QUESTION 41
A user misplaces a personal phone and wants to blacklist the device from accessing the company network. The company uses Cisco ISE for corporate and BYOD device authentication. Which action must the user take in Cisco ISE?
A. Sign in to the My Devices portal and mark the device as Lost.
B. Sign in to the BYOD portal and mark the device as Irrecoverable.
C. Sign in to the My Devices portal and mark the device as Irrecoverable.
D. Sign in to the BYOD portal and mark the device as Lost.
Correct Answer: A
QUESTION 42
On which port does Cisco ISE present the Admin certificate for posture and client provisioning?
A. TCP/8000
B. TCP/8080
C. TCP/8905
D. TCP/8999
Correct Answer: C
QUESTION 43
An administrator must provide network access to legacy Windows endpoints with a specific device type and operating system version using Cisco ISE profiler services. The ISE profiler services and access switches must be configured to identify endpoints using the dhcp-class-identifier and parameters-request-list attributes from the DHCP traffic. These configurations were performed:
1. enabled the DHCP probe in Cisco ISE
2. configured the Cisco ISE PSN interface to receive DHCP packets
3. configured the attributes in custom profiling conditions
4. configured a custom profiling policy
5. configured an authorization rule with permit access
Which action completes the configuration?
A. Enable the DHCP SPAN probe in Cisco ISE primary server.
B. Configure the switches to send copies of the DHCP traffic to the Cisco ISE PSN.
C. Configure the Cisco ISE PSN interface to receive SPAN DHCP traffic.
D. Configure the switches to relay DHCP packets to the Cisco ISE PSN.
Correct Answer: D
QUESTION 44
An engineer is deploying a new Cisco ISE environment for a company. The company wants the deployment to use TACACS+. The engineer verifies that Cisco ISE has a Device Administration license. What must be configured to enable TACACS+ operations?
A. Device Administration Deployment settings
B. Device Administration Work Center
C. Device Admin service
D. Device Admin Policy Sets settings
Correct Answer: C
QUESTION 45
An engineer is deploying a new guest WLAN for a company. The company wants this WLAN to use a sponsored guest portal for secure guest access. The wireless LAN controller must direct the guests to a web page on Cisco ISE for authentication. Which type of authentication must be configured for the guest portal in Cisco ISE?
A. web portal
B. CWA
C. DWA
D. EWA
Correct Answer: B
QUESTION 46
Which action must be taken before configuring the Secure Client Agent profile when creating the Secure Client configuration for ISE posture services?
A. Create a posture remediation condition policy for the Agent profile.
B. Configure the posture policy for Secure Client posturing module.
C. Create a posture condition that references the Secure Client package.
D. Upload the Secure Client packages and the Secure Client compliance modules.
Correct Answer: D
QUESTION 47
What is an advantage of TACACS+ versus RADIUS authentication when reviewing reports in Cisco ISE?
A. TACACS+ reduces authentication latency, and RADIUS increases latency by adding additional packet headers.
B. TACACS+ provides command accounting, and RADIUS combines authentication and authorization.
C. TACACS+ performs secure communication with IPsec, and RADIUS uses DTLS encryption.
D. TACACS+ uses SSL certificates, and RADIUS does not have encryption.
Correct Answer: B
QUESTION 48
Which two responses from the RADIUS server to NAS are valid during the authentication process? (Choose two)
A. access-response
B. access-request
C. access-reserved
D. access-accept
E. access-challenge
Correct Answer: DE
QUESTION 49
An administrator must configure Cisco ISE to send CoA requests to a Cisco switch using SNMP. These configurations were already performed:
1. enabled SNMP on the switch
2. added the switch to Cisco ISE configured a network device profile
3. configured the NAD port detection method
4. configured the operation to be performed on the switch port
5. configured an authorization profile
Which two configurations must be performed to send the CoA requests? (Choose two.)
A. Configure the SNMP server in Cisco ISE.
B. Configure the switch SNMP settings of the NAD.
C. Select the CoA type as SNMP in the network device profile.
D. Configure a network device group.
E. Configure SNMP authentication in Cisco ISE.
Correct Answer: BC
QUESTION 50
An administrator must authenticate Cisco Secure Client users using a secure token against an LDAP server to grant wireless network access in a Cisco ISE deployment. These configurations have been performed:
1. configured Microsoft Active Directory as an external identity source
2. created an authentication policy
3. created an authorization policy
The administrator must create a Secure Client profile to complete the configuration. Which protocol must be implemented on the policy by the administrator?
A. MS-CHAPv2
B. LEAP
C. EAP-GTC
D. EAP-MD5
Correct Answer: C
QUESTION 51
What is used by the CA to issue a certificate to an endpoint?
A. device unique identifier
B. certificate provisioning portal
C. device network address
D. certificate template
Correct Answer: D
QUESTION 52
Which media type must be used for zero-touch provisioning on a Cisco ISE hardware appliance?
A. virtual media
B. network
C. CDDVD
D. USB
Correct Answer: B
QUESTION 53
Which service must be configured on Cisco ISE to authenticate a network endpoint by gathering endpoint information dynamically?
A. BYOD provisioning
B. posture
C. 802.1X
D. Profiling
Correct Answer: D
QUESTION 54
A company is deploying new Cisco switches on a local network. The network engineer must configure TACACS+ between the switches and Cisco ISE. What configuration value is mandatory on the switch and Cisco ISE?
A. Key Encryption Key
B. CoA Port
C. Shared Secret
D. Authentication Profile
Correct Answer: C
QUESTION 55
An engineer must change the message that appears when a device is added to blocklist in Cisco ISE. The new message needs to contain static and dynamic content. These configurations have been performed already:
1. Configure the certificates used by the portal.
2. Edit the Device Portal Management setting and the Blocklist Portal settings.
3. Configure the certificate group tag and display language.
Which configuration action must be taken next in Cisco ISE?
A. Enable Portal Customization with HTML.
B. Enable Portal Customization with HTML and JavaScript.
C. Edit the Portal Page Customization settings.
D. Edit the Optional content area.
Correct Answer: B
QUESTION 56
A network engineer is in the predeployment discovery phase of a Cisco ISE deployment and must discover the network. There is an existing network management system for network monitoring. Which type of probe must be configured to gather the information?
A. NMAP
B. RADIUS
C. SNMP
D. NetFlow
Correct Answer: C
QUESTION 57
An administrator must change the authentication method from local accounts to SAML for wireless guest users in a Cisco ISE deployment. Using the SAML protocol, the guest portal must be configured to authenticate employees with an external identity provider server. These configurations were performed:
1. created a secondary self-registered guest portal for SAML integration
2. created a primary guest portal for wireless guest users
3. configured all the required settings on the SAML identity provider server
4. imported IdP metadata to the Cisco ISE SAML identity provider profile
Which two actions must be taken? (Choose two.)
A. Configure the SAML identity provider in authentication method for the secondary guest portal.
B. Create employee accounts in the Sponsor portal.
C. Create a SAML identity provider in ISE.
D. Configure the Sponsor portal.
E. Configure the SAML identity provider in authentication method for the primary guest portal.
Correct Answer: CE
QUESTION 58
An engineer is performing a bulk import of printer endpoints into a Cisco ISE local database by using LDAP. Which LDAP field must be configured to ensure that devices are not profiled as Unknown?
A. MAC Address objectClass
B. MAC Address Profile Class
C. Profile Attribute Name
D. Device Profile Name
Correct Answer: A
QUESTION 59
An engineer must create and sign a new certificate for all the portals in a Cisco ISE environment of a company. The company reports that wildcard certificates are blocked in the environment. Which action must the engineer take before signing the certificate?
A. Create a DNS AAAA record for the FQDN of the Cisco ISE Administration node.
B. Add the FQDN of each portal to the SAN field in the CSR.
C. Add the FQDN of each portal to the CN field in the CSR.
D. Create a DNS AAAA record for the FQDN of the Cisco ISE Monitoring node.
Correct Answer: B
QUESTION 60
An engineer must deploy device administration using Cisco ISE. Each department requires its own groups and privileges within Cisco ISE, and some departments only need access to specific devices. The engineer enables the device administration service and creates user identity groups. What must the engineer configure next on the network devices?
A. TACACS authentication settings
B. RADIUS authentication settings
C. advanced TrustSec settings
D. SNMP settings
Correct Answer: A
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.