Get Full Version of the Exam Question No.121When RADIUS NAC and AAA Override are enabled for a WLC on a Cisco ISE, which two statements about RADIUS NAC are true? (Choose two.)It returns an access-accept and sends the redirection URL for all users.It establishes secure connectivity between the RADIUS server and the Cisco ISE.It allows the Cisco ISE to send a CoA request that indicates when the user is authenticated.It is used for posture assessment, so the Read more [...]
Get Full Version of the Exam Question No.111Which RADIUS attribute can be used to dynamically assign the Inactivity active timer for MAB users from the Cisco ISE node?radius-server timeoutidle-timeout attributesession-timeout attributetermination-action attributeCorrect Answer: BExplanation: services/config_guide_c17-663759.htmlWhen the inactivity timer is enabled, Read more [...]
Get Full Version of the Exam Question No.101Which method does Cisco prefer to securely deploy guest wireless access in a BYOD implementation?deploying a dedicated Wireless LAN Controller in a DMZconfiguring a guest SSID with WPA2 Enterprise authenticationconfiguring guest wireless users to obtain DHCP centrally from the corporate DHCP serverdisabling guest SSID broadcastingCorrect Answer: A Question No.102Which statement about a distributed Cisco ISE deployment Read more [...]
Get Full Version of the Exam Question No.91Which two statements about MAB are true? (Choose two.)It requires a preexisting database of the MAC addresses of permitted devices.It is unable to control network access at the edge.If MAB fails, the device is unable to fall back to another authentication method.It is unable to link the IP and MAC addresses of a device.It is unable to authenticate individual users.Correct Answer: AE Question No.92Which 802.1x command Read more [...]
Get Full Version of the Exam Question No.81What EAP method supports mutual certificate-based authentication?EAP-TTLSEAP-MSCHAPEAP-TLSEAP-MD5Correct Answer: C Question No.82Which five portals are provided by PSN? (Choose five.)guestsponsormy devicesblacklistclient provisioningadminmonitoring and troubleshootingCorrect Answer: ABCDE Question No.83How many bits are in a security group tag?A.64B.8C.16D.32Correct Answer: C Question No.84Which debug command on a Read more [...]
Get Full Version of the Exam Question No.71Which port does Cisco ISE use for native supplicant provisioning of a Windows machine?TCP 8443TCP/UDP 8905TCP/UDP 8909TCP 443 Correct Answer: C Explanation:8909: web, cisco nac agent, supplicant provisioning wizard installation 8905: Cisco NAC agent update Question No.72What user rights does an account need to join ISE to a Microsoft Active Directory domain?Create and Delete Computer ObjectsDomain AdminJoin and Leave Read more [...]
Get Full Version of the Exam Question No.61Which two are best practices to implement profiling services in a distributed environment? (Choose two)use of device sensor featureconfiguration to send syslogs to the appropriate profiler nodenetflow probes enabled on central nodesnode-specific probe configurationglobal enablement of the profiler serviceCorrect Answer: BDExplanation: Read more [...]
Get Full Version of the Exam Question No.51What attribute could be obtained from the SNMP query probe?FQDNCDPDHCP class identifierUser agentCorrect Answer: B Question No.52Which operating system type needs access to the Internet to download the application that is required for BYOD on-boarding?iOSOSXAndroidWindowsCorrect Answer: C Question No.53Which set of commands allows IPX inbound on all interfaces?ASA1(config)# access-list IPX-Allow ethertype permit ipx Read more [...]
Get Full Version of the Exam Question No.41What is a required step when you deploy dynamic VLAN and ACL assignments?Configure the VLAN assignment.Configure the ACL assignment.Configure Cisco IOS Software 802.1X authenticator authorization.Configure the Cisco IOS Software switch for ACL assignment.Correct Answer: C Question No.42Which type of remediation does Windows Server Update Services provide?automatic remediationadministrator-initiated remediationredirect Read more [...]
Get Full Version of the Exam Question No.31How many days does Cisco ISE wait before it purges a session from the active session list if no RADIUS Accounting STOP message is received?A.1B.5C.10D.15Correct Answer: B Question No.32Which ISE feature is used to facilitate a BYOD deployment?self-service personal device registration and onboardingGuest Service Sponsor PortalLocal Web AuthGuest Identity Source SequenceCorrect Answer: A Question No.33Which three are Read more [...]
Get Full Version of the Exam Question No.21When you select Centralized Web Auth in the ISE Authorization Profile, which component hosts the web authentication portal?the endpointsthe WLCthe access pointthe switchISECorrect Answer: E Question No.22Which feature must you configure on a switch to allow it to redirect wired endpoints to Cisco ISE?the http secure-server commandRADIUS Attribute 29the RADIUS VSA for accountingthe RADIUS VSA for URL-REDIRECTCorrect Read more [...]