Q1. Which Cisco ISE feature can differentiate a corporate endpoint from a personal device? 

A. EAP chaining 

B. PAC files 

C. authenticated in-band provisioning 

D. machine authentication 

View Answer

Q2. What is a required configuration step for an 802.1X capable switch to support dynamic 

VLAN and ACL assignments? 

A. Configure the VLAN assignment. 

B. Configure the ACL assignment. 

C. Configure 802.1X authenticator authorization. 

D. Configure port security on the switch port. 

View Answer

Q3. Where is client traffic decrypted in a controller-based wireless network protected with WPA2 Security? 

A. Access Point 

B. Switch 

C. Wireless LAN Controller 

D. Authentication Server 

View Answer

Q4. Refer to the exhibit. 

If the given configuration is applied to the object-group vpnservers, during which time period are external users able to connect? 

A. From Friday at 6:00 p.m. until Monday at 8:00 a.m. 

B. From Monday at 8:00 a.m. until Friday at 6:00 p.m. 

C. From Friday at 6:01 p.m. until Monday at 8:01 a.m. 

D. From Monday at 8:01 a.m. until Friday at 5:59 p.m. 

View Answer

Q5. Which three statements about the Cisco wireless IPS solution are true? (Choose three.) 

A. It enables stations to remain in power-save mode, except at specified intervals to receive data from the access point. 

B. It detects spoofed MAC addresses. 

C. It identifies potential RF jamming attacks. 

D. It protects against frame and device spoofing. 

E. It allows the WLC to failover because of congestion. 

View Answer

Q6. When you configure an endpoint profiling policy rule, which option describes the purpose of the minimum certainty factor? 

A. It is compared to the total certainty metric of an individual endpoint to determine whether the endpoint can be trusted. 

B. It is compared to the assigned certainty value of an individual endpoint in a device database to determine whether the endpoint can be trusted. 

C. It is used to compare the policy condition to other active policies. 

D. It is used to determine the likelihood that an endpoint is an active, trusted device on the network. 

View Answer

Q7. Certain endpoints are missing DHCP profiling data. 

Which option describes what can be used to determine if DHCP requests from clients are reaching Cisco ISE? 

A. output of show interface gigabitEthernet 0 from the CLI 

B. output of debug logging all 7 from the CLI 

C. output of show logging application profiler.log from the CLI 

D. the TCP dump diagnostic tool through the GUI 

E. the posture troubleshooting diagnostic tool through the GUI 

View Answer

Q8. Which three host modes support MACsec? (Choose three.) 

A. multidomain authentication host mode 

B. multihost mode 

C. multi-MAC host mode 

D. single-host mode 

E. dual-host mode 

F. multi-auth host mode 

View Answer

Q9. What is the function of the SGACL policy matrix on a Cisco TrustSec domain with SGT Assignment? 

A. It determines which access policy to apply to the endpoint. 

B. It determines which switches are trusted within the TrustSec domain. 

C. It determines the path the SGT of the packet takes when entering the Cisco TrustSec domain. 

D. It lists all servers that are permitted to participate in the TrustSec domain. 

E. It lists all hosts that are permitted to participate in the TrustSec domain. 

View Answer

Q10. Which three features should be enabled as best practices for MAB? (Choose three.) 

A. MD5 

B. IP source guard 

C. DHCP snooping 

D. storm control E. DAI 

F. URPF 

View Answer