• Home
  • Articles
  • Latest 500-490 Pass Guaranteed Exam Dumps with Accurate & Updated Questions [Q11-Q28]

Latest 500-490 Pass Guaranteed Exam Dumps with Accurate & Updated Questions [Q11-Q28]

Share

Latest 500-490 Pass Guaranteed Exam Dumps with Accurate & Updated Questions

500-490 Exam Brain Dumps - Study Notes and Theory

NEW QUESTION # 11
Which two options are primary functions of Cisco ISE? (Choose two.)

  • A. providing VPN access for any type of device
  • B. providing information about every device that touches the network
  • C. enforcing endpoint compliance with network security policies Q allocating resources
  • D. automatically enabling, disabling, or reducing allocated power to certain devices
  • E. enabling WAN deployment over any type of connection

Answer: A,B


NEW QUESTION # 12
Which Cisco vEdge router offers 20 Gb of encrypted throughput?

  • A. Cisco vEdge 2000
  • B. Cisco vEdge 5000
  • C. Cisco vEdge 100
  • D. Cisco vEdge 1000

Answer: B

Explanation:
Explanation
According to the Cisco SD-WAN vEdge Routers Data Sheet1, the Cisco vEdge 5000 router is the only model that offers 20 Gbps of encrypted throughput. The vEdge 5000 router delivers highly secure site-to-site data connectivity to large enterprises, offers interface modularity, and supports up to 4 Network Interface Modules (NIMs)2. The other models of vEdge routers have lower encrypted throughput capacities, as shown in Table 6 of the Ordering Guide for SD-WAN3. The vEdge 1000 router has a maximum encrypted throughput of 1 Gbps, the vEdge 2000 router has a maximum encrypted throughput of 5 Gbps, and the vEdge 100 router has a maximum encrypted throughput of 100 Mbps3.
References:
1: Cisco SD-WAN vEdge Routers Data Sheet 2: vEdge 5000 Router 3: Ordering Guide for SD-WAN


NEW QUESTION # 13
Which are two Cisco ISE that benefits our customers ? (Choose two.)

  • A. helps them stop and contain real time threats
  • B. enables them to set traffic priorities across the network
  • C. helps them accelerate application deployment and delivery
  • D. provides network access controller

Answer: A,D


NEW QUESTION # 14
Which two statements are true regarding SD-WAN demonstrations? (Choose two.)

  • A. During a demo, you should consider the target audience and the desired outcome.
  • B. There is a big difference between demos that use a top down approach and demos that use a bottom up approach.
  • C. During a demo, you should demonstrate and discuss what the team considers important details.
  • D. Use demonstrations primarily for large opportunities and competitive situations.
  • E. As a Cisco SD-WAN SE, you should you should spend your time learning about the technology rather than contributing to demo innovation.

Answer: A,B


NEW QUESTION # 15
Which Cisco product supports SD-Access and specifically built lo address new challenges faced by enterprises?

  • A. Nexus 7700 w/ Sup2E and M3 line cards
  • B. ASR 1000 MX
  • C. CSRv virtual router
  • D. Catalyst 6807-XL W/ Sup6T and C6800 10G line cards
  • E. Catalyst 9500
  • F. ISR 4221

Answer: F


NEW QUESTION # 16
How would Cisco ISE handle authentication for your printer that does not have a supplicant?

  • A. ISE would authenticate the printer using web authentication.
  • B. ISE would authenticate the printer using MAC RADIUS authentication.
  • C. ISE would authenticate the printer using 802.1X authentication.
  • D. ISE would authenticate the printer using MAB.
  • E. ISE would not authenticate the printer as printers are not subject to ISE authentication.

Answer: D

Explanation:
Explanation
Cisco ISE can handle authentication for printers that do not have a supplicant using MAB (MAC Authentication Bypass). MAB is a method of authenticating devices based on their MAC address. MAB is useful for devices that do not support 802.1X or other authentication protocols, such as printers, cameras, or IoT devices. MAB works as follows:
The device sends an Ethernet frame with its MAC address as the source address.
The switch sends a RADIUS Access-Request message to ISE with the MAC address as the username and password.
ISE checks the MAC address against a database of known devices or an identity source sequence.
If the MAC address is found and authorized, ISE sends a RADIUS Access-Accept message to the switch with the appropriate authorization profile.
The switch applies the authorization profile to the device and grants it access to the network.
MAB is less secure than 802.1X, as MAC addresses can be spoofed or cloned. Therefore, MAB should be used with caution and combined with other security measures, such as profiling, posture, or endpoint protection. MAB should also be restricted to specific ports or VLANs that are isolated from the rest of the network.
References:
Cisco Identity Services Engine Administrator Guide, Release 2.7 - Configure MAC Authentication Bypass [Cisco Identity Services Engine] Cisco Identity Services Engine Administrator Guide, Release 2.7 - Manage Authentication Policies
[Cisco Identity Services Engine]
Cisco Identity Services Engine Administrator Guide, Release 2.7 - Manage Authorization Policies
[Cisco Identity Services Engine]
Cisco Identity Services Engine Administrator Guide, Release 2.7 - Manage Identity Source Sequences
[Cisco Identity Services Engine]
Cisco Identity Services Engine API Reference Guide, Release 2.7 - Authentication [Cisco Identity Services Engine] Designing Cisco Enterprise Networks (ENDESIGN) Exam Topics [Cisco] Cisco Validated Design Guides [Cisco]


NEW QUESTION # 17
Which component of the SD Access fabric is responsible for communicating with networks that are external to the fabric?

  • A. control plane nodes
  • B. intermediate nodes
  • C. border-nodes
  • D. edge nodes

Answer: D

Explanation:
Explanation
https://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/Campus/CVD-Software-Defined-Access-Design-G


NEW QUESTION # 18
Which option will help build your customers platform during the discovery phase?

  • A. business case
  • B. high-level design
  • C. POV report
  • D. detailed design
  • E. PO

Answer: A


NEW QUESTION # 19
Which feature is supported on the Cisco vEdge platform?

  • A. single sign-on
  • B. 2-factor authentication
  • C. IPv6 transport (WAN)
  • D. license enforcement
  • E. reporting
  • F. non-Ethernet interfaces

Answer: C

Explanation:
Explanation
The Cisco vEdge platform supports IPv6 transport (WAN) as one of its features. This means that the vEdge routers can use IPv6 addresses to establish secure control and data plane connections with other vEdge routers over the WAN network. The vEdge routers can also use IPv6 addresses to communicate with the vSmart controllers and the vManage network management system. The vEdge routers can also support IPv6 routing protocols, such as OSPFv3 and BGP, to exchange IPv6 routes with other routers in the network12.
The other features listed in the question are not supported on the Cisco vEdge platform. License enforcement is not applicable to the vEdge routers, as they do not require any license to operate. Reporting is a function of the vManage network management system, which collects and displays various statistics and analytics from the vEdge routers. Non-Ethernet interfaces, such as serial, T1/E1, or DSL, are not available on the vEdge routers, which only support Ethernet and cellular interfaces. Single sign-on and 2-factor authentication are not supported on the vEdge routers, which use local or remote authentication methods, such as TACACS+, RADIUS, or LDAP3.
References:
1: Cisco SD-WAN vEdge Routers Data Sheet 2: Cisco SD-WAN Configuration Guide, Release 20.3 3: Cisco SD-WAN Command Reference, Release 20.3


NEW QUESTION # 20
Which Cisco product supports SD-Access and specifically built lo address new challenges faced by enterprises?

  • A. Nexus 7700 w/ Sup2E and M3 line cards
  • B. ASR 1000 MX
  • C. CSRv virtual router
  • D. Catalyst 6807-XL W/ Sup6T and C6800 10G line cards
  • E. Catalyst 9500
  • F. ISR 4221

Answer: D


NEW QUESTION # 21
Which two statements regarding Cisco SD-WAN vEdge routers can mitigate DoS attacks against the infrastructure? (Choose two.)

  • A. By default, all incoming traffic is denied at the transport (WAN) side interfaces.
  • B. Open Certificate Authority and automated enrollment feature.
  • C. In case of direct Internet access, the only traffic allowed back is the traffic matching the state table entries on the vEdge router.
  • D. Only authorized controllers are allowed to communicate back to the vEdg e router after the vEdge router establishes connection with the controllers.
  • E. The vEdge routers run on hardened Linux operating systems.

Answer: A,D

Explanation:
Explanation
Cisco SD-WAN vEdge routers can mitigate DoS attacks against the infrastructure by using two mechanisms:
Only authorized controllers are allowed to communicate back to the vEdge router after the vEdge router establishes connection with the controllers. This means that the vEdge router initiates a secure connection to the vSmart controller and the vBond orchestrator using DTLS or TLS, and verifies their identity using certificates. The vEdge router does not accept any incoming connections from the controllers, and only responds to the messages that match the established sessions. This prevents unauthorized or malicious traffic from reaching the vEdge router and consuming its resources12.
By default, all incoming traffic is denied at the transport (WAN) side interfaces. This means that the vEdge router applies an implicit deny-all policy to any traffic that arrives from the WAN side, unless it is explicitly allowed by a security policy. The security policy can be configured to permit only the traffic that matches certain criteria, such as source, destination, protocol, port, or application. This reduces the attack surface of the vEdge router and protects it from unwanted or harmful traffic34.
References:
Cisco SD-WAN Security Features
Cisco SD-WAN Design Guide
Cisco SD-WAN Security Policy Configuration Guide
Cisco SD-WAN vEdge Routers Denial of Service Vulnerability


NEW QUESTION # 22
Which three options focus of the current digital business era'? (Choose three.)

  • A. virtualized services
  • B. automation
  • C. centralized enterprise and web applications
  • D. Human scale
  • E. connectivity
  • F. loT scale

Answer: A,B,E


NEW QUESTION # 23
Which is a function of lite Proactive Insights feature of Cisco DNA Center Assurance'?

  • A. generating synthetic traffic to perform tests that raise awareness of potential network issues
  • B. enabling you to quickly view all of the contextual information related to the end application
  • C. enabling you to see the complete path of packets from the client to the end application
  • D. pointing out where the most serious issues are happening in the network

Answer: A


NEW QUESTION # 24
What are three ways in Which Cisco ISE learns information about devices? (Choose three,)

  • A. traffic generated by the device
  • B. user authentication to the ISE
  • C. network servers the device has accessed
  • D. RADIUS attributes
  • E. SMIP agents
  • F. RPC mechanism via HTTPS

Answer: A,B,C


NEW QUESTION # 25
What should you do if you are looking at a strategic win with a customer and the customer wants to examine Cisco ISE for longer than a few weeks?

  • A. Set them up with an account on a Cisco UCS server that hosts ISE.
  • B. Set them up with a dCloud account.
  • C. Point them to our dCloud demo library.
  • D. Provide them with a downloadable POV kit.
  • E. Give them some of our flash files that can be played on any browser.
  • F. Give them our ISE YouTube videos.

Answer: D


NEW QUESTION # 26
What should you do if you are looking at a strategic win with a customer and the customer wants to examine Cisco ISE for longer than a few weeks?

  • A. Set them up with an account on a Cisco UCS server that hosts ISE.
  • B. Set them up with a dCloud account.
  • C. Point them to our dCloud demo library.
  • D. Provide them with a downloadable POV kit.
  • E. Give them some of our flash files that can be played on any browser.
  • F. Give them our ISE YouTube videos.

Answer: D

Explanation:
Explanation
If you are looking at a strategic win with a customer and the customer wants to examine Cisco ISE for longer than a few weeks, you should provide them with a downloadable POV kit. A POV kit is a proof of value kit that contains a pre-configured virtual machine of Cisco ISE with licenses, sample data, and documentation. A POV kit allows the customer to quickly and easily deploy and test Cisco ISE in their own environment, without requiring any hardware or installation. A POV kit can help the customer to evaluate the features and benefits of Cisco ISE, such as identity-based access control, device profiling, posture assessment, guest management, and threat mitigation12.
The other options are not suitable for a customer who wants to examine Cisco ISE for longer than a few weeks. Pointing them to our dCloud demo library, giving them our ISE YouTube videos, or giving them some of our flash files that can be played on any browser are good ways to introduce Cisco ISE to the customer, but they do not provide a hands-on experience or a realistic scenario of how Cisco ISE works in their network.
Setting them up with a dCloud account or an account on a Cisco UCS server that hosts ISE are also possible ways to provide a demo or a trial of Cisco ISE, but they may have limitations on the duration, availability, scalability, or customization of the environment. A POV kit gives the customer more flexibility and control over their evaluation of Cisco ISE.
References :=
Solved: ISE PoV licenses - Cisco Community
Cisco Endpoint Security Analytics (CESA) Built on Splunk Quickstart POV Kit & Deployment Guide - Cisco Community


NEW QUESTION # 27
Which two options are primary functions of Cisco ISE? (Choose two.)

  • A. providing information about every device that touches the network
  • B. allocating resources
  • C. providing VPN access for any type of device
  • D. automatically enabling, disabling, or reducing allocated power to certain devices
  • E. enforcing endpoint compliance with network security policies
  • F. enabling WAN deployment over any type of connection

Answer: A,E

Explanation:
Explanation
Cisco ISE is a security policy management platform that provides secure access to network resources. Cisco ISE functions as a policy decision point and enables enterprises to ensure compliance, enhance infrastructure security, and streamline service operations1. Two of the primary functions of Cisco ISE are:
Enforcing endpoint compliance with network security policies: Cisco ISE can assess the posture of all endpoints that access the network, including 802.1X environments, and enforce the appropriate policies based on the device type, identity, location, and other attributes. Cisco ISE can also provide comprehensive client provisioning measures to ensure that the endpoints are compliant with the network security policies before granting them access. Cisco ISE can also quarantine or remediate non-compliant endpoints to prevent potential threats or vulnerabilities12.
Providing information about every device that touches the network: Cisco ISE can gather real-time contextual information from networks, users, and devices, and use that information to make governance decisions and apply policies. Cisco ISE can also discover, profile, and monitor the endpoint devices on the network, and classify them according to their associated policies and identity groups. Cisco ISE can also leverage the pxGrid framework to share the contextual information with other security tools and platforms, and enhance the network visibility and security13.
The other options are not primary functions of Cisco ISE, because:
Allocating resources: Cisco ISE does not allocate resources to the endpoints or the network devices. Cisco ISE can assign services or access levels based on the policies, but not resources such as bandwidth, memory, or CPU1.
Enabling WAN deployment over any type of connection: Cisco ISE does not enable WAN deployment over any type of connection. Cisco ISE can support VPN access for remote endpoints, but not WAN deployment for the network infrastructure1.
Automatically enabling, disabling, or reducing allocated power to certain devices: Cisco ISE does not automatically enable, disable, or reduce allocated power to certain devices. Cisco ISE can control the access and authorization of the devices, but not their power consumption or management1.
Providing VPN access for any type of device: Cisco ISE does not provide VPN access for any type of device. Cisco ISE can authenticate and authorize the VPN access for the endpoints, but not provide the VPN service or connection itself. Cisco ISE relies on other network devices, such as VPN gateways or routers, to provide the VPN access1.
References:
1: Cisco Content Hub - Cisco ISE Features 2: Cisco ISE Posture Service Overview 3: [Cisco ISE Profiler Service Overview]


NEW QUESTION # 28
......

Pass Cisco 500-490 Test Practice Test Questions Exam Dumps: https://www.validtorrent.com/500-490-valid-exam-torrent.html

The Best Field Engineer Study Guide for the 500-490 Exam: https://drive.google.com/open?id=1zuzmnlSvauzemrBWEibS51N3-eHUnQ7q

Related Articles

more
Cisco 500-490 Certification Practice Exam

Copyright © 2026 ValidTorrent NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy