- All Exams Instant Download
Which portal must the security engineer configure to accomplish this task?
An engineer is designing a BYOD environment utilizing Cisco ISE for devices that do not support native supplicants. Which portal must the security engineer configure to accomplish this task?A . MDMB . Client provisioningC . My devicesD . BYODView AnswerAnswer: C Explanation: https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/admin_guide/b_ise_admin_guide_22/b_ise_admin_guide_22_chapter_01111.html
What does the dot1x system-auth-control command do?
What does the dot1x system-auth-control command do?A . causes a network access switch not to track 802.1x sessionsB . globally enables 802.1xC . enables 802.1x on a network access device interfaceD . causes a network access switch to track 802.1x sessionsView AnswerAnswer: B Explanation: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/XE3-8-0E/15-24E/configuration/guide/xe-380-configuration/dot1x.html
What should be done to enable this type of posture check?
An organization is implementing Cisco ISE posture services and must ensure that a host-based firewall is in place on every Windows and Mac computer that attempts to access the network They have multiple vendors’ firewall applications for their devices, so the engineers creating the policies are unable to use a...
What is an advantage of using EAP-TLS over EAP-MS-CHAPv2 for client authentication?
What is an advantage of using EAP-TLS over EAP-MS-CHAPv2 for client authentication?A . EAP-TLS uses a username and password for authentication to enhance security, while EAP-MS-CHAPv2 does not.B . EAP-TLS secures the exchange of credentials, while EAP-MS-CHAPv2 does not.C . EAP-TLS uses a device certificate for authentication to enhance security,...
What must be configured to correct this?
An organization is hosting a conference and must make guest accounts for several of the speakers attending. The conference ended two days early but the guest accounts are still being used to access the network . What must be configured to correct this?A . Create an authorization rule denying sponsored...
What gives Cisco ISE an option to scan endpoints for vulnerabilities?
What gives Cisco ISE an option to scan endpoints for vulnerabilities?A . authorization policyB . authentication policyC . authentication profileD . authorization profileView AnswerAnswer: A
What must be configured on the WLC to configure Central Web Authentication using Cisco ISE and a WLC?
What must be configured on the WLC to configure Central Web Authentication using Cisco ISE and a WLC?A . Set the NAC State option to SNMP NAC . Set the NAC State option to RADIUS NAE . Use the radius-server vsa send authentication command.F . Use the ip access-group webauth...
Which policy condition must be used in order to accomplish this?
When creating a policy within Cisco ISE for network access control, the administrator wants to allow different access restrictions based upon the wireless SSID to which the device is connecting . Which policy condition must be used in order to accomplish this?A . Network Access NetworkDeviceName CONTAINS <SSID Name>B ....
Which RADIUS attribute is used to dynamically assign the Inactivity active timer for MAB users from the Cisco ISE node?
Which RADIUS attribute is used to dynamically assign the Inactivity active timer for MAB users from the Cisco ISE node?A . session timeoutB . idle timeoutC . radius-server timeoutD . termination-actionView AnswerAnswer: B Explanation: When the inactivity timer is enabled, the switch monitors the activity from authenticated endpoints. When the...
Which two endpoint compliance statuses are possible? (Choose two.)
Which two endpoint compliance statuses are possible? (Choose two.)A . unknownB . knownC . invalidD . compliantE . validView AnswerAnswer: A,D
