Vendor: Cisco

Exam Code: 500-470

Exam Name: Cisco Enterprise Networks SDA, SDWAN and

ISE Exam for System Engineers

Version: 19.031
Important Notice
Product
Our Product Manager keeps an eye for Exam updates by Vendors. Free update is available within
One year after your purchase.

You can login member center and download the latest product anytime. (Product downloaded
from member center is always the latest.)

PS: Ensure you can pass the exam, please check the latest product in 2-3 days before the exam
again.

Feedback
We devote to promote the product quality and the grade of service to ensure customers interest.

If you have any questions about our product, please provide Exam Number, Version, Page
Number, Question Number, and your Login Account to us, please contact us at
[email protected] and our technical experts will provide support in 24 hours.

Copyright
The product of each order has its own encryption code, so you should use it independently.

If anyone who share the file we will disable the free update and account access.

Any unauthorized changes will be inflicted legal punishment. We will reserve the right of final
explanation for this statement.

Order ID: ****************

PayPal Name: ****************

PayPal ID: ****************

QUESTION 1
Device Sensor provides which two types of information to ISE? (Choose two.)

A. DHCP
B. Encrypted traffic
C. User/Device Name
D. CDP
E. NetFlow

Answer: AD
Explanation:
https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/200292-Configure-
Device-Sensor-for-ISE-
Profilin.html?referring_site=RE&pos=1&page=https://www.cisco.com/c/en/us/td/docs/
switches/lan/catalyst3750/software/release/15-0_1_se/device_sensor/guide/sensor_guide.html

QUESTION 2
The profiling data from network access devices is sent to which Cisco ISE node?

A. Monitoring node
B. Administration node
C. Inline Posture node
D. Policy Service node

Answer: D

QUESTION 3
What two best describe self-healing functionality on vEdges? (Choose two.)

A. Software reconfiguration capability allowing for dynamic reconfiguration of existing channels

B. In software upgrade process, rolling back to the previously running software image when
connectivity to vManage fails
C. vManage detect routing outage detection to detect reachability outages and understand their
scope and likely root cause
D. With configuration change, rolling back the configuration change when loss of connectivity to
vManage

Answer: BD

QUESTION 4
Which three statements best describe Cisco ISE configuration capabilities? (Choose three.)

A. ISE Deployment Assistant (IDA) is a built in application designed to accelerate the deployment of
Cisco Identity Service Engine (ISE)
B. Cisco ISE includes wireless setup wizard and visibility wizard.
C. ISE requires an understanding of the command line for set-up and configuration.
D. ISE wizards and pre-canned configurations ease ISE roll-out significantly.
E. Cisco Active Advisor provides additional guidance for ISE deployments

Answer: ABE

Get Latest & Actual 500-470 Exam's Question and Answers from Passleader. 2
http://www.passleader.com
QUESTION 5
Which three wireless product families are supported in the current DNA-C 1.1 release? (Choose
three.)

A. AP 1260
B. WLC 8540
C. WLC 5508
D. AP 3800
E. WLC 3504

Answer: BDE

QUESTION 6
Which two options are used as part of an ISE POV? (Choose two.)

A. Youtube
B. CiscoTV
C. dCloud
D. POV Kit
E. Implementation on Production Network

Answer: CD
Explanation:
https://community.cisco.com/t5/security-documents/selling-ise-demos-and-povs/ta-p/3629542

QUESTION 7
Which three services must be enabled under the ISE Admin settings to successfully integrate
ISE, when integrating ISE with DNA-C? (Choose three.)

A. SXP services
B. ServiceNow
C. Threat-Centric NAC
D. Infoblox
E. PxGrid
F. Passive Identity Service

Answer: AEF
Explanation:
https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-
andmanagement/dna-center/1-
1/install/b_dnac_install_1_1_0P2/b_dnac_install_1_1_0P2_chapter_010.pdf

QUESTION 8
Which statement is correct about iPad profiling?

A. In order to profile the iPad you must use the user agent
B. The iPad will be auto-profiled in Cisco ISE without any need for configuration.
C. In order to profile the iPad you must use the DHCP probe.

Get Latest & Actual 500-470 Exam's Question and Answers from Passleader. 3
http://www.passleader.com
D. Multiple conditions can be used, but a minimum certainty factor has to be matched or exceeded.

Answer: D

QUESTION 9
Which of these is not a method to obtain Cisco ISE profiling data?

A. RADIUS
B. HTTP
C. SNMP query
D. active scans
E. Netflow
F. DNS

Answer: D

QUESTION 10
Which three statements are true regarding Cisco SDWAN license tiers? (Choose three.)

A. With Pro license, control and data policies are supported

B. With Plus license, split-tunnel is supported
C. With Pro license, unlimited segmentations are supported
D. With Plus license, Hub and spoke, partial mesh are supported
E. With Enterprise license, vAnalytics is included
F. With Enterprise license, TCP optimization is not supported

Answer: ABE

QUESTION 11
Which are three Cisco recommendations on "How to Win"? (Choose three.)

A. Talk about Cisco's focus on Security and integration with StealthWatch, Sourcefire, WSA,
vulnerability scanner to make smarter policy decisions.
B. Explain support for 3rd party network devices.
C. Explain architectural advantage of holistic Cisco solution.
D. Demonstrate complex policy flows, rather show case Wizards and enhanced context visibility.
E. Show case Cisco portfolio or ISE feature set during PoC

Answer: ACE

QUESTION 12
What is an example of Correlated Insights for SDA and Switching?

A. Excessive Onboarding Time

B. Roaming Pattern Analysis
C. Control Plane Reachability
D. AP License Utilization

Get Latest & Actual 500-470 Exam's Question and Answers from Passleader. 4
http://www.passleader.com
Answer: C
Explanation:
http://www.tyrc.edu.tw/images/2/29/107051006.pdf page 72

QUESTION 13
Which three options describe fabric overlay concepts? (Choose three.)

A. A link state routing protocol like OSPF

B. A virtual Local Area Network
C. An Overlay uses alternate forwarding attributes
D. GRE is a type of Overlay
E. Intermediate System to Intermediate System
F. An Overlay is a logical topology

Answer: BDF
Explanation:
https://www.slideshare.net/Cisco/hawaii-tech-day-new-solution-in-switching

QUESTION 14
Which three methods can be implemented and deployed to gather data and provide insight?
(Choose three.)

A. IPv6
B. ARP caching
C. FNF
D. BUM traffic
E. Syslog
F. SNMP

Answer: CEF

QUESTION 15
How does identity management solve two customer problems? (Choose two.)

A. Enables and enforces 802.1X across the network platform

B. Manages group membership
C. Provides network visibility and security
D. Increases digitization
E. Achieves dynamic and adaptive network segmentation

Answer: CE
Explanation:
https://www.slideshare.net/robboyd/techwisetv-workshop-cisco-identity-services-engine-ise

QUESTION 16
Which two products are supported as "Extended" in DNA-C 1.1? (Choose two.)

A. IE switches
B. Catalyst 6807

Get Latest & Actual 500-470 Exam's Question and Answers from Passleader. 5
http://www.passleader.com
C. Catalyst 3560-CX
D. M3 Line cards
E. AP 3800
F. Catalyst 4500-E

Answer: AC
Explanation:
https://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise-networks/software-
definedaccess/guide-c07-739242.pdf

QUESTION 17
How many bytes does a VxLAN header add to an original Ethernet frame?

A. 36
B. 50
C. 48
D. 64

Answer: B
Explanation:
https://www.cisco.com/c/en/us/support/docs/lan-switching/vlan/212682-virtual-extensible-lan-
andethernet-virt.html

QUESTION 18
Which options are Network Access Device types?

A. Switches, Wireless Controllers, and VPN Gateways

B. Wireless Controllers, Routers, and VPN Gateways
C. Switches, Wireless Controllers, and Routers
D. Switches, Routers, and VPN Gateways

Answer: A
Explanation:
https://www.cisco.com/c/en/us/td/docs/security/ise/1-4/admin_guide/b_ise_admin_guide_14/
b_ise_admin_guide_14_chapter_0100.html

QUESTION 19
How many vEdge router security zones (VPN's) can be configured?

A. 256
B. 32
C. 510
D. 16

Answer: C
Explanation:
https://sdwan-docs.cisco.com/Product_Documentation/Software_Features/
Release_18.1/04Segmentation/02Configuring_Segmentation_(VPNs)

Get Latest & Actual 500-470 Exam's Question and Answers from Passleader. 6
http://www.passleader.com
QUESTION 20
Which workflow is necessary for setting up a network hierarchy?

A. Provision
B. Design
C. Policy
D. Assurance

Answer: B

QUESTION 21
Which are three functions used by ISE automation BYOD flow? (Choose three.)

A. Supplicant Provisioning
B. Device Registration
C. Certificate Enrollment
D. BioMetrics
E. LDAP Multi Tenant Provisioning
F. Active Directory Group Membership

Answer: ABC

QUESTION 22
Which are three Cisco ISE use cases? (Choose three.)

A. BYOD
B. Assurance
C. Monitoring
D. Security Incident and Event Management
E. Access Control
F. Segmentation

Answer: AEF

QUESTION 23
Which two factors are used in calculating the Cisco SD WAN ?1yr, 3yr, or 5yr subscription cost?
(Choose two.)

A. Service Bandwidth
B. Security
C. Routing Protocol
D. Features
E. Hypervisor Platform

Answer: AD

QUESTION 24
Which are three key features within the Cisco ISE that mainly compete with the other RADIUS
and NAC

Get Latest & Actual 500-470 Exam's Question and Answers from Passleader. 7
http://www.passleader.com
products? (Choose three.)

A. BYOD provides auto configuration of endpoints.

B. Deep packet inspection upon authorization of endpoints.
C. Guest access and guest lifecycle management functionality.
D. Software based firewall capabilities for selected devices and endpoints.
E. Ability to authenticate and authorize users and endpoints.

Answer: ACE

QUESTION 25
What is the default interval for BFD packets?

A. 1 second
B. 15 seconds
C. 10 seconds
D. 5 seconds

Answer: A

QUESTION 26
Which protocol is used between an Endpoint and a Switch with an 802.1 authentication?

A. RADIUS
B. EAP
C. MAB
D. TACACS

Answer: B

QUESTION 27
What is the maximum # of concurrent endpoint with a distributed deployment?

A. 500,000
B. 20,000
C. 10,000
D. 100,000

Answer: A
Explanation:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/install_guide/b_ise_InstallationGuide21/
b_ise_InstallationGuide21_chapter_00.pdf

QUESTION 28
Where does the Cisco V-Edge Router perform QOS traffic classification?

A. Per VPN
B. Per vEdge
C. Egress interface

Get Latest & Actual 500-470 Exam's Question and Answers from Passleader. 8
http://www.passleader.com
D. Ingress interface

Answer: D

QUESTION 29
Which two options are SD-WAN solution capabilities? (Choose two.)

A. Ability to provide and integrate security with complementary products and applications
B. The separation of management plane, control plane and data plane to enable horizontal scaling
C. Truck roll branch turn up for easy provisioning and new installations
D. Cloud hosted or on-Premise fully redundant management and control plane functions

Answer: BD
Explanation:
https://www.cisco.com/c/dam/m/sl_si/training-events/2018/cisco-connect/pdfs/
sodobna_prostrana_omrezja_s_sd-wan_konceptom_tom_cof.pdf

QUESTION 30
The default Cisco ISE node configuration has which role or roles enabled by default?

A. Administration only
B. Inline Posture only
C. Administration and Pokey Service
D. Policy Service Monitoring, and Administration

Answer: D

QUESTION 31
What are the Cisco ISE posture building blocks?

A. network access devices, Policy Service node, Administration node

B. posture check, posture rules, posture requirement, role requirements
C. posture condition, posture rules, role requirements
D. posture condition, compound posture condition, posture requirements, posture policy

Answer: D

QUESTION 32
What is the role of DNA Center in SD-Access?

A. Identifying and Authenticating Endpoints

B. The point of exchange of reachability and policy for two domains
C. Maintain a database of Endpoint IDs to Fabric Edge Nodes
D. provide GUI management abstraction & Analytics via Multiple Service Apps

Answer: D

QUESTION 33

Get Latest & Actual 500-470 Exam's Question and Answers from Passleader. 9
http://www.passleader.com
Which Cisco SD WAN component provides a secure data plane with remote vEdge routers?

A. vManage
B. vSmart
C. vBond
D. vEdge

Answer: B

QUESTION 34
Which two platforms can host a vEdge Cloud Router? (Choose two.)

A. Microsoft Azure
B. Dreamhost
C. AWS
D. DigitalCloud
E. Google

Answer: AC

QUESTION 35
Which is a key function of a Digital Network?

A. Centralized provisioning
B. Software upgrades
C. Provides secure data plane with remote vEdge routers
D. Nat traversal

Answer: C

QUESTION 36
Which three technologies are used in an SD-Access Fabric? (Choose three.)

A. MPLS
B. TrustSec
C. VXLAN
D. OTV
E. LISP
F. RSVP

Answer: ACE

QUESTION 37
Which two are benefits from a WAN design? (Choose two.)

A. Prioritize and secure with granular control

B. Reduce cost and increase operational complexity
C. Lower circuit bandwidth requirements

Get Latest & Actual 500-470 Exam's Question and Answers from Passleader. 10
http://www.passleader.com
D. Provide lower quality service to guest users
E. Ensure remote site uptime

Answer: AC

QUESTION 38
What is a challenge of having an SD-Access Centralized design where a single fabric
encompasses the main site and all branch sites across the WAN?

A. End to End Routing is not supported

B. SSIDs would be the same across all sites
C. DNA Center does not support it
D. Since the traffic is encapsulated. SD-WAN features can't be used to optimize/route traffic.

Answer: A

QUESTION 39
What definition is not part of 4D Training?

A. Demo
B. Discover
C. Deploy
D. Defend
E. Design

Answer: D
Explanation:
https://www.cisco.com/c/en_sg/partners/blackbelt/enterprise-networking.html#~stickynav=2

QUESTION 40
Which party solution integrates with Cisco's security and network portfolios within the ISE?

A. 25+ 3rd party solutions

B. 20+ 3rd party solutions
C. 30+ 3rd party solutions
D. 45+ 3rd party solutions
E. 60+ 3rd party solutions

Answer: E

Get Latest & Actual 500-470 Exam's Question and Answers from Passleader. 11
http://www.passleader.com