NEW QUESTION 1
What are two components of the posture requirement when configuring Cisco ISE posture? (Choose two.)

• A. Client Provisioning portal
• B. remediation actions
• C. updates
• D. access policy
• E. conditions

Answer: BE

NEW QUESTION 2
What is the minimum certainty factor when creating a profiler policy?

• A. the minimum number that a predefined condition provides
• B. the maximum number that a predefined condition provides
• C. the minimum number that a device certainty factor must reach to become a member of the profile
• D. the maximum number that a device certainty factor must reach to become a member of the profile

Answer: C

NEW QUESTION 3
What is a method for transporting security group tags throughout the network?

• A. by embedding the security group tag in the 802.1Q header
• B. by the Security Group Tag Exchange Protocol
• C. by enabling 802.1AE on every network device
• D. by embedding the security group tag in the IP header

Answer: B

NEW QUESTION 4
Which supplicant(s) and server(s) are capable of supporting EAP-CHAINING?

• A. Cisco Secure Services Client and Cisco Access Control Server
• B. Cisco AnyConnect NAM and Cisco Identity Service Engine
• C. Cisco AnyConnect NAM and Cisco Access Control Server
• D. Windows Native Supplicant and Cisco Identity Service Engine

Answer: B

Explanation:
Reference: https://www.cisco.com/c/en/us/support/docs/wireless-mobility/eap-fast/200322-Understanding-EAP-FAST-and-Chaining-imp.html

NEW QUESTION 5
Which term refers to an endpoint agent that tries to join an 802.1X- enabled network?

• A. EAP server
• B. authenticator
• C. supplicant
• D. client

Answer: C

NEW QUESTION 6
Which personas can a Cisco ISE node assume?

• A. policy service, gatekeeping, and monitoring
• B. administration, monitoring, and gatekeeping
• C. administration, policy service, and monitoring
• D. administration, policy service, gatekeeping

Answer: C

Explanation:
Reference: https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_dis_deploy.html

NEW QUESTION 7
How is policy services node redundancy achieved in a deployment?

• A. by creating a node group
• B. by deploying both primary and secondary node
• C. by enabling VIP
• D. by utilizing RADIUS server list on the NAD

Answer: B

NEW QUESTION 8
During BYOD flow, from where does a Microsoft Windows PC download the Network Setup Assistant?

• A. Microsoft App Store
• B. Cisco App Store
• C. Cisco ISE directly
• D. Native OTA functionality

Answer: C

Explanation:
Reference: https://ciscocustomer.lookbookhq.com/iseguidedjourney/BYOD-configuration

NEW QUESTION 9
Which two endpoint compliance statuses are possible? (Choose two.)

• A. compliant
• B. valid
• C. unknown
• D. known
• E. invalid

Answer: AC

NEW QUESTION 10
What are two benefits of TACACS+ versus RADIUS for device administration? (Choose two.)

• A. TACACS+ has command authorization, and RADIUS does not.
• B. TACACS+ uses UDP, and RADIUS uses TCP.
• C. TACACS+ supports 802.1X, and RADIUS supports MAB.
• D. TACACS+ provides the service type, and RADIUS does not.
• E. TACACS+ encrypts the whole payload, and RADIUS encrypts only the password.

Answer: AE

NEW QUESTION 11
What sends the redirect ACL that is configured in the authorization profile back to the Cisco WLC?

• A. State attribute
• B. Class attribute
• C. Event
• D. Cisco-av-pair

Answer: D

Explanation:
Reference: https://community.cisco.com/t5/network-access-control/ise-airespace-acl-wlc-problem/td-p/2110491

NEW QUESTION 12
Which Cisco ISE service allows an engineer to check the compliance of endpoints before connecting to the network?

• A. qualys
• B. posture
• C. personas
• D. nexpose

Answer: B

NEW QUESTION 13
A user reports that the RADIUS accounting packets are not being seen on the Cisco ISE server. Which command is the user missing in the switch’s configuration?

• A. aaa accounting resource default start-stop group radius
• B. radius-server vsa send accounting
• C. aaa accounting network default start-stop group radius
• D. aaa accounting exec default start-stop group radius

Answer: B

Explanation:
Reference: https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_sw_cnfg.pdf

NEW QUESTION 14
What gives Cisco ISE an option to scan endpoints for vulnerabilities?

• A. authentication policy
• B. authorization profile
• C. authentication profile
• D. authorization policy

Answer: B

Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/admin_guide/b_ise_admin_guide_22/b_ise_admin_guide_22_chapter_010100.html

NEW QUESTION 15
Which command displays all 802.1X/MAB sessions that are active on the switch ports of a Cisco Catalyst switch?

• A. show authentication sessions interface Gi1/0/x output
• B. show authentication sessions
• C. show authentication sessions output
• D. show authentication sessions interface Gi 1/0/x

Answer: D

Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/s1/sec-s1-xe-3se-3850-cr-book/sec-s1-xe-3se-3850-cr-book_chapter_01.html#wp3404908137

NEW QUESTION 16
Refer to the exhibit.

Which command is typed within the CLI of a switch to view the troubleshooting output?

• A. show authentication sessions mac 000e.84af.59af details
• B. show authentication registrations
• C. show authentication interface gigabitethernet2/0/36
• D. show authentication sessions method

Answer: A

NEW QUESTION 17
Which two features are available when the primary admin node is down and the secondary admin node has not been promoted? (Choose two.)

• A. new AD user 802.1X authentication
• B. hotspot
• C. posture
• D. guest AUP
• E. BYOD

Answer: BD

NEW QUESTION 18
What is a requirement for Feed Service to work?

• A. TCP port 8080 must be opened between Cisco ISE and the feed server.
• B. Cisco ISE has access to an internal server to download feed update.
• C. Cisco ISE has a base license.
• D. Cisco ISE has Internet access to download feed update.

Answer: B

NEW QUESTION 19
When configuring Active Directory groups, what does the Cisco ISE use to resolve ambiguous group names?

• A. MIB
• B. SID
• C. MAB
• D. TGT

Answer: B

Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/ise/2-0/ise_active_directory_integration/b_ISE_AD_integration_2x.html

NEW QUESTION 20
What must be configured on the Cisco ISE authentication policy for unknown MAC addresses/identities for successful authentication?

• A. continue
• B. pass
• C. drop
• D. reject

Answer: A

NEW QUESTION 21
Which configuration is required in the Cisco ISE authentication policy to allow Central Web Authentication?

• A. MAB and if user not found, continue
• B. MAB and if authentication failed, continue
• C. Dot1x and if authentication failed, continue
• D. Dot1x and if user not found, continue

Answer: A

NEW QUESTION 22
What is a characteristic of the UDP protocol?

• A. UDP can detect when a server is down.
• B. UDP can detect when a server is slow.
• C. UDP offers best-effort delivery.
• D. UDP offers information about a non-existent server.

Answer: C

NEW QUESTION 23
Which portal is used to customize the settings for a user to log in and download the compliance module?

• A. Client Provisioning
• B. Client Endpoint
• C. Client Profiling
• D. Client Guest

Answer: A

NEW QUESTION 24
What occurs when a Cisco ISE distributed deployment has two nodes and the secondary node is deregistered?

• A. The secondary node restarts.
• B. The primary node restarts.
• C. Both nodes restart.
• D. The primary node becomes standalone.

Answer: C

NEW QUESTION 25
......