Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. Which statement about Cisco Management Frame Protection is true?
A. It enables stations to remain in power-save mode, except at specified intervals to receive data from the access point.
B. It detects spoofed MAC addresses.
C. It identifies potential RF jamming attacks.
D. It protects against frame and device spoofing.
Answer: D
Q2. Which condition triggers wireless authentication? A. NAS-Port-Type is set to IEEE 802.11.
B. Framed-Compression is set to None.
C. Service-Type is set to Framed.
D. Tunnel-Type is set to VLAN.
Answer: A
Q3. In Cisco ISE, which two actions can be taken based on matching a profiler policy? (Choose two).
A. exception
B. network scan (NMAP)
C. delete endpoint
D. automatically remediate
E. create matching identity group
Answer: A,B
Q4. Which mechanism does Cisco ISE use to force a device off the network if it is reported lost or stolen?
A. CoA
B. dynamic ACLs
C. SGACL
D. certificate revocation
Answer: A
Q5. RAG DROP Answer:
Answer:
Q6. Which network component would issue the CoA?
A. switch
B. endpoint
C. Admin Node
D. Policy Service Node
Answer: D
Q7. What endpoint operating system provides native support for the SPW?
A. Apple iOS
B. Android OS
C. Windows 8
D. Mac OS X
Answer: A
Q8. What implementation must be added to the WLC to enable 802.1X and CoA for wireless endpoints?
A. the ISE
B. an ACL
C. a router
D. a policy server
Answer: A
Q9. In this simulation, you are task to examine the various authentication events using the ISE GUI. For example, you should see events like Authentication succeeded. Authentication failed and etc...
Which two statements are correct regarding the event that occurred at 2014-05-07 00:22:48.175? (Choose two.)
A. The DACL will permit http traffic from any host to 10.10.2.20
B. The DACL will permit http traffic from any host to 10.10.3.20
C. The DACL will permit icmp traffic from any host to 10.10.2.20
D. The DACL will permit icmp traffic from any host to 10.10.3.20
E. The DACL will permit https traffic from any host to 10.10.3.20
Answer: A,E
Explanation:
Event Details:
Screen Shot 2015-06-23 at 5.38.50 PM
Screen Shot 2015-06-23 at 5.41.14 PM
Q10. Which advanced authentication setting is needed to allow an unknown device to utilize Central WebAuth?
A. If Authentication failed > Continue
B. If Authentication failed > Drop
C. If user not found > Continue
D. If user not found > Reject
Answer: C
Q11. A properly configured Cisco ISE Policy Service node is not receiving any profile data from a Cisco switch that runs Device Sensor.
Which option is the most likely reason for the failure?
A. Syslog is configured for the Policy Administration Node.
B. RADIUS Accounting is disabled.
C. The SNMP community strings are mismatched.
D. RADIUS Authentication is misconfigured.
E. The connected endpoints support CDP but not DHCP.
Answer: B
Q12. What is the first step that occurs when provisioning a wired device in a BYOD scenario?
A. The smart hub detects that the physically connected endpoint requires configuration and must use MAB to authenticate.
B. The URL redirects to the Cisco ISE Guest Provisioning portal.
C. Cisco ISE authenticates the user and deploys the SPW package.
D. The device user attempts to access a network URL.
Answer: A
Q13. Which two attributes must match between two Cisco ASA devices to properly enable high availability? (Choose two.)
A. model, interface configuration, and RAM
B. major and minor software release
C. tcp dead-peer detection protocol
D. 802.1x authentication identity
Answer: A,B
Q14. Cisco ISE distributed deployments support which three features? (Choose three.)
A. global implementation of the profiler service CoA
B. global implementation of the profiler service in Cisco ISE
C. configuration to send system logs to the appropriate profiler node
D. node-specific probe configuration
E. server-specific probe configuration
F. NetFlow probes
Answer: A,C,D
Q15. Which network access device feature can you configure to gather raw endpoint data?
A. Device Sensor
B. Device Classifier
C. Switched Port Analyzer
D. Trust Anchor
Answer: A
Q16. What are two client-side requirements of the NAC Agent and NAC Web Agent installation? (Choose two.)
A. Administrator workstation rights
B. Active Directory Domain membership
C. Allowing of web browser activex installation
D. WSUS service running
Answer: A,C
Q17. During client provisioning on a Mac OS X system, the client system fails to renew its IP address. Which change can you make to the agent profile to correct the problem?
A. Enable the Agent IP Refresh feature.
B. Enable the Enable VLAN Detect Without UI feature.
C. Enable CRL checking.
D. Edit the Discovery Host parameter to use an IP address instead of an FQDN.
Answer: A