EnsurepassQUESTION 141 Which feature enables the Cisco ISE DHCP profiling capabilities to determine and enforce authorization policies on mobile devices?   A. disabling the DHCP proxy option B. DHCP option 42 C. DHCP snooping D. DHCP spoofing   Correct Answer: A       QUESTION 142 Which three posture states can be used for authorization rules? (Choose three.)   A. unknown B. known C. noncompliant D. quarantined E. compliant F. no access Read more [...]
EnsurepassQUESTION 131 An administrator can leverage which attribute to assign privileges based on Microsoft Active Directory user groups?   A. member of B. group C. class D. person   Correct Answer: A     QUESTION 132 Which two authentication stores are supported to design a wireless network using PEAP EAP-MSCHAPv2 as the authentication method? (Choose two.)   A. Microsoft Active Directory B. ACS C. LDAP D. RSA Secure-ID E. Certificate Server Read more [...]
EnsurepassQUESTION 121 A network administrator must enable which protocol to utilize EAP-Chaining?   A. EAP-FAST B. EAP-TLS C. MSCHAPv2 D. PEAP   Correct Answer: A     QUESTION 122 During client provisioning on a Mac OS X system, the client system fails to renew its IP address. Which change can you make to the agent profile to correct the problem?   A. Enable the Agent IP Refresh feature. B. Enable the Enable VLAN Detect Without UI feature. C. Enable Read more [...]
EnsurepassQUESTION 111 Refer to the exhibit. The links outside the TrustSec area in the given SGA architecture are unprotected. On which two links does EAC take place? (Choose two.)     A. between switch 2 and switch 3 B. between switch 5 and host 2 C. between host 1 and switch 1 D. between the authentication server and switch 4 E. between switch 1 and switch 2< /span> F. between switch 1 and switch 5   Correct Answer: AB     QUESTION 112 When you select Read more [...]
EnsurepassQUESTION 101 Which two types of client provisioning resources are used for BYOD implementations? (Choose two.)   A. user agent B. Cisco NAC agent C. native supplicant profiles D. device sensor E. software provisioning wizards   Correct Answer: CE     QUESTION 102 Which operating system type needs access to the Internet to download the application that is required for BYOD on-boarding?   A. iOS B. OSX C. Android D. Windows   Correct Read more [...]
EnsurepassQUESTION 91 Which 802.1X command ignores Access-Reject during EAP authentication?   A. dot1x pae authenticator B. switchport mode access C. authentication port-control auto D. authentication open E. authentication host-mode multi-domain   Correct Answer: D     QUESTION 92 What implementation must be added to the WLC to enable 802.1X and CoA for wireless endpoints?   A. the ISE B. an ACL C. a router D. a policy server   Correct Read more [...]
EnsurepassQUESTION 81 What are two client-side requirements of the NAC Agent and NAC Web Agent installation? (Choose two.)   A. Administrator workstation rights B. Active Directory Domain membership C. Allowing of web browser activex installation D. WSUS service running   Correct Answer: AC     QUESTION 82 In AAA, what function does authentication perform?   A. It identifies the actions that the user can perform on the device. B. It identifies the user Read more [...]
EnsurepassQUESTION 71 What is a feature of Cisco WLC and IPS synchronization?   A. Cisco WLC populates the ACLs to prevent repeat intruder attacks. B. The IPS automatically send shuns to Cisco WLC for an active host block. C. Cisco WLC and IPS synchronization enables faster wireless access. D. IPS synchronization uses network access points to provide reliable monitoring.   Correct Answer: B     QUESTION 72 Which option describes the purpose of configuring Native Read more [...]
EnsurepassQUESTION 61 Which two Cisco ISE administration options are available in the Default Posture Status setting? (Choose two.)   A. Unknown B. Compliant C. FailOpen D. FailClose E. Noncompliant Correct Answer: BE   &nb sp; QUESTION 62 Which authorization method is the Cisco best practice to allow endpoints access to the Apple App store or Google Play store with Cisco WLC software version 7.6 or newer?   A. dACL B. DNS ACL C. DNS ACL defined in Cisco Read more [...]
EnsurepassQUESTION 51 When RADIUS NAC and AAA Override are enabled for a WLC on a Cisco ISE, which two statements about RADIUS NAC are true? (Choose two.)   A. It returns an access-accept and sends the redirection URL for all users. B. It establishes secure connectivity between the RADIUS server and the Cisco ISE. C. It allows the Cisco ISE to send a CoA request that indicates when the user is authenticated. D. It is used for posture assessment, so the Cisco ISE changes the user Read more [...]