Free of 500-254 testing engine materials and ebook for Cisco certification for IT candidates, Real Success Guaranteed with Updated 500-254 pdf dumps vce Materials. 100% PASS Implementing and Configuring Cisco Identity Service Engine - SISE exam Today!

2021 Jun 500-254 Study Guide Questions:

Q11. Which of these is not a default behavior of Cisco ISE 1.1, with respect to authentication, when a user connects to a switch port that is configured for 802.1X, MAB, and web authentication? 

A. MAB uses internal endpoints for retrieving identity. 

B. 802.1X uses internal users for retrieving identity. 

C. Central WebAuth relies on MAB for initial port authentication. 

D. Authentication fails if there is no matching policy. 

Answer: D 

Q12. Which Cisco ISE component intercepts HTTP and HTTPS requests and redirects them to the Guest User Portal? 

A. Policy Service node 

B. Administration node 

C. Monitoring node 

D. network access device 

Answer: D 

Q13. Which statement is correct about Change of Authorization? 

A. Change of Authorization is a fundamental component of Cisco TrustSec and Cisco ISE. 

B. Change of Authorization can be triggered dynamically based on a matched condition in a policy, and manually by being invoked by an administrator operation. 

C. It is possible to trigger Change of Authorization manually from the ISE interface. 

D. Authentication is the supported Change of Authorization action type. 

Answer: D

Most recent 500-254 actual test:

Q14. Which two dictionary groups does Cisco ISE provide? (Choose two.) 

A. system-defined 

B. RADIUS vendor 


D. user-defined 


F. Active Directory 

Answer: AD 

Q15. Which two EAP authentication methods require only a server certificate? (Choose two.) 






Answer: CE 

Q16. Which three network information items are required to set up Cisco ISE? (Choose three.) 

A. primary name server 

B. secondary name server 

C. Network Time Protocol server 

D. hostname 

E. IP address and netmask of the Gigabit Ethernet 1 interface 

Answer: BCD

Vivid cisco ise exam 500-254:

Q17. Which three features require accurate time? (Choose three.) 

A. EAP-TLS-based authentication 

B. EAP-MS-CHAPv2-based authentication 

C. accurate posture assessment results 

D. Active Directory integration 

E. consistent profiling data collection 

F. accurate and reliable logging 

Answer: ADF

Q18. What is the process for Cisco ISE to obtain a signed certificate from a CA? 

A. Request a certificate from the CA, and import the CA-signed certificate into ISE. 

B. Generate a CSR; download the certificate from the CA; bind the CA-signed certificate with its private key, and import the CA-signed certificate into ISE. 

C. Generate a CSR; export the CSR to the local file system and send to the CA; download the certificate from the CA, and bind the CA-signed certificate with its private key. 

D. Submit a CSR to the CA; download the certificate from the CA; bind the CA-signed certificate with its private key, and import the CA-signed certificate into ISE. 

Answer: C

Q19. If there is a firewall between Cisco ISE and an Active Directory external identity store, which port does not need to be open? 

A. TCP 88 

B. TCP 445 

C. UDP 53 

D. UDP 123 

E. UDP/TCP 389 

Answer: C 

Q20. Which three client provisioning policies can an administrator create to provision different resources? (Choose three.) 

A. endpoint operating system 

B. user identity group 

C. dictionary-based conditions 

D. certificates 

Answer: ABC