Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exc65

examout.co

A network engineer must enforce access control using special tags, without re-engineering the network design. Which feature should be configured to achieve this in a scalable manner?

A.

SGT

B.

dACL

C.

VLAN

D.

RBAC

An engineer is configuring 802.1X and wants it to be transparent from the users' point of view. The implementation should provide open authentication on the switch ports while providing strong levels of security for non-authenticated devices. Which deployment mode should be used to achieve this?

A.

closed

B.

low-impact

C.

open

D.

high-impact

An engineer is testing Cisco ISE policies in a lab environment with no support for a deployment server. In order to push supplicant profiles to the workstations for testing, firewall ports will need to be opened. From which Cisco ISE persona should this traffic be originating?

A.

monitoring

B.

policy service

C.

administration

D.

authentication

Refer to the exhibit. An engineer is creating a new TACACS* command set and cannot use any show commands after togging into the device with this command set authorization Which configuration is causing this issue?

A.

Question marks are not allowed as wildcards for command sets.

B.

The command set is allowing all commands that are not in the command list

C.

The wildcard command listed is in the wrong format

D.

The command set is working like an ACL and denying every command.

In which two ways can users and endpoints be classified for TrustSec?

(Choose Two.)

A.

VLAN

B.

SXP

C.

dynamic

D.

QoS

E.

SGACL

Which two endpoint compliance statuses are possible? (Choose two.)

A.

unknown

B.

known

C.

invalid

D.

compliant

E.

valid

Which permission is common to the Active Directory Join and Leave operations?

A.

Create a Cisco ISE machine account in the domain if the machine account does not already exist

B.

Remove the Cisco ISE machine account from the domain.

C.

Set attributes on the Cisco ISE machine account

D.

Search Active Directory to see if a Cisco ISE machine account already ex.sts.

An organization wants to standardize the 802 1X configuration on their switches and remove static ACLs on the switch ports while allowing Cisco ISE to communicate to the switch what access to provide What must be configured to accomplish this task?

A.

security group tag within the authorization policy

B.

extended access-list on the switch for the client

C.

port security on the switch based on the client's information

D.

dynamic access list within the authorization profile

There are several devices on a network that are considered critical and need to be placed into the ISE database and a policy used for them. The organization does not want to use profiling. What must be done to accomplish this goal?

A.

Enter the MAC address in the correct Endpoint Identity Group.

B.

Enter the MAC address in the correct Logical Profile.

C.

Enter the IP address in the correct Logical Profile.

D.

Enter the IP address in the correct Endpoint Identity Group.

An engineer is configuring sponsored guest access and needs to limit each sponsored guest to a maximum of two devices. There are other guest services in production that rely on the default guest types. How should this configuration change be made without disrupting the other guest services currently offering three or more guest devices per user?

A.

Create an ISE identity group to add users to and limit the number of logins via the group configuration.

B.

Create a new guest type and set the maximum number of devices sponsored guests can register

C.

Create an LDAP login for each guest and tag that in the guest portal for authentication.

D.

Create a new sponsor group and adjust the settings to limit the devices for each guest.