Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exc65

examout.co

A laptop was stolen and a network engineer added it to the block list endpoint identity group What must be done on a new Cisco ISE deployment to redirect the laptop and restrict access?

A.

Select DenyAccess within the authorization policy.

B.

Ensure that access to port 8443 is allowed within the ACL.

C.

Ensure that access to port 8444 is allowed within the ACL.

D.

Select DROP under If Auth fail within the authentication policy.

A new employee just connected their workstation to a Cisco IP phone. The network administrator wants to ensure that the Cisco IP phone remains online when the user disconnects their Workstation from the corporate network Which CoA configuration meets this requirement?

A.

Port Bounce

B.

Reauth

C.

NoCoA

D.

Disconnect

What are two benefits of TACACS+ versus RADIUS for device administration? (Choose two )

A.

TACACS+ supports 802.1X, and RADIUS supports MAB

B.

TACACS+ uses UDP, and RADIUS uses TCP

C.

TACACS+ has command authorization, and RADIUS does not.

D.

TACACS+ provides the service type, and RADIUS does not

E.

TACACS+ encrypts the whole payload, and RADIUS encrypts only the password.

An administrator is configuring a new profiling policy within Cisco ISE The organization has several endpoints that are the same device type and all have the same Block ID in their MAC address. The profiler does not currently have a profiling policy created to categorize these endpoints. therefore a custom profiling policy must be created Which condition must the administrator use in order to properly profile an ACME Al Connector endpoint for network access with MAC address ?

A.

MAC_OUI_STARTSWITH_

B.

CDP_cdpCacheDevicelD_CONTAINS_

C.

MAC_MACAddress_CONTAINS_

D.

Radius Called Station-ID STARTSWITH

A network administrator notices that after a company-wide shut down, many users cannot connect their laptops to the corporate SSID. What must be done to permit access in a timely manner?

A.

Authenticate the user's system to the secondary Cisco ISE node and move this user to the primary with the renewed certificate.

B.

Connect this system as a guest user and then redirect the web auth protocol to log in to the network.

C.

Add a certificate issue from the CA server, revoke the expired certificate, and add the new certificate in system.

D.

Allow authentication for expired certificates within the EAP-TLS section under the allowed protocols.

What does a fully distributed Cisco ISE deployment include?

A.

PAN and PSN on the same node while MnTs are on their own dedicated nodes.

B.

PAN and MnT on the same node while PSNs are on their own dedicated nodes.

C.

All Cisco ISE personas on their own dedicated nodes.

D.

All Cisco ISE personas are sharing the same node.

Which type of identity store allows for creating single-use access credentials in Cisco ISE?

A.

OpenLDAP

B.

Local

C.

PKI

D.

RSA SecurID

Which two actions occur when a Cisco ISE server device administrator logs in to a device? (Choose two)

A.

The device queries the internal identity store

B.

The Cisco ISE server queries the internal identity store

C.

The device queries the external identity store

D.

The Cisco ISE server queries the external identity store.

E.

The device queries the Cisco ISE authorization server

What gives Cisco ISE an option to scan endpoints for vulnerabilities?

A.

authorization policy

B.

authentication policy

C.

authentication profile

D.

authorization profile

A company is attempting to improve their BYOD policies and restrict access based on certain criteria. The company's subnets are organized by building. Which attribute should be used in order to gain access based on location?

A.

static group assignment

B.

IP address

C.

device registration status

D.

MAC address