Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exc65

examout.co

Which two authentication protocols are supported by RADIUS but not by TACACS+? (Choose two.)

A.

MSCHAPv1

B.

PAP

C.

EAP

D.

CHAP

E.

MSCHAPV2

Which two actions must be verified to confirm that the internet is accessible via guest access when configuring a guest portal? (Choose two.)

A.

The guest device successfully associates with the correct SSID.

B.

The guest user gets redirected to the authentication page when opening a browser.

C.

The guest device has internal network access on the WLAN.

D.

The guest device can connect to network file shares.

E.

Cisco ISE sends a CoA upon successful guest authentication.

An administrator is configuring RADIUS on a Cisco switch with a key set to Cisc403012128 but is receiving the error “Authentication failed: 22040 Wrong password or invalid shared secret. “what must be done to address this issue?

A.

Add the network device as a NAD inside Cisco ISE using the existing key.

B.

Configure the key on the Cisco ISE instead of the Cisco switch.

C.

Use a key that is between eight and ten characters.

D.

Validate that the key is correct on both the Cisco switch as well as Cisco ISE.

An administrator enables the profiling service for Cisco ISE to use for authorization policies while in closed mode. When the endpoints connect, they receive limited access so that the profiling probes can gather information and Cisco ISE can assign the correct profiles. They are using the default values within Cisco ISE. but the devices do not change their access due to the new profile. What is the problem'?

A.

In closed mode, profiling does not work unless CDP is enabled.

B.

The profiling probes are not able to collect enough information to change the device profile

C.

The profiler feed is not downloading new information so the profiler is inactive

D.

The default profiler configuration is set to No CoA for the reauthentication setting

An administrator is troubleshooting an endpoint that is supposed to bypass 802 1X and use MAB. The endpoint is bypassing 802.1X and successfully getting network access using MAB. however the endpoint cannot communicate because it cannot obtain an IP address. What is the problem?

A.

The DHCP probe for Cisco ISE is not working as expected.

B.

The 802.1 X timeout period is too long.

C.

The endpoint is using the wrong protocol to authenticate with Cisco ISE.

D.

An AC I on the port is blocking HTTP traffic

A network security engineer needs to configure 802.1X port authentication to allow a single host to be authenticated for data and another single host to be authenticated for voice. Which command should the engineer run on the interface to accomplish this goal?

A.

authentication host-mode single-host

B.

authentication host-mode multi-auth

C.

authentication host-mode multi-host

D.

authentication host-mode multi-domain

A Cisco ISE administrator needs to ensure that guest endpoint registrations are only valid for 1 day. When testing the guest policy flow, the administrator sees that the Cisco ISE does not delete the endpoint in the Guest Endpoints identity store after one day and allows access to the guest network after that period. Which configuration is causing this problem?

A.

The RADIUS policy set for guest access is set to allow repeated authentication of the same device.

B.

The length of access is set to 7 days in the Guest Portal Settings.

C.

The Endpoint Purge Policy is set to 30 days for guest devices.

D.

The Guest Account Purge Policy is set to 15 days.

Which RADIUS attribute is used to dynamically assign the Inactivity active timer for MAB users from the Cisco ISE node?

A.

session timeout

B.

idle timeout

C.

radius-server timeout

D.

termination-action

An engineer is implementing network access control using Cisco ISE and needs to separate the traffic based on the network device ID and use the IOS device sensor capability. Which probe must be used to accomplish this task?

A.

HTTP probe

B.

NetFlow probe

C.

network scan probe

D.

RADIUS probe

What happens when an internal user is configured with an external identity store for authentication, but an engineer uses the Cisco ISE admin portal to select an internal identity store as the identity source?

A.

Authentication is redirected to the internal identity source.

B.

Authentication is redirected to the external identity source.

C.

Authentication is granted.

D.

Authentication fails.