An organization wants to improve their BYOD processes to have Cisco ISE issue
certificates to the BYOD endpoints. Currently, they have an active certificate authority and do not want to replace it with Cisco ISE. What must be configured within Cisco ISE to accomplish this goal?
A.
Create a certificate signing request and have the root certificate authority sign it.
B.
Add the root certificate authority to the trust store and enable it for authentication.
C.
Create an SCEP profile to link Cisco ISE with the root certificate authority.
D.
Add an OCSP profile and configure the root certificate authority as secondary.
Create an SCEP profile to link Cisco ISE with the root certificate authority.
Explanation: Ref:https://www.cisco.com/c/en/us/support/docs/security/identity-servicesengine-
software/116068-configure-product-00.html
An administrator is configuring new probes to use with Cisco ISE and wants to use metadata to help profile the endpoints. The metadata must contain traffic information relating to the endpoints instead of industry-standard protocol information Which probe should be enabled to meet these requirements?
A.
NetFlow probe
B.
DNS probe
C.
DHCP probe
D.
SNMP query probe
DHCP probe
Explanation: http://www.network-node.com/blog/2016/1/2/ise-20-profiling
A.
aaa authorization auth-proxy default group radius
B.
radius server vsa sand authentication
C.
radius-server attribute 8 include-in-access-req
D.
ip device tracking
E.
dot1x system-auth-control
radius server vsa sand authentication
radius-server attribute 8 include-in-access-req
An engineer is implementing Cisco ISE and needs to configure 802.1X. The port settings are configured for port-based authentication. Which command should be used to complete this configuration?
A.
dot1x pae authenticator
B.
dot1x system-auth-control
C.
authentication port-control auto
D.
aaa authentication dot1x default group radius
dot1x system-auth-control
Explanation:
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-
2/31sg/configuration/guide/conf/dot1x.html#wp1133395
An engineer is creating a new TACACS* command set and cannot use any show
commands after togging into the device with this command set authorization Which configuration is causing this issue?
A.
Question marks are not allowed as wildcards for command sets.
B.
The command set is allowing all commands that are not in the command list
C.
The wildcard command listed is in the wrong format
D.
The command set is working like an ACL and denying every command.
Question marks are not allowed as wildcards for command sets.
In a standalone Cisco ISE deployment, which two personas are configured on a node? (Choose two )
A.
publisher
B.
administration
C.
primary
D.
policy service
E.
subscriber
administration
policy service
Explanation: https://www.cisco.com/c/en/us/td/docs/security/ise/2-
0/admin_guide/b_ise_admin_guide_20/b_ise_admin_guide_20_chapter_010.html
What is a function of client provisioning?
A.
Client provisioning ensures that endpoints receive the appropriate posture agents.
B.
Client provisioning checks a dictionary attribute with a value.
C.
Client provisioning ensures an application process is running on the endpoint.
D.
Client provisioning checks the existence, date, and versions of the file on a client.
Client provisioning ensures that endpoints receive the appropriate posture agents.
Explanation:
https://www.cisco.com/c/en/us/td/docs/security/ise/1-
2/user_guide/ise_client_prov.html#:~:text=After-Cisco-ISE-classifies-a,
packages-and-profiles%2C-if-necessary
When planning for the deployment of Cisco ISE, an organization's security policy dictates that they must use network access authentication via RADIUS. It also states that the deployment provide an adequate amount of security and visibility for the hosts on the network. Why should the engineer configure MAB in this situation?
A.
The Cisco switches only support MAB.
B.
MAB provides the strongest form of authentication available.
C.
The devices in the network do not have a supplicant.
D.
MAB provides user authentication.
The devices in the network do not have a supplicant.
An engineer is configuring Cisco ISE to reprofile endpoints based only on new requests of INIT-REBOOT and SELECTING message types. Which probe should be used to accomplish this task?
A.
MMAP
B.
DNS
C.
DHCP
D.
RADIUS
DHCP
A policy is being created in order to provide device administration access to the switches on a network. There is a requirement to ensure that if the session is not actively being used, after 10 minutes, it will be disconnected. Which task must be configured in order to meet this requirement?
A.
session timeout
B.
idle time
C.
monitor
D.
set attribute as
session timeout
Explanation:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-
4/admin_guide/b_ISE_admin_guide_24/m_admin_accesspolicy_settings.html#refere
nce_0E24B8FBFAB248219E1194435670347F
A network administrator is setting up wireless guest access and has been unsuccessful in testing client access. The endpoint is able to connect to the SSID but is unable to grant access to the guest network through the guest portal. What must be done to identify the problem?
A.
Use context visibility to verify posture status.
B.
Use the endpoint ID to execute a session trace.
C.
Use the identity group to validate the authorization rules.
D.
Use traceroute to ensure connectivity.
Use the endpoint ID to execute a session trace.
Explanation: https://www.cisco.com/c/en/us/td/docs/security/ise/1-
3/admin_guide/b_ise_admin_guide_13/b_ise_admin_guide_sample_chapter_011001.html#
concept_87916A77E8774545B36D0BB422429596
A laptop was stolen and a network engineer added it to the block list endpoint identity group What must be done on a new Cisco ISE deployment to redirect the laptop and restrict access?
A.
Select DenyAccess within the authorization policy.
B.
Ensure that access to port 8443 is allowed within the ACL.
C.
Ensure that access to port 8444 is allowed within the ACL.
D.
Select DROP under If Auth fail within the authentication policy.
Select DROP under If Auth fail within the authentication policy.
| Page 9 out of 20 Pages |
| Previous |