Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. Which profiling capability allows you to gather and forward network packets to an analyzer?
A. collector
B. spanner
C. retriever
D. aggregator
Answer: A
Q2. Which two profile attributes can be collected by a Cisco Catalyst Switch that supports Device Sensor? (Choose two.)
A. LLDP agent information
B. user agent
C. DHCP options
D. open ports
E. operating system
F. trunk ports
Answer: A,C
Q3. Which statement about system time and NTP server configuration with Cisco ISE is true?
A. The system time and NTP server settings can be configured centrally on the Cisco ISE.
B. The system time can be configured centrally on the Cisco ISE, but NTP server settings must be configured individually on each ISE node.
C. NTP server settings can be configured centrally on the Cisco ISE, but the system time must be configured individually on each ISE node.
D. The system time and NTP server settings must be configured individually on each ISE node.
Answer: D
Q4. Under which circumstance would an inline posture node be deployed?
A. When the NAD does not support CoA
B. When the NAD cannot support the number of connected endpoints
C. When a PSN is overloaded
D. To provide redundancy for a PSN
Answer: A
Q5. Security Group Access requires which three syslog messages to be sent to Cisco ISE? (Choose three.)
A. IOS-7-PROXY_DROP
B. AP-1-AUTH_PROXY_DOS_ATTACK
C. MKA-2-MACDROP
D. AUTHMGR-5-MACMOVE
E. ASA-6-CONNECT_BUILT
F. AP-1-AUTH_PROXY_FALLBACK_REQ
Answer: B,D,F
Q6. RAG DROP Answer:
Answer:
Q7. What is another term for 802.11i wireless network security?
A. 802.1x
B. WEP
C. TKIP
D. WPA
E. WPA2
Answer: E
Q8. Which two Cisco ISE administration options are available in the Default Posture Status setting? (Choose two.)
A. Unknown
B. Compliant
C. FailOpen
D. FailClose
E. Noncompliant
Answer: B,E
Q9. Changes were made to the ISE server while troubleshooting, and now all wireless certificate authentications are failing. Logs indicate an EAP failure. What are the two possible causes of the problem? (Choose two.)
A. EAP-TLS is not checked in the Allowed Protocols list
B. Client certificate is not included in the Trusted Certificate Store
C. MS-CHAPv2-is not checked in the Allowed Protocols list
D. Default rule denies all traffic
E. Certificate authentication profile is not configured in the Identity Store
Answer: A,E
Q10. What are two client-side requirements of the NAC Agent and NAC Web Agent installation? (Choose two.)
A. Administrator workstation rights
B. Active Directory Domain membership
C. Allowing of web browser activex installation
D. WSUS service running
Answer: A,C
Q11. Which three statements about the Cisco ISE profiler are true? (Choose three.)
A. It sends endpoint data to AAA servers.
B. It collects endpoint attributes.
C. It stores MAC addresses for endpoint systems.
D. It monitors and polices router and firewall traffic.
E. It matches endpoints to their profiles.
F. It stores endpoints in the Cisco ISE database with their profiles.
Answer: B,E,F
Q12. You are configuring SGA on a network device that is unable to perform SGT tagging. How can the device propagate SGT information?
A. The device can use SXP to pass IP-address-to-SGT mappings to a TrustSec-capable hardware peer.
B. The device can use SXP to pass MAC-address-to-STG mappings to a TrustSec-capable hardware peer.
C. The device can use SXP to pass MAC-address-to-IP mappings to a TrustSec-capable hardware peer.
D. The device can propagate SGT information in an encapsulated security payload.
E. The device can use a GRE tunnel to pass the SGT information to a TrustSec-capable hardware peer.
Answer: A
Q13. What are the initial steps must you perform to add the ISE to the WLC?
A. 1. With a Web browser, establish an HTTP connection to the WLC pod.
2. Navigate to Administration > Authentication > New.
3. Enter server values to begin the configuration.
B. 1. With a Web browser, establish an FTP connection to the WLC pod.
2. Navigate to Security > Administration > New.
3. Add additional security features for FTP authentication.
C. 1. With a Web browser, establish an HTTP connection to the WLC pod.
2. Navigate to Authentication > New.
3. Enter ACLs and Authentication methods to begin the configuration.
D. 1. With a Web browser connect, establish an HTTPS connection to the WLC pod.
2. Navigate to Security > Authentication > New.
3. Enter server values to begin the configuration.
Answer: D
Q14. Which three remediation actions are supported by the Web Agent for Windows? (Choose three.)
A. Automatic Remediation
B. Message text
C. URL Link
D. File Distribution
E. AV definition update
F. Launch Program
Answer: B,C,D
Q15. You are installing Cisco ISE on nodes that will be used in a distributed deployment. After the initial bootstrap process, what state will the Cisco ISE nodes be in?
A. Remote
B. Policy service
C. Administration
D. Standalone
Answer: D
Q16. Which two EAP types require server side certificates? (Choose two.)
A. EAP-TLS
B. PEAP
C. EAP-MD5
D. LEAP
E. EAP-FAST
F. MSCHAPv2
Answer: A,B
Q17. Which two statements about Cisco NAC Agents that are installed on clients that interact with the Cisco ISE profiler are true? (Choose two.)
A. They send endpoint data to AAA servers.
B. They collect endpoint attributes.
C. They interact with the posture service to enforce endpoint security policies.
D. They block access from the network through noncompliant endpoints.
E. They store endpoints in the Cisco ISE with their profiles.
F. They evaluate clients against posture policies, to enforce requirements.
Answer: C,F