web analytics

Which two Cisco Catalyst switch interface commands allow only a single voice device and a single data device to be connected to the IEEE 802.1Xenabled interface?

Which two Cisco Catalyst switch interface commands allow only a single voice device and a single data device to be connected to the IEEE 802.1Xenabled interface? (Choose two.) A. authentication

Which RADIUS attribute is used primarily to differentiate an IEEE 802.1x request from a Cisco MAB request?

Which RADIUS attribute is used primarily to differentiate an IEEE 802.1x request from a Cisco MAB request? A. RADIUS Attribute (5) NAS-Port B. RADIUS Attribute (6) Service-Type C. RADIUS Attribute

Which authorization method is the Cisco best practice to allow endpoints access to the Apple App store or Google Play store with Cisco WLC software version 7.6 or newer?

Which authorization method is the Cisco best practice to allow endpoints access to the Apple App store or Google Play store with Cisco WLC software version 7.6 or newer? A.

Which time allowance is the minimum that can be configured for posture reassessment interval?

Which time allowance is the minimum that can be configured for posture reassessment interval? A. 5 minutes B. 20 minutes C. 60 minutes D. 90 minutes Correct Answer: C

Which advanced authentication setting is needed to allow an unknown device to utilize Central WebAuth?

Which advanced authentication setting is needed to allow an unknown device to utilize Central WebAuth? A. If Authentication failed > Continue B. If Authentication failed > Drop C. If user

Which option restricts guests from connecting more than one device at a time?

Which option restricts guests from connecting more than one device at a time? A. Guest Portal policy > Set Device registration portal limit B. Guest Portal Policy > Set Allow

Which two actions can be taken based on matching a profiler policy?

In Cisco ISE, which two actions can be taken based on matching a profiler policy? (Choose two). A. exception B. network scan (NMAP) C. delete endpoint D. automatically remediate E.

Which statement about the Cisco ISE BYOD feature is true

Which statement about the Cisco ISE BYOD feature is true? A. Use of SCEP/CA is optional. B. BYOD works only on wireless access. C. Cisco ISE needs to integrate with

What user rights does an account need to join ISE to a Microsoft Active Directory domain?

What user rights does an account need to join ISE to a Microsoft Active Directory domain? A. Create and Delete Computer Objects B. Domain Admin C. Join and Leave Domain

A network administrator must enable which protocol to utilize EAP-Chaining?

A network administrator must enable which protocol to utilize EAP-Chaining? A. EAP-FAST B. EAP-TLS C. MSCHAPv2 D. PEAP Correct Answer: A

Which elements can be combined to meet the requirement?

The corporate security policy requires multiple elements to be matched in an authorization policy. Which elements can be combined to meet the requirement? A. Device registration status and device activation

Which probe must be enabled to collect profiling data using Device Sensor?

In Cisco ISE, which probe must be enabled to collect profiling data using Device Sensor? A. RADIUS B. SNMPQuery C. SNMPTrap D. Network Scan E. Syslog Correct Answer: A

Which two profile attributes can be collected by a Cisco Catalyst Switch that supports Device Sensor?

Which two profile attributes can be collected by a Cisco Catalyst Switch that supports Device Sensor? (Choose two.) A. LLDP agent information B. user agent C. DHCP options D. open

Which two profile attributes can be collected by a Cisco Wireless LAN Controller that supports Device Sensor?

Which two profile attributes can be collected by a Cisco Wireless LAN Controller that supports Device Sensor? (Choose two.) A. LLDP agent information B. user agent C. DHCP options D.

Which statement about Cisco ISE BYOD is true?

Which statement about Cisco ISE BYOD is true? A. Dual SSID allows EAP-TLS only when connecting to the secured SSID. B. Single SSID does not require endpoints to be registered.

Which two types of client provisioning resources are used for BYOD implementations?

Which two types of client provisioning resources are used for BYOD implementations? (Choose two.) A. user agent B. Cisco NAC agent C. native supplicant profiles D. device sensor E. software

Which protocol sends authentication and accounting in different requests?

Which protocol sends authentication and accounting in different requests? A. RADIUS B. TACACS+ C. EAP-Chaining D. PEAP E. EAP-TLS Correct Answer: B

Which configuration is missing on the network access device?

You enabled the guest session limit feature on the Cisco ISE. However, end users report that the same guest can log in from multiple devices simultaneously. Which configuration is missing

Which option is the most likely reason for the failure?

A properly configured Cisco ISE Policy Service node is not receiving any profile data from a Cisco switch that runs Device Sensor. Which option is the most likely reason for

Which AAA authentication method should be selected?

A network administrator needs to implement a service that enables granular control of IOS commands that can be executed. Which AAA authentication method should be selected? A. TACACS+ B. RADIUS

An administrator can leverage which attribute to assign privileges based on Microsoft Active Directory user groups?

An administrator can leverage which attribute to assign privileges based on Microsoft Active Directory user groups? A. member of B. group C. class D. person Correct Answer: A

What is a unique characteristic of the most secure mode?

Cisco 802.1X phasing enables flexible deployments through the use of open, low-impact, and closed modes. What is a unique characteristic of the most secure mode? A. Granular ACLs applied prior

A network administrator must enable which protocol extension to utilize EAP-Chaining?

A network administrator must enable which protocol extension to utilize EAP-Chaining? A. EAP-FAST B. EAP-TLS C. MSCHAPv2 D. PEAP Correct Answer: A

How is the word ‘default’ defined?

In the command ‘aaa authentication default group tacacs local’, how is the word ‘default’ defined? A. Command set B. Group name C. Method list D. Login type Correct Answer: C

What is the most likely cause of the problem?

Changes were made to the ISE server while troubleshooting, and now all wireless certificate authentications are failing. Logs indicate an EAP failure. What is the most likely cause of the

The NAC Agent uses which port and protocol to send discovery packets to an ISE Policy Service Node?

The NAC Agent uses which port and protocol to send discovery packets to an ISE Policy Service Node? A. tcp/8905 B. udp/8905 C. http/80 D. https/443 Correct Answer: B

Which two conditions are valid when configuring ISE for posturing?

Which two conditions are valid when configuring ISE for posturing? (Choose two.) A. Dictionary B. member Of C. Profile status D. File E. Service Correct Answer: DE

What function does authentication perform?

In AAA, what function does authentication perform? A. It identifies the actions that the user can perform on the device. B. It identifies the user who is trying to access

Which identity store option allows you to modify the directory services that run on TCP/IP?

Which identity store option allows you to modify the directory services that run on TCP/IP? A. Lightweight Directory Access Protocol B. RSA SecurID server C. RADIUS D. Active Directory Correct

Which term describes a software application that seeks connectivity to the network via a network access device?

Which term describes a software application that seeks connectivity to the network via a network access device? A. authenticator B. server C. supplicant D. WLC Correct Answer: C

Cisco ISE distributed deployments support which three features?

Cisco ISE distributed deployments support which three features? (Choose three.) A. global implementation of the profiler service CoA B. global implementation of the profiler service in Cisco ISE C. configuration

How frequently does the Profiled Endpoints dashlet refresh data?

How frequently does the Profiled Endpoints dashlet refresh data? A. every 30 seconds B. every 60 seconds C. every 2 minutes D. every 5 minutes Correct Answer: B

Which command in the My Devices Portal can restore a previously lost device to the network?

Which command in the My Devices Portal can restore a previously lost device to the network? A. Reset B. Found C. Reinstate D. Request Correct Answer: C

What is the first step that occurs when provisioning a wired device in a BYOD scenario?

What is the first step that occurs when provisioning a wired device in a BYOD scenario? A. The smart hub detects that the physically connected endpoint requires configuration and must

Which three features should be enabled as best practices for MAB?

Which three features should be enabled as best practices for MAB? (Choose three.) A. MD5 B. IP source guard C. DHCP snooping D. storm control E. DAI F. URPF Correct

When MAB is configured, how often are ports reauthenticated by default?

When MAB is configured, how often are ports reauthenticated by default? A. every 60 seconds B. every 90 seconds C. every 120 seconds D. never Correct Answer: D

What is a required step when you deploy dynamic VLAN and ACL assignments?

What is a required step when you deploy dynamic VLAN and ACL assignments? A. Configure the VLAN assignment. B. Configure the ACL assignment. C. Configure Cisco IOS Software 802.1X authenticator

Which model does Cisco support in a RADIUS change of authorization implementation?

Which model does Cisco support in a RADIUS change of authorization implementation? A. push B. pull C. policy D. security Correct Answer: A

Which solution is needed to achieve these goals?

An organization has recently deployed ISE with the latest models of Cisco switches, and it plans to deploy Trustsec to secure its infrastructure. The company also wants to allow different

Security Group Access requires which three syslog messages to be sent to Cisco ISE?

Security Group Access requires which three syslog messages to be sent to Cisco ISE? (Choose three.) A. IOS-7-PROXY_DROP B. AP-1-AUTH_PROXY_DOS_ATTACK C. MKA-2-MACDROP D. AUTHMGR-5-MACMOVE E. ASA-6-CONNECT_BUILT F. AP-1-AUTH_PROXY_FALLBACK_REQ Correct Answer:

Which administrative role has permission to assign Security Group Access Control Lists?

Which administrative role has permission to assign Security Group Access Control Lists? A. System Admin B. Network Device Admin C. Policy Admin D. Identity Admin Correct Answer: C

Which set of commands allows IPX inbound on all interfaces?

Which set of commands allows IPX inbound on all interfaces? A. ASA1(config)# access-list IPX-Allow ethertype permit ipx ASA1(config)# access-group IPX-Allow in interface global B. ASA1(config)# access-list IPX-Allow ethertype permit ipx

Which command enables static PAT for TCP port 25?

Which command enables static PAT for TCP port 25? A. nat (outside,inside) static 209.165.201.3 209.165.201.226 eq smtp B. nat static 209.165.201.3 eq smtp C. nat (inside,outside) static 209.165.201.3 service tcp

Which command is useful when troubleshooting AAA Authentication between a Cisco router and the AAA server?

Which command is useful when troubleshooting AAA Authentication between a Cisco router and the AAA server? A. test aaa-server test cisco cisco123 all new-code B. test aaa group7 tacacs+ auth

Which ISE CLI option would help mitigate this issue?

In a multi-node ISE deployment, backups are not working on the MnT node. Which ISE CLI option would help mitigate this issue? A. repository B. ftp-url C. application-bundle D. collector

Which command can check a AAA server authentication for server group Group1, user cisco, and password cisco555 on a Cisco ASA device?

Which command can check a AAA server authentication for server group Group1, user cisco, and password cisco555 on a Cisco ASA device? A. ASA# test aaa-server authentication Group1 username cisco

Which statement about system time and NTP server configuration with Cisco ISE is true?

Which statement about system time and NTP server configuration with Cisco ISE is true? A. The system time and NTP server settings can be configured centrally on the Cisco ISE.

Which two are characteristics of GETVPN?

Which two are characteristics of GETVPN? (Choose two.) A. The IP header of the encrypted packet is preserved B. A key server is elected among all configured Group Members C.

Which two are valid configuration constructs on a Cisco IOS router?

A company has decided to migrate an existing IKEv1 VPN tunnel to IKEv2. Which two are valid configuration constructs on a Cisco IOS router? (Choose two.) A. crypto ikev2 keyring

Which four activities does the Key Server perform in a GETVPN deployment?

Which four activities does the Key Server perform in a GETVPN deployment? (Choose four.) A. authenticates group members B. manages security policy C. creates group keys D. distributes policy/keys E.