An organization is implementing Cisco ISE posture services and must ensure that a hostbased
firewall is in place on every Windows and Mac computer that attempts to access the
network They have multiple vendors’ firewall applications for their devices, so the
engineers creating the policies are unable to use a specific application check in order to
validate the posture for this What should be done to enable this type of posture check?

A.

Use the file registry condition to ensure that the firewal is installed and running
appropriately.

B.

Use a compound condition to look for the Windows or Mac native firewall applications.

C.

Enable the default rewall condition to check for any vendor rewall application.

D.

Enable the default application condition to identify the applications installed and validade the rewall app.

An engineer is tasked with placing a guest access anchor controller in the DMZ. Which two ports or port sets must be opened up on the firewall to accomplish this task? (Choose two.)

A.

UDP port 1812 RADIUS

B.

TCP port 161

C.

TCP port 514

D.

UDP port 79

E.

UDP port 16666

An administrator is migrating device administration access to Cisco ISE from the legacy
TACACS+ solution that used only privilege 1 and 15 access levels. The organization
requires more granular controls of the privileges and wants to customize access levels 2-5
to correspond with different roles and access needs. Besides defining a new shell profile in
Cisco ISE. what must be done to accomplish this configuration?

A.

Enable the privilege levels in Cisco ISE

B.

Enable the privilege levels in the IOS devices.

C.

Define the command privileges for levels 2-5 in the IOS devices

D.

Define the command privileges for levels 2-5 in Cisco ISE

An engineer is implementing network access control using Cisco ISE and needs to separate the traffic based on the network device ID and use the IOS device sensor capability. Which probe must be used to accomplish this task?

A.

HTTP probe

B.

NetFlow probe

C.

network scan probe

D.

RADIUS probe

An administrator is adding a switch to a network that is running Cisco ISE and is only for IP Phones. The phones do not have the ability to auto switch port for authentication?

A.

enable bypass-MAC

B.

dot1x system-auth-control

C.

mab

D.

enable network-authentication

Which two actions occur when a Cisco ISE server device administrator logs in to a device? (Choose two)

A.

The device queries the internal identity store

B.

The Cisco ISE server queries the internal identity store

C.

The device queries the external identity store

D.

The Cisco ISE server queries the external identity store.

E.

The device queries the Cisco ISE authorization server

An engineer is configuring a virtual Cisco ISE deployment and needs each persona to be
on a different node. Which persona should be configured with the largest amount of
storage in this environment?

A.

policy Services

B.

Primary Administration

C.

Monitoring and Troubleshooting

D.

Platform Exchange Grid

An engineer is configuring a guest password policy and needs to ensure that the password
complexity requirements are set to mitigate brute force attacks. Which two requirement
complete this policy? (Choose two)

A.

minimum password length

B.

active username limit

C.

access code control

D.

gpassword expiration period

E.

username expiration date

An engineer is testing Cisco ISE policies in a lab environment with no support for a
deployment server. In order to push supplicant profiles to the workstations for testing,
firewall ports will need to be opened. From which Cisco ISE persona should this traffic be
originating?

A.

monitoring

B.

policy service

C.

administration

D.

authentication

A network engineer has been tasked with enabling a switch to support standard web authentication for Cisco ISE. This must include the ability to provision for URL redirection on authentication Which two commands must be entered to meet this requirement? (Choose two)

A.

Ip http secure-authentication

B.

Ip http server

C.

Ip http redirection

D.

Ip http secure-server

E.

Ip http authentication

An administrator is trying to collect metadata information about the traffic going across the
network to gam added visibility into the hosts. This Information will be used to create
profiling policies for devices us mg Cisco ISE so that network access policies can be used
What must be done to accomplish this task?

A.

Configure the RADIUS profiling probe within Cisco ISE

B.

Configure NetFlow to be sent to me Cisco ISE appliance.

C.

Configure SNMP to be used with the Cisco ISE appliance

D.

Configure the DHCP probe within Cisco ISE

A network engineer must enforce access control using special tags, without re-engineering
the network design. Which feature should be configured to achieve this in a scalable
manner?

A.

SGT

B.

dACL

C.

VLAN

D.

RBAC