What does the dot1x system-auth-control command do?
A.
causes a network access switch not to track 802.1x sessions
B.
globally enables 802.1x
C.
enables 802.1x on a network access device interface
D.
causes a network access switch to track 802.1x sessions
globally enables 802.1x
What are two requirements of generating a single signing in Cisco ISE by using a certificate provisioning portal, without generating a certificate request? (Choose two )
A.
Location the CSV file for the device MAC
B.
Select the certificate template
C.
Choose the hashing method
D.
Enter the common name
E.
Enter the IP address of the device
Select the certificate template
Enter the common name
What is a valid guest portal type?
A.
Sponsored-Guest
B.
My Devices
C.
Sponsor
D.
Captive-Guest
Sponsored-Guest
What occurs when a Cisco ISE distributed deployment has two nodes and the secondary node is deregistered?
A.
The primary node restarts
B.
The secondary node restarts.
C.
The primary node becomes standalone
D.
Both nodes restart
Both nodes restart
https://www.cisco.com/c/en/us/td/docs/security/ise/1-1-1/installation_guide/ise_install_guide/ise_deploy.html
if your deployment has two nodes and you deregister the secondary node, both nodes in this primary-secondary pair are restarted. (The former primary and secondary nodes become standalone.)
What allows an endpoint to obtain a digital certificate from Cisco ISE during a BYOD flow?
A.
Network Access Control
B.
My Devices Portal
C.
Application Visibility and Control
D.
Supplicant Provisioning Wizard
My Devices Portal
Which use case validates a change of authorization?
A.
An authenticated, wired EAP-capable endpoint is discovered
B.
An endpoint profiling policy is changed for authorization policy
C.
An endpoint that is disconnected from the network is discovered
D.
Endpoints are created through device registration for the guests
An endpoint profiling policy is changed for authorization policy
When configuring Active Directory groups, what does the Cisco ISE use to resolve ambiguous group names?
A.
MIB
B.
TGT
C.
OMAB
D.
SID
SID
What is the minimum certainty factor when creating a profiler policy?
A.
the minimum number that a predefined condition provides
B.
the maximum number that a predefined condition provides
C.
the minimum number that a device certainty factor must reach to become a member of the profile
D.
the maximum number that a device certainty factor must reach to become a member of the profile
the minimum number that a device certainty factor must reach to become a member of the profile
What gives Cisco ISE an option to scan endpoints for vulnerabilities?
A.
authorization policy
B.
authentication policy
C.
authentication profile
D.
authorization profile
authorization policy
What is a requirement for Feed Service to work?
A.
TCP port 3080 must be opened between Cisco ISE and the feed server
B.
Cisco ISE has a base license
C.
Cisco ISE has access to an internal server to download feed update
D.
Cisco ISE has Internet access to download feed update
Cisco ISE has access to an internal server to download feed update
Which two values are compared by the binary comparison (unction in authentication that is based on Active Directory?
A.
subject alternative name and the common name
B.
MS-CHAPv2 provided machine credentials and credentials stored in Active Directory
C.
user-presented password hash and a hash stored in Active Directory
D.
user-presented certificate and a certificate stored in Active Directory
subject alternative name and the common name
MS-CHAPv2 provided machine credentials and credentials stored in Active Directory
Basic certificate checking does not require an identity source. If you want binary comparison checking for the certificates, you must select an identity source. If you select Active Directory as an identity source, subject and common name and subject alternative
name (all values) can be used to look up a user.
https://www.cisco.com/c/en/us/td/docs/security/ise/1-
3/admin_guide/b_ise_admin_guide_13/ b_ise_admin_guide_sample_chapter_01110.html
Which two default endpoint identity groups does cisco ISE create? (Choose three )
A.
Unknown
B.
whitelist
C.
end point
D.
profiled
E.
blacklist
Unknown
profiled
blacklist
Default Endpoint Identity Groups Created for EndpointsCisco ISE creates the following five endpoint identity groups by default: Blacklist, GuestEndpoints, Profiled, RegisteredDevices, and Unknown. In addition, it creates two more identity groups, such as Cisco-IP-Phone and Workstation, which are associated to the Profiled (parent) identity group. A parent group is the default identity group that exists in the system.
https://www.cisco.com/c/en/us/td/docs/security/ise/2-
4/admin_guide/b_ise_admin_guide_24/b_ise_admin_guide_24_new_chapter_010101.html #ID1678
| Page 4 out of 20 Pages |
| Previous |