Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. What is another term for 802.11i wireless network security?
A. 802.1x
B. WEP
C. TKIP
D. WPA
E. WPA2
Answer: E
Q2. Which two identity store options allow you to authorize based on group membership? (Choose two).
A. Lightweight Directory Access Protocol
B. RSA SecurID server
C. RADIUS
D. Active Directory
Answer: A,D
Q3. Changes were made to the ISE server while troubleshooting, and now all wireless certificate authentications are failing. Logs indicate an EAP failure. What is the most likely cause of the problem?
A. EAP-TLS is not checked in the Allowed Protocols list
B. Certificate authentication profile is not configured in the Identity Store
C. MS-CHAPv2-is not checked in the Allowed Protocols list
D. Default rule denies all traffic
E. Client root certificate is not included in the Certificate Store
Answer: A
Q4. In Cisco ISE, which two actions can be taken based on matching a profiler policy? (Choose two).
A. exception
B. network scan (NMAP)
C. delete endpoint
D. automatically remediate
E. create matching identity group
Answer: A,B
Q5. Which default identity source is used by the MyDevices_Portal_Sequence identity source sequence?
A. internal users
B. guest users
C. Active Directory
D. internal endpoints
E. RADIUS servers
Answer: A
Q6. Which three are required steps to enable SXP on a Cisco ASA? (Choose three).
A. configure AAA authentication
B. configure password
C. issue the aaa authorization command aaa-server group command
D. configure a peer
E. configure TACACS
F. issue the cts sxp enable command
Answer: B,D,F
Q7. Which two identity databases are supported when PEAP-MSCHAPv2 is used as EAP type? (Choose two.)
A. Windows Active Directory
B. LDAP
C. RADIUS token server
D. internal endpoint store
E. internal user store
F. certificate authentication profile
G. RSA SecurID
Answer: A,E
Q8. Your guest-access wireless network is experiencing degraded performance and excessive latency due to user saturation. Which type of rate limiting can you implement on your network to correct the problem?
A. per-device
B. per-policy
C. per-access point
D. per-controller
E. per-application
Answer: A
Q9. Which three network access devices allow for static security group tag assignment? (Choose three.)
A. intrusion prevention system
B. access layer switch
C. data center access switch
D. load balancer
E. VPN concentrator
F. wireless LAN controller
Answer: B,C,E
Q10. Which profiling capability allows you to gather and forward network packets to an analyzer?
A. collector
B. spanner
C. retriever
D. aggregator
Answer: A
Q11. Certain endpoints are missing DHCP profiling data.
Which option describes what can be used to determine if DHCP requests from clients are reaching Cisco ISE?
A. output of show interface gigabitEthernet 0 from the CLI
B. output of debug logging all 7 from the CLI
C. output of show logging application profiler.log from the CLI
D. the TCP dump diagnostic tool through the GUI
E. the posture troubleshooting diagnostic tool through the GUI
Answer: D
Q12. Cisco 802.1X phasing enables flexible deployments through the use of open, low-impact, and closed modes. What is a unique characteristic of the most secure mode?
A. Granular ACLs applied prior to authentication
B. Per user dACLs applied after successful authentication
C. Only EAPoL traffic allowed prior to authentication
D. Adjustable 802.1X timers to enable successful authentication
Answer: C
Q13. The NAC Agent v4.9.x uses which ports and protocols to communicate with an ISE Policy Service Node?
A. tcp/8905, http/80, ftp/21
B. tcp/8905, http/80, https/443
C. udp/8905, telnet/23, https/443
D. udp/8906, http/80, https/443
Answer: B
Q14. Which three statements about the Cisco wireless IPS solution are true? (Choose three.)
A. It enables stations to remain in power-save mode, except at specified intervals to receive data from the access point.
B. It detects spoofed MAC addresses.
C. It identifies potential RF jamming attacks.
D. It protects against frame and device spoofing.
E. It allows the WLC to failover because of congestion.
Answer: B,C,D
Q15. What is a requirement for posture administration services in Cisco ISE?
A. at least one Cisco router to store Cisco ISE profiling policies
B. Cisco NAC Agents that communicate with the Cisco ISE server
C. an ACL that points traffic to the Cisco ISE deployment
D. the advanced license package must be installed
Answer: D
Q16. In this simulation, you are task to examine the various authentication events using the ISE GUI. For example, you should see events like Authentication succeeded. Authentication failed and etc...
Which two statements are correct regarding the event that occurred at 2014-05-07 00:16:55.393? (Choose two.)
A. The failure reason was user entered the wrong username.
B. The supplicant used the PAP authentication method.
C. The username entered was it1.
D. The user was authenticated against the Active Directory then also against the ISE interal user database and both fails.
E. The NAS switch port where the user connected to has a MAC address of 44:03:A7:62:41:7F
F. The user is being authenticated using 802.1X.
G. The user failed the MAB.
H. The supplicant stopped responding to ISE which caused the failure.
Answer: C,F
Explanation:
Event Details:
Screen Shot 2015-06-23 at 5.45.07 PM Screen Shot 2015-06-23 at 5.45.16 PM
Q17. What are the initial steps to configure an ACS as a TACACS server?
A. 1. Choose Network Devices and AAA Clients > Network Resources.
2. Click Create.
B. 1. Choose Network Resources > Network Devices and AAA Clients.
2. Click Create.
C. 1. Choose Network Resources > Network Devices and AAA Clients.
2. Click Manage.
D. 1. Choose Network Devices and AAA Clients > Network Resources.
2. Click Install.
Answer: B