Q1. What is a required configuration step for an 802.1X capable switch to support dynamic 

VLAN and ACL assignments? 

A. Configure the VLAN assignment. 

B. Configure the ACL assignment. 

C. Configure 802.1X authenticator authorization. 

D. Configure port security on the switch port. 

View Answer

Q2. Which two options are valid for configuring IEEE 802.1AE MACSec between switches in a TrustSec network? (Choose two.) 

A. manually on links between supported switches 

B. in the Cisco Identity Services Engine 

C. in the global configuration of a TrustSec non-seed switch 

D. dynamically on links between supported switches 

E. in the Cisco Secure Access Control System 

F. in the global configuration of a TrustSec seed switch 

View Answer

Q3. Which two conditions are valid when configuring ISE for posturing? (Choose two.) 

A. Dictionary 

B. member Of 

C. Profile status 

D. File 

E. Service 

View Answer

Q4. In the command 'aaa authentication default group tacacs local', how is the word 'default' defined? 

A. Command set 

B. Group name 

C. Method list 

D. Login type 

View Answer

Q5. Wireless client supplicants attempting to authenticate to a wireless network are generating excessive log messages. Which three WLC authentication settings should be disabled? (Choose three.) 

A. RADIUS Server Timeout 

B. RADIUS Aggressive-Failover 

C. Idle Timer 

D. Session Timeout 

E. Client Exclusion 

F. Roaming 

View Answer

Q6. What attribute could be obtained from the SNMP query probe? 

A. FQDN 

B. CDP 

C. DHCP class identifier 

D. User agent 

View Answer

Q7. Cisco ISE distributed deployments support which three features? (Choose three.) 

A. global implementation of the profiler service CoA 

B. global implementation of the profiler service in Cisco ISE 

C. configuration to send system logs to the appropriate profiler node 

D. node-specific probe configuration 

E. server-specific probe configuration 

F. NetFlow probes 

View Answer

Q8. Where would a Cisco ISE administrator define a named ACL to use in an authorization policy? 

A. In the conditions of an authorization rule. 

B. In the attributes of an authorization rule. 

C. In the permissions of an authorization rule. 

D. In an authorization profile associated with an authorization rule. 

View Answer

Q9. Which two Cisco Catalyst switch interface commands allow only a single voice device and a single data device to be connected to the IEEE 802.1X-enabled interface? (Choose two.) 

A. authentication host-mode single-host 

B. authentication host-mode multi-domain 

C. authentication host-mode multi-host 

D. authentication host-mode multi-auth 

View Answer

Q10. An organization has recently deployed ISE with the latest models of Cisco switches, and it plans to deploy Trustsec to secure its infrastructure. The company also wants to allow different network access policies for different user groups (e.g., administrators). Which solution is needed to achieve these goals? 

A. Cisco Security Group Access Policies in order to use SGACLs to control access based on SGTs assigned to different users 

B. MACsec in Multiple-Host Mode in order to open or close a port based on a single authentication 

C. Identity-based ACLs on the switches with user identities provided by ISE 

D. Cisco Threat Defense for user group control by leveraging Netflow exported from the switches and login information from ISE 

View Answer