire ISE feature set
  • D. Downplaying the value of px Grid as compared to REST ful APIs
  • E. Explaining ISE support for 3rd party network devices

Answer: C,E


NEW QUESTION # 27
Which are two Cisco ISE that benefits our customers ? (Choose two.)

  • A. helps them accelerate application deployment and delivery
  • B. helps them stop and contain real time threats
  • C. enables them to set traffic priorities across the network
  • D. provides network access controller

Answer: B,D


NEW QUESTION # 28
Which is a function of the Proactive Insights feature of Cisco DNA Center Assurance?

  • A. pointing out where the most serious issues are happening in the network
  • B. enabling you to see the complete path of packets from the client to the end application
  • C. generating synthetic traffic to perform tests that raise awareness of potential network issues
  • D. enabling you to quickly view all of the contextual information related to a single user

Answer: C

Explanation:
Explanation
The Proactive Insights feature of Cisco DNA Center Assurance is a function that generates synthetic traffic to perform tests that raise awareness of potential network issues. This feature uses the Cisco DNA Center platform to create and schedule tests that simulate real user traffic and measure the network performance and user experience. The tests can be run on demand or periodically, and the results are displayed in the Cisco DNA Center dashboard. The Proactive Insights feature helps network administrators to proactively identify and troubleshoot network issues before they affect the end users12. References:
Cisco DNA Center Assurance User Guide, Release 2.1.2
Understanding Cisco DNA Center Assurance!


NEW QUESTION # 29
Which three key differentiators that DNA Assurance provides that our competitors are unable match?
(Choose three)

  • A. On-premise and cloud-base analytics
  • B. VXLAN support
  • C. Support for Overlay Virtual Transport
  • D. Proactive approach to guided remediation
  • E. Apply Insights
  • F. Network time travel

Answer: A,C,E


NEW QUESTION # 30
Which Cisco product were incorporated into Cisco ISE between ISE releases 2.0 and 2.3?

  • A. Cisco ACS
  • B. Cisco WSA
  • C. Cisco ASA
  • D. Cisco ESA

Answer: C


NEW QUESTION # 31
Which three key differentiators that DNA Assurance provides that our competitors are unable match? (Choose three)

  • A. On-premise and cloud-base analytics
  • B. Network time travel
  • C. Proactive approach to guided remediation
  • D. VXLAN support
  • E. Apply Insights
  • F. Support for Overlay Virtual Transport

Answer: A,B,C


NEW QUESTION # 32
What are three ways in which Cisco ISE learns information about devices? (Choose three.)

  • A. user authentication to the ISE
  • B. network servers the device has accessed
  • C. RADIUS attributes
  • D. traffic generated by the device
  • E. RPC mechanism via HTTPS
  • F. SMTP agents

Answer: C,D,E


NEW QUESTION # 33
Which Cisco product supports SD-Access and specifically built lo address new challenges faced by enterprises?

  • A. Catalyst 9500
  • B. Catalyst 6807-XL W/ Sup6T and C6800 10G line cards
  • C. ASR 1000 MX
  • D. CSRv virtual router
  • E. Nexus 7700 w/ Sup2E and M3 line cards
  • F. ISR 4221

Answer: F


NEW QUESTION # 34
Which three key differentiators that DNA Assurance provides that our competitors are unable match? (Choose three.)

  • A. Network time travel
  • B. Proactive approach to guided remediation
  • C. VXLAN support
  • D. Apple Insights
  • E. On-premise and cloud-based analytics
  • F. Support for Overlay Virtual Transport

Answer: A,B,D

Explanation:
Explanation
Cisco DNA Assurance provides three key differentiators that our competitors are unable to match:
Proactive approach to guided remediation: Cisco DNA Assurance uses AI and machine learning to analyze network data and provide insights on network performance, issues, and optimization. It also offers guided remediation options that automate the process of issue resolution and performance enhancement. This reduces manual troubleshooting operations and saves time and resources for network administrators12.
Apple Insights: Cisco DNA Assurance integrates with Apple devices and applications to provide enhanced visibility and analytics on the user experience and network performance. It also leverages the Fast Lane feature to prioritize critical iOS and macOS traffic over the wireless network. This improves the quality of service and collaboration for Apple users and applications13.
Network time travel: Cisco DNA Assurance allows network administrators to go back in time and view the network state and health at any given point. This enables them to identify the root cause of issues, compare network performance over time, and troubleshoot historical problems. This feature is unique to Cisco DNA Assurance and provides a powerful tool for network analysis and optimization1 .
References:
1: Cisco DNA Assurance: AI/ML guided IT operations (AIOps) At-a-Glance 2: Leveraging Cisco Intent-Based Networking DNA Assurance (DNAAS) 3: Cisco DNA Assurance Unlocking the Power of Data, page 39 : Cisco DNA Assurance Unlocking the Power of Data, page 74


NEW QUESTION # 35
Which are two Cisco recommendations that demonstrates SDA? (Choose two.)

  • A. Use the CLI to perform as much of the configuration as possible.
  • B. Show the customer how to integrate ISE into DNA Center at the end of the demo.
  • C. Be sure you explain the major technologies such as VXLAN and LISP in depth.
  • D. Keep the demo at a high level.
  • E. Focus on business benefit s.

Answer: B,D


NEW QUESTION # 36
How would Cisco ISE handle authentication for your printer that does not have a supplicant?

  • A. ISE would authenticate the printer using web authentication.
  • B. ISE would authenticate the printer using MAC RADIUS authentication.
  • C. ISE would authenticate the printer using 802.1X authentication.
  • D. ISE would authenticate the printer using MAB.
  • E. ISE would not authenticate the printer as printers are not subject to ISE authentication.

Answer: D

Explanation:
Explanation
Cisco ISE can handle authentication for printers that do not have a supplicant using MAB (MAC Authentication Bypass). MAB is a method of authenticating devices based on their MAC address. MAB is useful for devices that do not support 802.1X or other authentication protocols, such as printers, cameras, or IoT devices. MAB works as follows:
The device sends an Ethernet frame with its MAC address as the source address.
The switch sends a RADIUS Access-Request message to ISE with the MAC address as the username and password.
ISE checks the MAC address against a database of known devices or an identity source sequence.
If the MAC address is found and authorized, ISE sends a RADIUS Access-Accept message to the switch with the appropriate authorization profile.
The switch applies the authorization profile to the device and grants it access to the network.
MAB is less secure than 802.1X, as MAC addresses can be spoofed or cloned. Therefore, MAB should be used with caution and combined with other security measures, such as profiling, posture, or endpoint protection. MAB should also be restricted to specific ports or VLANs that are isolated from the rest of the network.
References:
Cisco Identity Services Engine Administrator Guide, Release 2.7 - Configure MAC Authentication Bypass [Cisco Identity Services Engine] Cisco Identity Services Engine Administrator Guide, Release 2.7 - Manage Authentication Policies
[Cisco Identity Services Engine]
Cisco Identity Services Engine Administrator Guide, Release 2.7 - Manage Authorization Policies
[Cisco Identity Services Engine]
Cisco Identity Services Engine Administrator Guide, Release 2.7 - Manage Identity Source Sequences
[Cisco Identity Services Engine]
Cisco Identity Services Engine API Reference Guide, Release 2.7 - Authentication [Cisco Identity Services Engine] Designing Cisco Enterprise Networks (ENDESIGN) Exam Topics [Cisco] Cisco Validated Design Guides [Cisco]


NEW QUESTION # 37
Which two activities should occur during an SE's demo process? (Choose two.)

  • A. asking the customer to provide network drawings or white board the environment for you
  • B. highlighting opportunities that although not currently within scope would result in lower operational costs and complexity
  • C. identifying which capabilities require demonstration
  • D. leveraging a company such as Complete Communications to build a financial case
  • E. determining whether the customer would like to dive deeper during a follow -up

Answer: C,E

Explanation:
Explanation
According to the Cisco Design Zone website1, an SE's demo process should include the following activities:
Identifying which capabilities require demonstration: The SE should understand the customer's business objectives, pain points, and technical requirements, and map them to the relevant Cisco solutions and capabilities. The SE should also prioritize the most important and impactful features and benefits that address the customer's needs and challenges, and plan the demo accordingly. The SE should avoid showing irrelevant or unnecessary features that may confuse or distract the customer12.
Determining whether the customer would like to dive deeper during a follow-up: The SE should use the demo as an opportunity to engage the customer in a dialogue, solicit feedback, and gauge the customer's interest and satisfaction. The SE should also identify any gaps or questions that the customer may have, and offer to provide more information or a deeper dive during a follow-up session. The SE should also ask for the customer's permission to schedule a follow-up meeting or call, and confirm the next steps and actions13.
The other activities are not recommended or necessary during an SE's demo process, because:
Highlighting opportunities that although not currently within scope would result in lower operational costs and complexity: The SE should focus on the customer's current scope and needs, and not try to upsell or cross-sell other solutions or services that are not relevant or requested by the customer. The SE should also respect the customer's budget and timeline, and not introduce additional costs or complexity that may jeopardize the deal or the relationship1 .
Asking the customer to provide network drawings or white board the environment for you: The SE should prepare for the demo by doing the necessary research and discovery before the meeting, and not rely on the customer to provide the information or draw the network for them. The SE should also demonstrate their expertise and credibility by showing their knowledge of the customer's environment and challenges, and not ask the customer to do their work for them1 .
Leveraging a company such as Complete Communications to build a financial case: The SE should not outsource or delegate the financial analysis or justification of the solution to a third-party company, as this may undermine the SE's role and value, and create a dependency or risk for the deal. The SE should also use the Cisco tools and resources available to them, such as the Business Value Calculator, to build a financial case and show the return on investment and total cost of ownership of the solution1 .
References:
1: Cisco Design Zone 2: [Cisco Demo Best Practices], page 3 3: [Cisco Demo Best Practices], page 6 : [Cisco Demo Best Practices], page 4 : [Cisco Demo Best Practices], page 2 : [Cisco Demo Best Practices], page 5


NEW QUESTION # 38
Which Cisco product supports SD-Access and specifically built to address new challenges faced by enterprises?

  • A. Catalyst 9500
  • B. ISR 4221
  • C. CSRv virtual router
  • D. Catalyst 6807-XL w/ Sup6T and C6800 10G line cards
  • E. Nexus 7700 w/ Sup2E and M3 line cards
  • F. ASR 1000-HX

Answer: A

Explanation:
Explanation
The Cisco Catalyst 9500 Series Switches are specifically built to address the new challenges faced by enterprises, such as the need for increased bandwidth, security, and scalability. The Catalyst 9500 Series Switches are also designed to support Cisco SD-Access, which is a software-defined access fabric that simplifies network management and improves network security.
References: =
Designing Cisco Enterprise Networks
(ENDESIGN): https://www.cisco.com/c/en/us/training-events/training-certifications/training/training-serv Cisco Catalyst 9500 Series Switches: https://www.cisco.com/site/us/en/products/networking/switches/catalyst-9500-series-switches/in


NEW QUESTION # 39
Which two statements are true regarding Cisco ISE? (Choose two.)

  • A. ISE plays a critical role in SD-Access.
  • B. ISE can provide data about when a specific device connected to the network.
  • C. An ISE deployment requires only a Cisco ISE network access control appliance.
  • D. Without integration with any other product, ISE can track the actual physical location of a wireless endpoint as it moves.
  • E. The major business outcomes of ISE are enhanced user experience and secure VLAN segmentation.

Answer: A,B

Explanation:
Explanation
Cisco ISE is a policy decision point that enables enterprises to ensure compliance, enhance infrastructure security, and streamline service operations. Some features and benefits of Cisco ISE include1:
Zero trust across the network: ISE allows only trusted users and devices access to resources on your network. It also uses intel to automatically identify, classify and profile devices.
Policy and lifecycle management: ISE simplifies the delivery of consistent, highly secure access control across wired, wireless, and VPN connections. It also allows users to add and manage their own devices through self-service portals.
Remote management and deployment: ISE supports cloud-based deployment and management, as well as integration with other Cisco products and third-party solutions.
Site survivability: ISE provides local authentication and authorization services for remote sites, even when the connection to the central ISE server is lost.
Visibility of all devices and their users: ISE can provide data about when a specific device connected to the network, what type of device it is, who is using it, what applications are running on it, and where it is located.
Among these features, two statements are true regarding Cisco ISE:
ISE plays a critical role in SD-Access: SD-Access is a network architecture that uses software-defined networking (SDN) principles to create a secure, scalable, and consistent network fabric. ISE is the policy engine that defines and enforces the network segmentation and access policies for SD-Access2.
ISE can provide data about when a specific device connected to the network: ISE uses a number of probes to collect attributes for all endpoints on the network, and pass them to the Profiler analyzer, where the known endpoints are classified according to their associated policies and identity groups. ISE can also provide historical data about the endpoint connections, such as the time, duration, location, and user of the connection3.
The other three statements are false regarding Cisco ISE:
The major business outcomes of ISE are enhanced user experience and secure VLAN segmentation: ISE provides more than just user experience and VLAN segmentation. It also delivers business outcomes such as improved network performance, reduced operational costs, increased security, and simplified compliance4.
An ISE deployment requires only a Cisco ISE network access control appliance: ISE can be deployed on different platforms, such as physical appliances, virtual machines, or cloud services. An ISE deployment also requires other components, such as network devices, endpoints, and external identity sources5.
Without integration with any other product, ISE can track the actual physical location of a wireless endpoint as it moves: ISE can provide the location information of an endpoint based on the network device that it is connected to, such as the switch port or the wireless access point. However, to track the actual physical location of a wireless endpoint as it moves, ISE needs to integrate with other products, such as Cisco DNA Center, Cisco Connected Mobile Experiences (CMX), or Cisco Wireless LAN Controller (WLC)6.
References:
Cisco Content Hub - Cisco ISE Features1 : Cisco SD-Access Solution Design Guide (CVD) - Cisco2 : Cisco ISE Network Discovery3 : Cisco Identity Services Engine (ISE) - Cisco4 : Cisco Identity Services Engine Hardware Installation Guide, Release 2.7 - Cisco ISE Deployment [Cisco Identity Services Engine] - Cisco5 :
Cisco Identity Services Engine Administrator Guide, Release 2.7 - Configure Location Mapping [Cisco Identity Services Engine] - Cisco6


NEW QUESTION # 40
Which two options are primary functions of Cisco ISE? (Choose two.)

  • A. automatically enabling, disabling, or reducing allocated power to certain devices
  • B. allocating resources
  • C. providing VPN access for any type of device
  • D. enabling WAN deployment over any type of connection
  • E. enforcing endpoint compliance with network security policies
  • F. providing information about every device that touches the network

Answer: E,F

Explanation:
Explanation/Reference:


NEW QUESTION # 41
Which three key differentiators that DNA Assurance provides that our competitors are unable match?
(Choose three.)

  • A. On-premise and cloud-base analytics
  • B. Network time travel
  • C. Proactive approach to guided remediation
  • D. VXLAN support
  • E. Support for Overlay Virtual Transport
  • F. Apple Insights

Answer: A,B,C


NEW QUESTION # 42
What should you do if you are looking at a strategic win with a customer and the customer wants to examine Cisco ISE for longer than a few weeks?

  • A. Provide them to our d Cloud demo library
  • B. Provide them with a downloadable POV kit
  • C. Give then, some of our flash files mat can be played on any browser
  • D. Set them up with a d Cloud account
  • E. Give them our ISE YouTube videos
  • F. Set them up with an account on a Cisco UCS server that hosts ISE

Answer: F


NEW QUESTION # 43
Which two statements are true regarding Cisco ISE? (Choose two.)

  • A. ISE can detected endpoints whose addresses have been translated via NAT.
  • B. ISE supports up to 100 Policy Services Nodes.
  • C. The number of logs that ISE can retain is determined by your disk space.
  • D. It distributed deployments, failover from primary to secondary Policy Administration Nodes happens automatically.
  • E. In two-nodes standalone ISE deployments, failover must be done manually.
  • F. ISE supports IPv6 downloadable ACLs.

Answer: C,D


NEW QUESTION # 44
......

500-490 Exam Practice Questions prepared by Cisco Professionals: https://www.exam4tests.com/500-490-valid-braindumps.html

Use Valid New 500-490 Questions - Top choice Help You Gain Success: https://drive.google.com/open?id=1at22U_FXNav5n-TrOlVZOW766DnxGz8M