Q1. An organization has recently deployed ISE with the latest models of Cisco switches, and it plans to deploy Trustsec to secure its infrastructure. The company also wants to allow different network access policies for different user groups (e.g., administrators). Which solution is needed to achieve these goals? 

A. Cisco Security Group Access Policies in order to use SGACLs to control access based on SGTs assigned to different users 

B. MACsec in Multiple-Host Mode in order to open or close a port based on a single authentication 

C. Identity-based ACLs on the switches with user identities provided by ISE 

D. Cisco Threat Defense for user group control by leveraging Netflow exported from the switches and login information from ISE 

View Answer

Q2. Which error in a redirect ACL can cause the redirection of an endpoint to the provisioning portal to fail? 

A. The redirect ACL is blocking access to ports 80 and 443. 

B. The redirect ACL is applied to an incorrect SVI. 

C. The redirect ACL is blocking access to the client provisioning portal. 

D. The redirect ACL is blocking access to Cisco ISE port 8905. 

View Answer

Q3. You are installing Cisco ISE on nodes that will be used in a distributed deployment. After the initial bootstrap process, what state will the Cisco ISE nodes be in? 

A. Remote 

B. Policy service 

C. Administration 

D. Standalone 

View Answer

Q4. When you add a new PSN for guest access services, which two options must be enabled under deployment settings? (Choose two.) 

A. Admin 

B. Monitoring 

C. Policy Service 

D. Session Services 

E. Profiling 

View Answer

Q5. Which identity store option allows you to modify the directory services that run on TCP/IP? 

A. Lightweight Directory Access Protocol 

B. RSA SecurID server 

C. RADIUS 

D. Active Directory 

View Answer

Q6. In this simulation, you are task to examine the various authentication events using the ISE GUI. For example, you should see events like Authentication succeeded. Authentication failed and etc... 

Which four statements are correct regarding the event that occurred at 2014-05-07 00:19:07.004? (Choose four.) 

A. The IT_Corp authorization profile were applied. 

B. The it1 user was matched to the IT_Corp authorization policy. 

C. The it1 user supplicant used the PEAP (EAP-MSCHAPv2) authentication method. 

D. The it1 user was authenticated using MAB. 

E. The it1 user was successfully authenticated against AD1 identity store. 

F. The it1 user machine has been profiled as a Microsoft-Workstation. 

G. The it1 user machine has passed all the posture assessement tests. 

View Answer

Q7. Which two profile attributes can be collected by a Cisco Wireless LAN Controller that supports Device Sensor? (Choose two.) 

A. LLDP agent information 

B. user agent 

C. DHCP options 

D. open ports 

E. CDP agent information 

F. FQDN 

View Answer

Q8. In a split ACS deployment with primary and secondary servers, which three statements about AAA load handling are true? (Choose three.) 

A. During normal operations, each server processes the full workload of both servers. 

B. If a AAA connectivity problem occurs, the servers split the full load of authentication requests. 

C. If a AAA connectivity problem occurs, each server processes the full workload of both servers. 

D. During normal operations, the servers split the full load of authentication requests. 

E. During normal operations, each server is used for specific operations, such as device administration and network admission. 

F. The primary servers are used to distribute policy information to other servers in the enterprise. 

View Answer

Q9. Which protocol sends authentication and accounting in different requests? 

A. RADIUS 

B. TACACS+ 

C. EAP-Chaining 

D. PEAP 

E. EAP-TLS 

View Answer

Q10. Which three posture states can be used for authorization rules? (Choose three.) 

A. unknown 

B. known 

C. noncompliant 

D. quarantined 

E. compliant 

F. no access 

G. limited 

View Answer