EnsurepassQUESTION 141 Which feature enables the Cisco ISE DHCP profiling capabilities to determine and enforce authorization policies on mobile devices?   A. disabling the DHCP proxy option B. DHCP option 42 C. DHCP snooping D. DHCP spoofing   Correct Answer: A       QUESTION 142 Which three posture states can be used for authorization rules? (Choose three.)   A. unknown B. known C. noncompliant D. quarantined E. compliant F. no access Read more [...]
EnsurepassQUESTION 131 An administrator can leverage which attribute to assign privileges based on Microsoft Active Directory user groups?   A. member of B. group C. class D. person   Correct Answer: A     QUESTION 132 Which two authentication stores are supported to design a wireless network using PEAP EAP-MSCHAPv2 as the authentication method? (Choose two.)   A. Microsoft Active Directory B. ACS C. LDAP D. RSA Secure-ID E. Certificate Server Read more [...]
EnsurepassQUESTION 121 A network administrator must enable which protocol to utilize EAP-Chaining?   A. EAP-FAST B. EAP-TLS C. MSCHAPv2 D. PEAP   Correct Answer: A     QUESTION 122 During client provisioning on a Mac OS X system, the client system fails to renew its IP address. Which change can you make to the agent profile to correct the problem?   A. Enable the Agent IP Refresh feature. B. Enable the Enable VLAN Detect Without UI feature. C. Enable Read more [...]
EnsurepassQUESTION 111 Refer to the exhibit. The links outside the TrustSec area in the given SGA architecture are unprotected. On which two links does EAC take place? (Choose two.)     A. between switch 2 and switch 3 B. between switch 5 and host 2 C. between host 1 and switch 1 D. between the authentication server and switch 4 E. between switch 1 and switch 2< /span> F. between switch 1 and switch 5   Correct Answer: AB     QUESTION 112 When you select Read more [...]
EnsurepassQUESTION 101 Which two types of client provisioning resources are used for BYOD implementations? (Choose two.)   A. user agent B. Cisco NAC agent C. native supplicant profiles D. device sensor E. software provisioning wizards   Correct Answer: CE     QUESTION 102 Which operating system type needs access to the Internet to download the application that is required for BYOD on-boarding?   A. iOS B. OSX C. Android D. Windows   Correct Read more [...]
EnsurepassQUESTION 91 Which 802.1X command ignores Access-Reject during EAP authentication?   A. dot1x pae authenticator B. switchport mode access C. authentication port-control auto D. authentication open E. authentication host-mode multi-domain   Correct Answer: D     QUESTION 92 What implementation must be added to the WLC to enable 802.1X and CoA for wireless endpoints?   A. the ISE B. an ACL C. a router D. a policy server   Correct Read more [...]
EnsurepassQUESTION 81 What are two client-side requirements of the NAC Agent and NAC Web Agent installation? (Choose two.)   A. Administrator workstation rights B. Active Directory Domain membership C. Allowing of web browser activex installation D. WSUS service running   Correct Answer: AC     QUESTION 82 In AAA, what function does authentication perform?   A. It identifies the actions that the user can perform on the device. B. It identifies the user Read more [...]
EnsurepassQUESTION 71 What is a feature of Cisco WLC and IPS synchronization?   A. Cisco WLC populates the ACLs to prevent repeat intruder attacks. B. The IPS automatically send shuns to Cisco WLC for an active host block. C. Cisco WLC and IPS synchronization enables faster wireless access. D. IPS synchronization uses network access points to provide reliable monitoring.   Correct Answer: B     QUESTION 72 Which option describes the purpose of configuring Native Read more [...]
EnsurepassQUESTION 61 Which two Cisco ISE administration options are available in the Default Posture Status setting? (Choose two.)   A. Unknown B. Compliant C. FailOpen D. FailClose E. Noncompliant Correct Answer: BE   &nb sp; QUESTION 62 Which authorization method is the Cisco best practice to allow endpoints access to the Apple App store or Google Play store with Cisco WLC software version 7.6 or newer?   A. dACL B. DNS ACL C. DNS ACL defined in Cisco Read more [...]
EnsurepassQUESTION 51 When RADIUS NAC and AAA Override are enabled for a WLC on a Cisco ISE, which two statements about RADIUS NAC are true? (Choose two.)   A. It returns an access-accept and sends the redirection URL for all users. B. It establishes secure connectivity between the RADIUS server and the Cisco ISE. C. It allows the Cisco ISE to send a CoA request that indicates when the user is authenticated. D. It is used for posture assessment, so the Cisco ISE changes the user Read more [...]
EnsurepassQUESTION 41 Which error in a redirect ACL can cause the redirection of an endpoint to the provisioning portal to fail?   A. The redirect ACL is blocking access to ports 80 and 443. B. The redirect ACL is applied to an incorrect SVI. C. The redirect ACL is blocking access to the client provisioning portal. D. The redirect ACL is blocking access to Cisco ISE port 8905.   Correct Answer: A           QUESTION 42 Which statement about Cisco Management Read more [...]
EnsurepassQUESTION 31 Which command in the My Devices Portal can restore a previously lost device to the network?   A. Reset B. Found C. Reinstate D. Request   Correct Answer: C     QUESTION 32 A network administrator must enable which protocol extension to utilize EAP-Chaining?   A. EAP-FAST B. EAP-TLS C. MSCHAPv2 D. PEAP   Correct Answer: A     QUESTION 33 Which default identity source is used by the MyDevices_Portal_Sequence identity Read more [...]
EnsurepassQUESTION 21 Which action must an administrator take after joining a Cisco ISE deployment to an Active Directory domain?   A. Choose an Active Directory user. B. Configure the management IP address. C. Configure replication. D. Choose an Active Directory group.   Correct Answer: D QUESTION 22 A properly configured Cisco ISE Policy Service node is not receiving any profile data from a Cisco switch that runs Device Sensor. Which option is the most likely reason for Read more [...]
EnsurepassQUESTION 11 Which time allowance is the minimum that can be configured for posture reassessment interval?   A. 5 minutes B. 20 minutes C. 60 minutes D. 90 minutes   Correct Answer: C     QUESTION 12 Which two services are included in the Cisco ISE posture service? (Choose two.)   A. posture administration B. posture run-time C. posture monitoring D. posture policing E. posture catalog   Correct Answer: AB     QUESTION Read more [...]
EnsurepassQUESTION 1 You enabled the guest session limit feature on the Cisco ISE. However, end users report that the same guest can log in from multiple devices simultaneously. Which configuration is missing on the network access device?   A. RADIUS authentication B. RADIUS accounting C. DHCP required D. AAA override   Correct Answer: B     QUESTION 2 You are installing Cisco ISE on nodes that will be used in a distributed deployment. After the initial bootstrap Read more [...]