• Home
  • Articles
  • Get 500-490 Actual Free Exam Q&As to Prepare for Your Cisco Certification [Q16-Q39]

Get 500-490 Actual Free Exam Q&As to Prepare for Your Cisco Certification [Q16-Q39]

Share

Get 500-490 Actual Free Exam Q&As to Prepare for Your Cisco Certification

Cisco Actual Free Exam Questions And Answers


Cisco 500-490 certification exam, also known as Designing Cisco Enterprise Networks, is a sought-after credential for IT professionals seeking to validate their skills in designing and deploying enterprise networks. Designing Cisco Enterprise Networks certification exam is part of the Cisco Certified Specialist - Enterprise Design certification track, which focuses on designing and deploying enterprise networks using Cisco technologies.

 

NEW QUESTION # 16
Which are two Cisco recommendations that demonstrates SDA? (Choose two.)

  • A. Keep the demo at a high level
  • B. Show lite customer how to integrate ISL into DMA Center at the end of the demo
  • C. Use the CLI to perform as much of the configuration as possible
  • D. Focus on business benefits
  • E. Be sure you explain the major technologies such as VXLAN and LISP in depth

Answer: C,E


NEW QUESTION # 17
Which feature is supported on the Cisco vEdge platform?

  • A. non-Ethernet interfaces
  • B. IPv6 transport (WAN)
  • C. license enforcement
  • D. 2-factor authentication
  • E. reporting
  • F. single sign-on

Answer: B

Explanation:
Explanation
The Cisco vEdge platform supports IPv6 transport (WAN) as one of its features. This means that the vEdge routers can use IPv6 addresses to establish secure control and data plane connections with other vEdge routers over the WAN network. The vEdge routers can also use IPv6 addresses to communicate with the vSmart controllers and the vManage network management system. The vEdge routers can also support IPv6 routing protocols, such as OSPFv3 and BGP, to exchange IPv6 routes with other routers in the network12.
The other features listed in the question are not supported on the Cisco vEdge platform. License enforcement is not applicable to the vEdge routers, as they do not require any license to operate. Reporting is a function of the vManage network management system, which collects and displays various statistics and analytics from the vEdge routers. Non-Ethernet interfaces, such as serial, T1/E1, or DSL, are not available on the vEdge routers, which only support Ethernet and cellular interfaces. Single sign-on and 2-factor authentication are not supported on the vEdge routers, which use local or remote authentication methods, such as TACACS+, RADIUS, or LDAP3.
References:
1: Cisco SD-WAN vEdge Routers Data Sheet 2: Cisco SD-WAN Configuration Guide, Release 20.3 3: Cisco SD-WAN Command Reference, Release 20.3


NEW QUESTION # 18
Which is a function of lite Proactive Insights feature of Cisco DNA Center Assurance'?

  • A. generating synthetic traffic to perform tests that raise awareness of potential network issues
  • B. enabling you to see the complete path of packets from the client to the end application
  • C. enabling you to quickly view all of the contextual information related to the end application
  • D. pointing out where the most serious issues are happening in the network

Answer: A


NEW QUESTION # 19
Which are two Cisco ISE that benefits our customers? (Choose two.)

  • A. enables them to set traffic priorities across the network
  • B. provides network access control
  • C. helps them accelerate application deployment and delivery
  • D. helps them stop and contain real-time threats

Answer: B,D


NEW QUESTION # 20
Which Cisco product supports SD-Access and specifically built lo address new challenges faced by enterprises?

  • A. CSRv virtual router
  • B. Catalyst 6807-XL W/ Sup6T and C6800 10G line cards
  • C. ASR 1000 MX
  • D. Catalyst 9500
  • E. Nexus 7700 w/ Sup2E and M3 line cards
  • F. ISR 4221

Answer: B


NEW QUESTION # 21
Which Cisco product supports SD-Access and specifically built to address new challenges faced by enterprises?

  • A. CSRv virtual router
  • B. Catalyst 6807-XL w/ Sup6T and C6800 10G line cards
  • C. ASR 1000-HX
  • D. Catalyst 9500
  • E. Nexus 7700 w/ Sup2E and M3 line cards
  • F. ISR 4221

Answer: D

Explanation:
Explanation
The Cisco Catalyst 9500 Series Switches are specifically built to address the new challenges faced by enterprises, such as the need for increased bandwidth, security, and scalability. The Catalyst 9500 Series Switches are also designed to support Cisco SD-Access, which is a software-defined access fabric that simplifies network management and improves network security.
References: =
Designing Cisco Enterprise Networks
(ENDESIGN): https://www.cisco.com/c/en/us/training-events/training-certifications/training/training-serv Cisco Catalyst 9500 Series Switches: https://www.cisco.com/site/us/en/products/networking/switches/catalyst-9500-series-switches/in


NEW QUESTION # 22
Which Cisco vEdge router offers 20 Gb of encrypted throughput?

  • A. Cisco vEdge 5000
  • B. Cisco vEdge 2000
  • C. Cisco vEdge 1000
  • D. Cisco vEdge 100

Answer: A

Explanation:
Explanation
According to the Cisco SD-WAN vEdge Routers Data Sheet1, the Cisco vEdge 5000 router is the only model that offers 20 Gbps of encrypted throughput. The vEdge 5000 router delivers highly secure site-to-site data connectivity to large enterprises, offers interface modularity, and supports up to 4 Network Interface Modules (NIMs)2. The other models of vEdge routers have lower encrypted throughput capacities, as shown in Table 6 of the Ordering Guide for SD-WAN3. The vEdge 1000 router has a maximum encrypted throughput of 1 Gbps, the vEdge 2000 router has a maximum encrypted throughput of 5 Gbps, and the vEdge 100 router has a maximum encrypted throughput of 100 Mbps3.
References:
1: Cisco SD-WAN vEdge Routers Data Sheet 2: vEdge 5000 Router 3: Ordering Guide for SD-WAN


NEW QUESTION # 23
Which are the three focus areas for reinventing the WAN? (Choose three.)

  • A. Execution
  • B. Secure Elastic Connectivity
  • C. Application Quality of Experience
  • D. Operations
  • E. Centralized device authentication
  • F. Cloud Fast

Answer: B,C,F


NEW QUESTION # 24
Which are two advantages of a "one switch at a time" approach to integrating SD-Access into an existing brownfield environment? (Choose two.)

  • A. opens up many new design and deployment opportunities
  • B. appropriate for campus and remote site environments
  • C. allows simplified testing prior to cutover
  • D. ideal for protecting recent investment s while upgrading legacy hardware
  • E. allows simplified roll back
  • F. involves the least risk of all approaches

Answer: B,C

Explanation:
Explanation
A "one switch at a time" approach to integrating SD-Access into an existing brownfield environment is a method that allows network administrators to gradually migrate their legacy network devices to SD-Access fabric devices without disrupting the network operations. This approach has two main advantages:
It is appropriate for campus and remote site environments, where there may be different types of devices and network topologies. By replacing one switch at a time, the network administrators can ensure that the existing network connectivity and functionality are preserved, while gaining the benefits of SD-Access features such as automation, segmentation, and assurance12.
It allows simplified testing prior to cutover, as the network administrators can verify the performance and compatibility of each switch before adding it to the fabric. This reduces the risk of errors and failures during the migration process, and allows for faster troubleshooting and resolution of any issues34.
References:
Cisco SD-Access Solution Design Guide (CVD)
Discuss Cisco 500-490 Exam Topic 1 Question 33 - Pass4Success
How to provision devices in SD-Access ( SDA ) - Cisco Community
A quick-start guide to SD-Access - Cisco Blogs


NEW QUESTION # 25
Which are two Cisco ISE that benefits our customers? (Choose two.)

  • A. enables them to set traffic priorities across the network
  • B. helps t hem accelerate application deployment and delivery
  • C. provides network access control
  • D. helps t hem stop and contain real-time threats

Answer: C,D

Explanation:
Explanation
Cisco ISE benefits our customers by providing network access control and helping them stop and contain real-time threats. Network access control is the ability to enforce policies on who and what can access the network, based on the identity and context of users, devices, and applications. Cisco ISE allows customers to authenticate, authorize, and audit network access, as well as to segment and isolate network traffic based on security and compliance requirements. Cisco ISE also helps customers stop and contain real-time threats by leveraging intel from across the network and security ecosystem, and by automating threat response actions.
Cisco ISE can integrate with various security solutions, such as Cisco Stealthwatch, Cisco Firepower, and Cisco Umbrella, to detect and mitigate attacks on the network quickly and effectively. References:
Cisco Identity Services Engine (ISE) - Cisco1
Cisco Identity Services Engine (ISE) - Cisco2
Network Visibility and Segmentation (NVS) - Cisco3
Rapid Threat Containment - Cisco4


NEW QUESTION # 26
Which Cisco product were incorporated into Cisco ISE between ISE releases 2.0 and 2.3?

  • A. Cisco ESA
  • B. Cisco ASA
  • C. Cisco WSA
  • D. Cisco ACS

Answer: D

Explanation:
Cisco ISE incorporated Cisco ACS (Cisco Secure Access Control System) between ISE releases 2.0 and 2.3.
Cisco ACS was a network access policy platform that provided authentication, authorization, and accounting (AAA) services for network devices and users. Cisco ACS was discontinued in 2017 and replaced by Cisco ISE, which offers more advanced features and capabilities for identity-based network access control. Cisco ISE provides a migration tool that allows customers to migrate their data and configurations from Cisco ACS to Cisco ISE. The migration tool supports Cisco ACS versions 5.5, 5.6, 5.7, and 5.8 and Cisco ISE versions
2.0, 2.1, 2.2, and 2.3.
References:
* Cisco Secure Access Control System End-of-Life Announcement [Cisco Secure Access Control System]
* Cisco Secure ACS to Cisco ISE Migration Tool [Cisco Identity Services Engine]
* Cisco Identity Services Engine Administrator Guide, Release 2.3 - Cisco Secure ACS to Cisco ISE Migration [Cisco Identity Services Engine]
* Cisco Identity Services Engine Administrator Guide, Release 2.3 - Manage Migration [Cisco Identity Services Engine]
* [Cisco Identity Services Engine Migration Guide, Release 2.3 [Cisco Identity Services Engine]]
* [Designing Cisco Enterprise Networks (ENDESIGN) Exam Topics [Cisco]]
* [Cisco Validated Design Guides [Cisco]]
ISE 2.3 includes the final suite of capabilities designed to reach feature parity with Cisco Secure Access Control System (ACS), allowing all existing ACS customers to migrate their deployment to ISE. New features include TACACS+-based device administration for IPv6, import and export capabilities for TACACS+-based command sets, policy export scheduling, IP range support in all octets, and more. See the ACS vs ISE Comparison for feature comparisons with every release of ISE


NEW QUESTION # 27
What are three ways in which Cisco ISE learns information about devices? (Choose three.)

  • A. network servers the device has accessed
  • B. user authentication to the ISE
  • C. traffic generated by the device
  • D. SMTP agents
  • E. RADIUS attributes
  • F. RPC mechanism via HTTPS

Answer: B,C,E

Explanation:
Explanation
Cisco ISE learns information about devices by using various methods, such as network probes, user authentication, and endpoint identity groups. Three ways in which Cisco ISE learns information about devices are:
B: RADIUS attributes: Cisco ISE can use the RADIUS protocol to collect information about devices from network access devices (NADs), such as switches, routers, and wireless controllers. The NADs can send RADIUS accounting packets to Cisco ISE that contain attributes related to the device identity, such as MAC address, IP address, hostname, device type, and vendor. Cisco ISE can use these attributes to profile the device and assign it to an endpoint identity group12.
D: user authentication to the ISE: Cisco ISE can also learn information about devices by authenticating the users who access the network through the devices. Cisco ISE can use various authentication methods, such as 802.1X, MAC Authentication Bypass (MAB), web authentication, or certificate-based authentication, to verify the identity and credentials of the users. Cisco ISE can then associate the user identity with the device identity and apply the appropriate authorization policies based on the user role, device type, and network context34.
E: traffic generated by the device: Cisco ISE can also learn information about devices by analyzing the traffic generated by the devices on the network. Cisco ISE can use various network probes, such as DHCP, SNMP, HTTP, DNS, or NetFlow, to capture and inspect the packets sent by the devices. Cisco ISE can then extract information from the packet headers and payloads, such as device name, operating system, browser type, application name, or domain name, and use it to profile the device and assign it to an endpoint identity group56.
References :
Cisco ISE Profiling Services
Configuring Profiler Policies
Cisco ISE Authentication Services
Configuring Device Sensor for ISE Profiling
Cisco ISE Endpoint Profiling Policies
ISE Profiling Design Guide


NEW QUESTION # 28
Which two options help you sell Cisco ISE? (Choose two.)

  • A. Discussing (he importance of custom profiling
  • B. Show casing the entire ISE feature set
  • C. Downplaying the value of px Grid as compared to REST ful APIs
  • D. Referring to Trust Sec as being only supported on Cisco networks
  • E. Explaining ISE support for 3rd party network devices

Answer: B,E


NEW QUESTION # 29
How would cisco ISE handle authentication for your printer that does not have a supplicant?

  • A. ISE would authenticate the printer using web authentication.
  • B. ISE would authenticate the printer using MAC RADIUS authentication
  • C. ISE would authenticate the printer using 8.2.1X authentication
  • D. ISE would not authenticate the printer as printers are not subject to ISE authentication.
  • E. ISE would authenticate the printer using MAB.

Answer: E


NEW QUESTION # 30
Which two statements are true regarding Cisco ISE? (Choose two.)

  • A. ISE supports up to 100 Policy Services Nodes
  • B. In distributed deployments, failover from primary to secondary Policy Administration Nodes happens automatically.
  • C. ISE can detected endpoints whose addresses have been translated via NAT.
  • D. The number of logs that ISE can retain is determined by your disk space
  • E. ISE supports IPv6 downloadable ACLs
  • F. In two-node standalone ISE deployments failover must be done manually

Answer: B,D


NEW QUESTION # 31
What are the three foundational elements required for the new operational paradigm'? (Choose three.)

  • A. multiple technologies at multiple OSI layers
  • B. application QoS
  • C. centralization
  • D. assurance
  • E. fabric
  • F. policy based automated provisioning of network of

Answer: D,E,F


NEW QUESTION # 32
What should you do if you are looking at a strategic win with a customer and the customer wants to examine Cisco ISE for longer than a few weeks?

  • A. Set them up with a d Cloud account
  • B. Give them our ISE YouTube videos
  • C. Give then, some of our flash files mat can be played on any browser
  • D. Provide them with a downloadable POV kit
  • E. Provide them to our d Cloud demo library
  • F. Set them up with an account on a Cisco UCS server that hosts ISE

Answer: A


NEW QUESTION # 33
Which are two Cisco ISE that benefits our customers ? (Choose two.)

  • A. enables them to set traffic priorities across the network
  • B. helps them accelerate application deployment and delivery
  • C. helps them stop and contain real time threats
  • D. provides network access controller

Answer: C,D


NEW QUESTION # 34
WhichCiscoproduct supports SD-Access and specificallybuilt to address new challenges faced by enterprises?

  • A. CSRv virtual router
  • B. Catalyst 6807-XL w/ Sup6T and C6800 10G line cards
  • C. Catalyst 9500
  • D. Nexus 7700 w/ Sup2E and M3 line cards
  • E. ISR 4221
  • F. ASR 1000-HX

Answer: F


NEW QUESTION # 35
Which two activities should occur during an SE's demo process? (Choose two.)

  • A. leveraging a company such as Complete Communications to build a financial case.
  • B. identifying which capabilities require demonstration
  • C. asking the customer to provide network drawings or white board the environment for you
  • D. determining whether the customer would like to drive deeper during a follow up
  • E. highlighting opportunities that although not currently within scope would result in lower operational costs and complexity

Answer: B,E


NEW QUESTION # 36
Which two statements are true regarding CiscoISE?(Choose two.)

  • A. Without integration with any other product, ISE can track the actual physical location of a wireless endpoint as it moves.
  • B. An ISE deployment requires only a Cisco ISE network access control appliance.
  • C. ThemajorbusinessoutcomesofISEareenhanceduserexperienceandsecureVLAN segmentation.
  • D. ISE can provide data about when aspecific device connected to the network.
  • E. ISE plays a critical role in SD-Access.

Answer: D,E


NEW QUESTION # 37
Which three ways are SD-Access and ACI Fabric similar? (Choose three.)

  • A. use of Scalable Group Tags
  • B. use of group policy
  • C. use of overlays
  • D. focus on user endpoints
  • E. use of Virtual Network IDs
  • F. use of Endpoint Groups

Answer: C,D,E


NEW QUESTION # 38
Which two statements are true regarding Cisco ISE? (Choose two.)

  • A. Without integration with any other product, ISE can track the actual physical location of a wireless endpoint as it moves
  • B. ISE am provide data about when a specific device connected to the network
  • C. An ISE deployment requires only a Cisco ISE network access control appliance
  • D. ISE plays critical role in SD Access
  • E. The major business outcomes of ISE are enhanced user experience and secure VLAN segmentation

Answer: B,D


NEW QUESTION # 39
......


Cisco 500-490 exam, also known as Designing Cisco Enterprise Networks, is a certification exam that is designed to test your knowledge and skills in designing complex enterprise networks. 500-490 exam is intended for network designers, architects, and engineers who are responsible for designing and implementing enterprise networks. 500-490 exam covers a wide range of topics, including network design principles, network architecture, routing and switching technologies, security, and wireless networking.

 

500-490 Questions Truly Valid For Your Cisco Exam: https://www.examdiscuss.com/Cisco/exam/500-490/

500-490 Actual Questions - Instant Download Tests Free Updated Today!: https://drive.google.com/open?id=1vMi5XH5TSJa_vQc4yMAIsD22UdwhdfNC

Related Articles

more
Go To 500-490 Questions
0
0
0
10