Q1. A network administrator must enable which protocol extension to utilize EAP-Chaining? 

A. EAP-FAST 

B. EAP-TLS 

C. MSCHAPv2 

D. PEAP 

View Answer

Q2. What three changes require restarting the application service on an ISE node?.(Choose three.) 

A. Registering a node. 

B. Changing the primary node to standalone. 

C. Promoting the administration node. 

D. Installing the root CA certificate. 

E. Changing the guest portal default port settings. 

F. Adding a network access device. 

View Answer

Q3. You are troubleshooting wired 802.1X authentications and see the following error: "Authentication failed: 22040 Wrong password or invalid shared secret." What should you inspect to determine the problem? 

A. RADIUS shared secret 

B. Active Directory shared secret 

C. Identity source sequence 

D. TACACS+ shared secret 

E. Certificate authentication profile 

View Answer

Q4. In this simulation, you are task to examine the various authentication events using the ISE GUI. For example, you should see events like Authentication succeeded. Authentication failed and etc... 

Which two statements are correct regarding the event that occurred at 2014-05-07 00:16:55.393? (Choose two.) 

A. The failure reason was user entered the wrong username. 

B. The supplicant used the PAP authentication method. 

C. The username entered was it1. 

D. The user was authenticated against the Active Directory then also against the ISE interal user database and both fails. 

E. The NAS switch port where the user connected to has a MAC address of 44:03:A7:62:41:7F 

F. The user is being authenticated using 802.1X. 

G. The user failed the MAB. 

H. The supplicant stopped responding to ISE which caused the failure. 

View Answer

Q5. Which option is required for inline security group tag propagation? 

A. Cisco Secure Access Control System 

B. hardware support 

C. Security Group Tag Exchange Protocol (SXP) v4 

D. Cisco Identity Services Engine 

View Answer

Q6. Changes were made to the ISE server while troubleshooting, and now all wireless certificate authentications are failing. Logs indicate an EAP failure. What is the most likely cause of the problem? 

A. EAP-TLS is not checked in the Allowed Protocols list 

B. Certificate authentication profile is not configured in the Identity Store 

C. MS-CHAPv2-is not checked in the Allowed Protocols list 

D. Default rule denies all traffic 

E. Client root certificate is not included in the Certificate Store 

View Answer

Q7. A user is on a wired connection and the posture status is noncompliant. 

Which state will their EPS session be placed in? 

A. disconnected 

B. limited 

C. no access 

D. quarantined 

View Answer

Q8. Which action must an administrator take after joining a Cisco ISE deployment to an Active Directory domain? 

A. Choose an Active Directory user. 

B. Configure the management IP address. 

C. Configure replication. 

D. Choose an Active Directory group. 

View Answer

Q9. Security Group Access requires which three syslog messages to be sent to Cisco ISE? (Choose three.) 

A. IOS-7-PROXY_DROP 

B. AP-1-AUTH_PROXY_DOS_ATTACK 

C. MKA-2-MACDROP 

D. AUTHMGR-5-MACMOVE 

E. ASA-6-CONNECT_BUILT 

F. AP-1-AUTH_PROXY_FALLBACK_REQ 

View Answer

Q10. Which two statements about administrative access to the Cisco Secure ACS SE are true? (Choose two.) 

A. The Cisco Secure ACS SE supports command-line connections through a serial-port connection. 

B. For GUI access, an administrative GUI user must be created by using the add-guiadmin command. 

C. The Cisco Secure ACS SE supports command-line connections through an Ethernet interface. 

D. An ACL-based policy must be configured to allow administrative-user access. 

E. GUI access to the Cisco Secure ASC SE is not supported. 

View Answer