検証済み！500-470問題集と解答で500-470テストエンジン正確解答付き [Q10-Q25]

検証済み！500-470問題集と解答で500-470テストエンジン正確解答付き

あなたを必ず合格させる500-470問題集PDF2024年最新のに更新された38問あります

質問 # 10
Which three statements are true regarding Cisco SDWAN license tiers? (Choose three.)

• A. With Pro license, control and data policies are supported
• B. With Enterprise license, TCP optimization is not supported
• C. With Pro license, unlimited segmentations are supported
• D. With Plus license, split-tunnel is supported
• E. With Enterprise license, vAnalytics is included
• F. With Plus license, Hub and spoke, partial mesh are supported

正解：A、D、E

解説：
Explanation
Some of the statements that are true regarding Cisco SD-WAN license tiers are:
With Pro license, control and data policies are supported2. This license tier enables network operators to define and enforce policies for traffic shaping, quality of service (QoS), application optimization, and security2.
With Plus license, split-tunnel is supported3. This license tier enables network operators to use split-tunneling technology to route traffic through different paths based on application or user preferences3.
With Enterprise license, vAnalytics is included4. This license tier enables network operators to use vAnalytics feature to collect and analyze data from various sources such as endpoints, applications, devices, networks, and cloud services4.

質問 # 11
Which three services must be enabled under the ISE Admin settings to successfully integrateISE, when integrating ISE with DNA-C? (Choose three.)

• A. Infoblox
• B. Threat-Centric NAC
• C. Passive Identity Service
• D. ServiceNow
• E. PxGrid
• F. SXP services

正解：A、D、F

解説：
Explanation
Cisco ISE configuration capabilities include the following features:
ISE Deployment Assistant (IDA): This is a built-in application designed to accelerate the deployment of Cisco Identity Service Engine (ISE) by providing a guided workflow for configuring the most common ISE use cases, such as guest access, BYOD, and secure wired and wireless access1. IDA also provides validation checks, best practices, and troubleshooting tips to ensure a successful deployment.
Wireless Setup Wizard and Visibility Wizard: These are two of the several wizards that Cisco ISE provides to simplify the configuration of various ISE functions and features. The Wireless Setup Wizard helps to configure the wireless network settings, such as SSIDs, authentication methods, and policies, for secure wireless access2. The Visibility Wizard helps to enable the ISE profiling service, which collects and analyzes endpoint data to identify, classify, and monitor devices on the network3.
ISE Wizards and Pre-Canned Configurations: These are the tools that ease the ISE roll-out significantly by providing ready-made templates, policies, and settings for common ISE scenarios, such as posture assessment, device administration, and threat-centric NAC. These tools help to reduce the manual configuration efforts and errors, and speed up the time to value.
References:
1: [Cisco Identity Services Engine Administrator Guide, Release 3.3 - ISE Deployment Assistant [Cisco Identity Services Engine]] : 2: [Cisco Identity Services Engine Administrator Guide, Release 3.3 - Wireless Setup Wizard [Cisco Identity Services Engine]] : 3: [Cisco Identity Services Engine Administrator Guide, Release 3.3 - Visibility Wizard [Cisco Identity Services Engine]] : : [Cisco Identity Services Engine Administrator Guide, Release 3.3 - ISE Wizards and Pre-Canned Configurations [Cisco Identity Services Engine]]

質問 # 12
Which are three functions used by ISE automation BYOD flow? (Choose three.)

• A. LDAP Multi Tennant Provisioning
• B. Certificate Enrollment
• C. BioMetrics
• D. Device Registration
• E. Active Directory Group Membership
• F. Supplicant Provisioning

正解：B、D、F

解説：
Explanation
ISE automation BYOD flow is a process that allows users to self-enroll their devices to the network without requiring IT intervention. The process consists of three main functions: certificate enrollment, device registration, and supplicant provisioning.
Certificate enrollment is the function that allows users to obtain a digital certificate from a certificate authority (CA) for their devices. This certificate is used to authenticate the device to the network and provide secure communication. ISE supports different CA options, such as Microsoft CA, Cisco ISE CA, or third-party CA .
Device registration is the function that allows users to register their devices to the network and associate them with their identity. This enables ISE to apply policies based on the device type, ownership, and posture. ISE supports different device registration methods, such as portal-based, API-based, or bulk import .
Supplicant provisioning is the function that allows users to install and configure a network access client (supplicant) on their devices. This client is used to connect to the network using the appropriate protocols and settings. ISE supports different supplicant provisioning methods, such as native supplicant, Cisco Network Setup Assistant (NSA), or Cisco AnyConnect Secure Mobility Client (AnyConnect) .
References:
[Cisco Identity Services Engine Administrator Guide, Release 2.7 - BYOD [Cisco Identity Services Engine]] :
[Cisco Identity Services Engine Administrator Guide, Release 2.7 - Certificate Provisioning [Cisco Identity Services Engine]] : [Cisco Identity Services Engine Administrator Guide, Release 2.7 - Device Registration
[Cisco Identity Services Engine]] : [Cisco Identity Services Engine Administrator Guide, Release 2.7 - Supplicant Provisioning [Cisco Identity Services Engine]]

質問 # 13
What two best describe self-healing functionality on vEdges? (Choose two.)

• A. Software reconfiguration capability allowing for dynamic reconfiguration of existing channels
• B. vManage detect routing outage detection to detect reachability outages and understand their scope and likely root cause
• C. With configuration change, rolling back the configuration change when loss of connectivity to vManage
• D. In software upgrade process, rolling back to the previously running software image when connectivity to vManage fails

正解：C、D

質問 # 14
What is an example of Correlated Insights for SDA and Switching?

• A. Excessive Onboarding Time
• B. Roaming Pattern Analysis
• C. Control Plane Reachability
• D. AP License Utilization

正解：C

質問 # 15
What is a challenge of having an SD-Access Centralized design where a single fabric encompasses the main site and all branch sites across the WAN?

• A. SSIDs would be the same across all sites
• B. Since the traffic is encapsulated. SD-WAN features can't be used to optimize/route traffic.
• C. End to End Routing is not supported
• D. DNA Center does not support it

正解：C

質問 # 16
Which three options describe fabric overlay concepts? (Choose three.)

• A. An Overlay is a logical topology
• B. A virtual Local Area Network
• C. Intermediate System to Intermediate System
• D. GRE is a type of Overlay
• E. A link state routing protocol like OSPF
• F. An Overlay uses alternate forwarding attributes

正解：A、B、D

質問 # 17
What is the maximum # of concurrent endpoint with a distributed deployment?

• A. 500,000
• B. 20,000
• C. 100,000
• D. 10,000

正解：A

解説：
Explanation
The maximum number of concurrent endpoints with a distributed deployment depends on the type of deployment and the hardware used. According to the Cisco documentation1, there are two types of distributed deployments: hybrid and dedicated.
A hybrid deployment is where the Policy Administration Node (PAN) and the Monitoring Node (MnT) personas are co-located on the same node, and the Policy Service Node (PSN) persona is distributed across multiple nodes. A hybrid deployment can support up to 20,000 concurrent endpoints with a maximum of 5 PSNs on SNS-36xx or SNS-35xx hardware.
A dedicated deployment is where the PAN, MnT, and PSN personas are separated on different nodes. A dedicated deployment can support up to 500,000 concurrent endpoints with a maximum of 50 PSNs on SNS-36xx or SNS-35xx hardware.
The main difference between the hybrid and dedicated deployments is the scalability and redundancy of the MnT persona, which collects and stores the logs and sessions from the PSNs. By breaking the PAN and MnT roles out on to their own servers, the dedicated deployment can handle more concurrent endpoints and PSNs, as well as provide failover and load balancing for the MnT persona2 References := Performance and Scalability Guide for Cisco Identity Services Engine Solved: ISE concurrent connections query - Cisco Community

質問 # 18
Which two products are supported as "Extended" in DNA-C 1.1? (Choose two.)

• A. Catalyst 6807
• B. Catalyst 3560-CX
• C. Catalyst 4500-E
• D. AP 3800
• E. IE switches
• F. M3 Line cards

正解：B、E

質問 # 19
Whatis a challenge of having an SD-Access Centralized design where a single fabric encompasses the main site and all branch sites across the WAN?

• A. SSIDs would be the same across all sites
• B. Since the traffic is encapsulated, SD-WAN features can't be used to optimize/route traffic.
• C. End to End Routing is not supported
• D. DNA Center does not support it.

正解：B

解説：
Explanation
A centralized SD-Access design is where a single fabric domain spans across the main site and all branch sites over the WAN. This design has some challenges, such as:
Since the traffic is encapsulated in VXLAN headers, SD-WAN features such as application-aware routing, QoS, and security policies cannot be applied to the traffic based on the original IP headers. This means that the SD-WAN controller cannot optimize or route the traffic based on the application or user identity. The traffic is treated as a single class of service across the WAN.
The centralized design also introduces a single point of failure and a potential bottleneck at the main site, where the border nodes and the control plane nodes are located. If the main site goes down or the WAN link fails, the branch sites will lose connectivity to the fabric domain and the external networks.
The centralized design also requires a high bandwidth and low latency WAN connection between the main site and the branch sites, which may not be feasible or cost-effective for some scenarios.
References :=
Some possible references are:
Cisco Enterprise Networks SDA, SDWAN and ISE Exam for System Engineers (ENSDENG) Study Guide Cisco SD-Access and SD-WAN Integration Design Guide

質問 # 20
How does identity management solve two customer problems? (Choose two.)

• A. Enables and enforces 802.1X across the network platform
• B. Manages group membership
• C. Achieves dynamic and adaptive network segmentation
• D. Increases digitization
• E. Provides network visibility and security

正解：C、E

解説：
Explanation/Reference:
Reference: https://www.slideshare.net/robboyd/techwisetv-workshop-cisco-identity-services-engine-ise slide 3

質問 # 21
Which workflow is necessary for setting up a network hierarchy?

• A. Assurance
• B. Design
• C. Provision
• D. Policy

正解：B

解説：
Explanation
https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-c The workflow that is necessary for setting up a network hierarchy is Design. The Design area is where you create the structure and framework of your network, including the physical topology, network settings, and device type profiles that you can apply to devices throughout your network. You can create a network hierarchy that represents your network's geographical locations, such as sites, buildings, and floors. You can also define global network settings, such as device credentials, IP address pools, service provider profiles, and network servers. You can also create network profiles, which are collections of design settings that you can assign to devices based on their roles and functions1.
References:
1: [Cisco DNA Center User Guide, Release 2.2.3 - Design Network Hierarchy and Settings [Cisco DNA Center] - Cisco]

質問 # 22
How does identity management solve two customer problems? (Choose two.)

• A. Enables and enforces 802.1X across the network platform
• B. Manages group membership
• C. Achieves dynamic and adaptive network segmentation
• D. Increases digitization
• E. Provides network visibility and security

正解：C、E

解説：
Explanation
Identity management is the practice of making sure that people and entities with digital identities have the right level of access to enterprise resources like networks and databases. User roles and access privileges are defined and managed through an identity management system, such as Cisco Identity Services Engine (ISE)1.
Identity management solves two customer problems:
Provides network visibility and security: Identity management allows customers to see who and what is on their network, and to control their access based on policies and context. Identity management also integrates with other security solutions, such as Cisco Firepower, Cisco Stealthwatch, or Cisco Umbrella, to detect and respond to threats, and to enforce adaptive network access policies based on the threat level of the endpoints2.
Achieves dynamic and adaptive network segmentation: Identity management enables customers to segment their network based on the identity and context of the users and devices, rather than the IP addresses and VLANs. This allows customers to implement a zero-trust model, where only trusted users and devices can access the resources they need, and where the access policies can be dynamically updated based on the changing conditions and requirements. Identity management also supports Cisco TrustSec, which is a technology that assigns scalable group tags (SGTs) to endpoints and enforces group-based policies (contracts) across the network3.
References:
1: [What Is Identity Access Management (IAM)? - Cisco

質問 # 23
Which two factors are used in calculating the Cisco SD WAN-1yr, 3yr, or 5yr subscription cost? (Choose two.)

• A. Service Bandwidth
• B. Hypervisor Platform
• C. Security
• D. Features
• E. Routing Protocol

正解：A、D

解説：
Explanation
The Cisco SD-WAN subscription cost is based on two factors: the features and the service bandwidth. The features are determined by the subscription tier, which can be Cisco DNA Essentials, Cisco DNA Advantage, or Cisco DNA Premier. Each tier offers different levels of functionality, security, and analytics for the SD-WAN solution. The service bandwidth is the aggregated WAN bandwidth across all the edge devices in the SD-WAN fabric. The subscription cost is calculated as the product of the feature price per Mbps and the service bandwidth. For example, if the feature price per Mbps for Cisco DNA Advantage is $2 and the service bandwidth is 100 Mbps, the subscription cost for one year is $2 x 100 x 12 = $240012 The other factors, such as the hypervisor platform, the security, and the routing protocol, are not used in calculating the Cisco SD-WAN subscription cost. The hypervisor platform is the virtualization environment where the SD-WAN edge software can run, such as VMware ESXi, KVM, or Microsoft Hyper-V. The security is the protection of the SD-WAN network from threats and attacks, which can be enhanced by integrating with complementary products and applications, such as Cisco Umbrella, Cisco SIG Essentials, or Cisco Secure Malware Analytics. The routing protocol is the method of exchanging routing information between the SD-WAN edge devices and the external networks, such as BGP, OSPF, or EIGRP. These factors are not directly related to the subscription cost, but rather to the deployment options, the security requirements, and the network design of the SD-WAN solution34 References := Cisco DNA Software for SD-WAN and Routing Ordering Guide Cisco DNA Subscription Software for SD-WAN and Routing FAQ Cisco SD-WAN Solution Overview Cisco SD-WAN Configuration Guide

質問 # 24
What is the maximum # of concurrent endpoint with a distributed deployment?

• A. 500,000
• B. 20,000
• C. 100,000
• D. 10,000

正解：A

質問 # 25
......

合格できるCisco 500-470試験情報フリー練習テスト：https://www.jpntest.com/shiken/500-470-mondaishu

Cisco 500-470リアル試験問題と解答は無料で試せる：https://drive.google.com/open?id=10vsrZOk_BLv_oEwQRu8O_gtf869w1U8C