Which two fields are available when creating an endpoint on the context visibility page of Cisco IS? (Choose two )
A.
Policy Assignment
B.
Endpoint Family
C.
Identity Group Assignment
D.
Security Group Tag
E.
IP Address
Policy Assignment
Identity Group Assignment
Which term refers to an endpoint agent that tries to join an 802 1X-enabled network?
A.
EAP server
B.
supplicant
C.
client
D.
authenticator
authenticator
Which permission is common to the Active Directory Join and Leave operations?
A.
Create a Cisco ISE machine account in the domain if the machine account does not already exist
B.
Remove the Cisco ISE machine account from the domain.
C.
Set attributes on the Cisco ISE machine account
D.
Search Active Directory to see if a Cisco ISE machine account already ex.sts.
Search Active Directory to see if a Cisco ISE machine account already ex.sts.
In which two ways can users and endpoints be classified for TrustSec?
(Choose Two.)
A.
VLAN
B.
SXP
C.
dynamic
D.
QoS
E.
SGACL
VLAN
SGACL
What are two components of the posture requirement when configuring Cisco ISE posture? (Choose two)
A.
updates
B.
remediation actions
C.
Client Provisioning portal
D.
conditions
E.
access policy
remediation actions
conditions
What is a method for transporting security group tags throughout the network?
A.
by enabling 802.1AE on every network device
B.
by the Security Group Tag Exchange Protocol
C.
by embedding the security group tag in the IP header
D.
by embedding the security group tag in the 802.1Q header
by the Security Group Tag Exchange Protocol
What is a characteristic of the UDP protocol?
A.
UDP can detect when a server is down
B.
UDP offers best-effort delivery
C.
UDP can detect when a server is slow
D.
UDP offers information about a non-existent server
UDP offers best-effort delivery
Which statement about configuring certificates for BYOD is true?
A.
An Android endpoint uses EST, whereas other operating systems use SCEP for enrollment
B.
The SAN field is populated with the end user name.
C.
An endpoint certificate is mandatory for the Cisco ISE BYOD
D.
The CN field is populated with the endpoint host name
An endpoint certificate is mandatory for the Cisco ISE BYOD
Which port does Cisco ISE use for native supplicant provisioning of a Windows laptop?
A.
TCP 8909
B.
TCP 8905
C.
UDP 1812
D.
TCP 443
TCP 8909
Which two task types are included in the Cisco ISE common tasks support for TACACS+ profiles?
(Choose two.)
A.
Firepower
B.
WLC
C.
IOS
D.
ASA
E.
Shell
WLC
Shell
TACACS+ ProfileTACACS+ profiles control the initial login session of the device administrator. A session refers to each individual authentication, authorization, or accounting request. A session authorization request to a network device elicits an ISE response. The response includes a token that is interpreted by the network device, which limits the commands that may be executed for the duration of a session. The authorization policy for a device administration access service can contain a single shell profile and multiple command sets. The TACACS+ profile definitions are split into two components:
✑ Common tasks ✑ Custom attributes
There are two views in the TACACS+ Profiles page (Work Centers > Device Administration
> Policy Elements > Results > TACACS Profiles)—Task Attribute View and Raw View. Common tasks can be entered using the Task Attribute View and custom attributes can be created in the Task Attribute View as well as the Raw View.
The Common Tasks section allows you to select and configure the frequently used attributes for a profile. The attributes that are included here are those defined by the TACACS+ protocol draft specifications. However, the values can be used in the authorization of requests from other services. In the Task Attribute View, the ISE administrator can set the privileges that will be assigned to the device administrator. The common task types are:
✑ Shell ✑ WLC ✑ Nexus ✑ Generic
The Custom Attributes section allows you to configure additional attributes. It provides a list of attributes that are not recognized by the Common Tasks section. Each definition consists of the attribute name, an indication of whether the attribute is mandatory or optional, and the value for the attribute. In the Raw View, you can enter the mandatory attributes using a equal to (=) sign between the attribute name and its value and optional attributes are entered using an asterisk (*) between the attribute name and its value. The attributes entered in the Raw View are reflected in the Custom Attributes section in the Task Attribute View and vice versa. The Raw View is also used to copy paste the attribute list (for example, another product's attribute list) from the clipboard onto ISE. Custom attributes can be defined for nonshell services.
Which interface-level command is needed to turn on 802 1X authentication?
A.
Dofl1x pae authenticator
B.
dot1x system-auth-control
C.
authentication host-mode single-host
D.
aaa server radius dynamic-author
Dofl1x pae authenticator
What service can be enabled on the Cisco ISE node to identity the types of devices connecting to a network?
A.
MAB
B.
profiling
C.
posture
D.
central web authentication
profiling
| Page 2 out of 20 Pages |
| Previous |