Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. Which two switchport commands enable MAB and allow non-802.1X capable devices to immediately run through the MAB process? (Choose two.)
A. authentication order mab dot1x
B. authentication order dot1x mab
C. no authentication timer
D. dot1x timeout tx-period
E. authentication open
F. mab
Answer: A,F
Q2. What endpoint operating system provides native support for the SPW?
A. Apple iOS
B. Android OS
C. Windows 8
D. Mac OS X
Answer: A
Q3. Which two profile attributes can be collected by a Cisco Catalyst Switch that supports Device Sensor? (Choose two.)
A. LLDP agent information
B. user agent
C. DHCP options
D. open ports
E. operating system
F. trunk ports
Answer: A,C
Q4. Which set of commands allows IPX inbound on all interfaces?
A. ASA1(config)# access-list IPX-Allow ethertype permit ipx ASA1(config)# access-group IPX-Allow in interface global
B. ASA1(config)# access-list IPX-Allow ethertype permit ipx ASA1(config)# access-group IPX-Allow in interface inside
C. ASA1(config)# access-list IPX-Allow ethertype permit ipx ASA1(config)# access-group IPX-Allow in interface outside
D. ASA1(config)# access-list IPX-Allow ethertype permit ipx ASA1(config)# access-group IPX-Allow out interface global
Answer: A
Q5. When RADIUS NAC and AAA Override are enabled for WLC on a Cisco ISE, which two statements about RADIUS NAC are true? (Choose two.)
A. It will return an access-accept and send the redirection URL for all users.
B. It establishes secure connectivity between the RADIUS server and the ISE.
C. It allows the ISE to send a CoA request that indicates when the user is authenticated.
D. It is used for posture assessment, so the ISE changes the user profile based on posture result.
E. It allows multiple users to authenticate at the same time.
Answer: C,D
Q6. Which command can check a AAA server authentication for server group Group1, user cisco, and password cisco555 on a Cisco ASA device?
A. ASA# test aaa-server authentication Group1 username cisco password cisco555
B. ASA# test aaa-server authentication group Group1 username cisco password cisco555
C. ASA# aaa-server authorization Group1 username cisco password cisco555
D. ASA# aaa-server authentication Group1 roger cisco555
Answer: A
Q7. Which option restricts guests from connecting more than one device at a time?
A. Guest Portal policy > Set Device registration portal limit
B. Guest Portal Policy > Set Allow only one guest session per user
C. My Devices Portal > Set Maximum number of devices to register
D. Multi-Portal Policy > Guest users should be able to do device registration
Answer: B
Q8. In a multi-node ISE deployment, backups are not working on the MnT node. Which ISE CLI option would help mitigate this issue?
A. repository
B. ftp-url
C. application-bundle
D. collector
Answer: A
Q9. Refer to the exhibit.
You are troubleshooting RADIUS issues on the network and the debug radius command returns the given output. What is the most likely reason for the failure?
A. An invalid username or password was entered.
B. The RADIUS port is incorrect.
C. The NAD is untrusted by the RADIUS server.
D. The RADIUS server is unreachable.
E. RADIUS shared secret does not match
Answer: A
Q10. Which command configures console port authorization under line con 0?
A. authorization default|WORD
B. authorization exec line con 0|WORD
C. authorization line con 0|WORD
D. authorization exec default|WORD
Answer: D
Q11. When you configure an endpoint profiling policy rule, which option describes the purpose of the minimum certainty factor?
A. It is compared to the total certainty metric of an individual endpoint to determine whether the endpoint can be trusted.
B. It is compared to the assigned certainty value of an individual endpoint in a device database to determine whether the endpoint can be trusted.
C. It is used to compare the policy condition to other active policies.
D. It is used to determine the likelihood that an endpoint is an active, trusted device on the network.
Answer: A
Q12. Refer to the exhibit.
The links outside the TrustSec area in the given SGA architecture are unprotected. On which two links does EAC take place? (Choose two.)
A. between switch 2 and switch 3
B. between switch 5 and host 2
C. between host 1 and switch 1
D. between the authentication server and switch 4
E. between switch 1 and switch 2
F. between switch 1 and switch 5
Answer: A,B
Q13. In Cisco ISE, which probe must be enabled to collect profiling data using Device Sensor?
A. RADIUS
B. SNMPQuery
C. SNMPTrap
D. Network Scan
E. Syslog
Answer: A
Q14. In this simulation, you are task to examine the various authentication events using the ISE GUI. For example, you should see events like Authentication succeeded. Authentication failed and etc...
Which four statements are correct regarding the event that occurred at 2014-05-07 00:19:07.004? (Choose four.)
A. The IT_Corp authorization profile were applied.
B. The it1 user was matched to the IT_Corp authorization policy.
C. The it1 user supplicant used the PEAP (EAP-MSCHAPv2) authentication method.
D. The it1 user was authenticated using MAB.
E. The it1 user was successfully authenticated against AD1 identity store.
F. The it1 user machine has been profiled as a Microsoft-Workstation.
G. The it1 user machine has passed all the posture assessement tests.
Answer: B,C,E,F
Explanation:
Here are the details shown for this event:
Screen Shot 2015-06-23 at 5.27.37 PM
Q15. Refer to the exhibit.
If the given configuration is applied to the object-group vpnservers, during which time period are external users able to connect?
A. From Friday at 6:00 p.m. until Monday at 8:00 a.m.
B. From Monday at 8:00 a.m. until Friday at 6:00 p.m.
C. From Friday at 6:01 p.m. until Monday at 8:01 a.m.
D. From Monday at 8:01 a.m. until Friday at 5:59 p.m.
Answer: A
Q16. Where is client traffic decrypted in a controller-based wireless network protected with WPA2 Security?
A. Access Point
B. Switch
C. Wireless LAN Controller
D. Authentication Server
Answer: A
Q17. Which two options are valid for configuring IEEE 802.1AE MACSec between switches in a TrustSec network? (Choose two.)
A. manually on links between supported switches
B. in the Cisco Identity Services Engine
C. in the global configuration of a TrustSec non-seed switch
D. dynamically on links between supported switches
E. in the Cisco Secure Access Control System
F. in the global configuration of a TrustSec seed switch
Answer: A,D