New Year Sale Special - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sntaclus

examout.co

An organization wants to enable web-based guest access for both employees and visitors The goal is to use a single portal for both user types Which two authentication methods should be used to meet this requirement? (Choose two )

A.

LDAP

B.

802 1X

C.

Certificate-based

D.

LOCAL

E.

MAC based

A Cisco ISE administrator needs to ensure that guest endpoint registrations are only valid for one day When testing the guest policy flow, the administrator sees that the Cisco ISE does not delete the endpoint in the Guest Endpoints identity store after one day and allows access to the guest network after that period. Which configuration is causing this problem?

A.

The Endpoint Purge Policy is set to 30 days for guest devices

B.

The RADIUS policy set for guest access is set to allow repeated authentication of the same device

C.

The length of access is set to 7 days in the Guest Portal Settings

D.

The Guest Account Purge Policy is set to 15 days

An administrator is adding a switch to a network that is running Cisco ISE and is only for IP Phones The phones do not have the ability to authenticate via 802 1X Which command is needed on each switch port for authentication?

A.

dot1x system-auth-control

B.

enable bypass-mac

C.

enable network-authentication

D.

mab

A new employee just connected their workstation to a Cisco IP phone. The network administrator wants to ensure that the Cisco IP phone remains online when the user disconnects their Workstation from the corporate network Which CoA configuration meets this requirement?

A.

Port Bounce

B.

Reauth

C.

NoCoA

D.

Disconnect

When configuring an authorization policy, an administrator cannot see specific Active Directory groups present in their domain to be used as a policy condition. However, other groups that are in the same domain are seen What is causing this issue?

A.

Cisco ISE only sees the built-in groups, not user created ones

B.

The groups are present but need to be manually typed as conditions

C.

Cisco ISE's connection to the AD join point is failing

D.

The groups are not added to Cisco ISE under the AD join point

What is needed to configure wireless guest access on the network?

A.

endpoint already profiled in ISE

B.

WEBAUTH ACL for redirection

C.

valid user account in Active Directory

D.

Captive Portal Bypass turned on

Which personas can a Cisco ISE node assume'?

A.

policy service, gatekeeping, and monitoring

B.

administration, policy service, and monitoring

C.

administration, policy service, gatekeeping

D.

administration, monitoring, and gatekeeping

Which two ports must be open between Cisco ISE and the client when you configure posture on Cisco ISE? (Choose two).

A.

TCP 8443

B.

TCP 8906

C.

TCP 443

D.

TCP 80

E.

TCP 8905

An engineer is enabling a newly configured wireless SSID for tablets and needs visibility into which other types of devices are connecting to it. What must be done on the Cisco WLC to provide this information to Cisco ISE9

A.

enable IP Device Tracking

B.

enable MAC filtering

C.

enable Fast Transition

D.

enable mDNS snooping

An engineer is configuring Cisco ISE policies to support MAB for devices that do not have 802.1X capabilities. The engineer is configuring new endpoint identity groups as conditions to be used in the AuthZ policies, but noticed that the endpoints are not hitting the correct policies. What must be done in order to get the devices into the right policies?

A.

Manually add the MAC addresses of the devices to endpoint ID groups in the context visibility database.

B.

Create an AuthZ policy to identify Unknown devices and provide partial network access prior to profiling.

C.

Add an identity policy to dynamically add the IP address of the devices to their endpoint identity groups.

D.

Identify the non 802.1X supported device types and create custom profiles for them to profile into.