A security engineer configures a Cisco Catalyst switch to use Cisco TrustSec. The engineer must define the PAC key to authenticate the switch to Cisco IISE. Drag and drop the commands from the left into sequence on the right. Not all options are used.

Which profiling probe collects the user-agent string?

A network engineer is configuring a Cisco Wireless LAN Controller in order to find out more information about the devices that are connecting. This information must be sent to Cisco ISE to be used in authorization policies. Which profiling mechanism must be configured in the Cisco Wireless LAN Controller to accomplish this task?

A network administrator is configuring a new access switch to use with Cisco ISE for network access control. There is a need to use a centralized server for the reauthentication timers. What must be configured in order to accomplish this task?

An engineer is configuring TACACS+ within Cisco ISE for use with a non-Cisco network device. They need to send special attributes in the Access-Accept response to ensure that the users are given the appropriate access. What must be configured to accomplish this'?

An administrator adds a new network device to the Cisco ISE configuration to authenticate endpoints to the network. The RADIUS test fails after the administrator configures all of the settings in Cisco ISE and adds the proper configurations to the switch. What is the issue"?

A security administrator is using Cisco ISE to create a BYOD onboarding solution for all employees who use personal devices on the corporate network. The administrator generates a Certificate Signing Request and signs the request using an external Certificate Authority server. Which certificate usage option must be selected when importing the certificate into ISE?

An administrator is attempting to replace the built-in self-signed certificates on a Cisco ISE appliance. The CA is requesting some information about the appliance in order to sign the new certificate. What must be done in order to provide the CA this information?

Which two external identity stores support EAP-TLS and PEAP-TLS? (Choose two.)

What is a characteristic of the UDP protocol?

An administrator plans to use Cisco ISE to deploy posture policies to assess Microsoft Windows endpoints that run Cisco Secure Client. The administrator wants to minimize the occurrence of messages related to unknown posture profiles if Cisco ISE fails to determine the posture of the endpoint. Secure Client is deployed to all the endpoints. and all the required Cisco ISE authentication, authorization, and posture policy configurations were performed. Which action must be taken next to complete the configuration?

What gives Cisco ISE an option to scan endpoints for vulnerabilities?

Which two actions must be verified to confirm that the internet is accessible via guest access when configuring a guest portal? (Choose two.)

A network security administrator wants to integrate Cisco ISE with Active Directory. Which configuration action must the security administrator take to accomplish the task?

What is a difference between RADIUS and TACACS+?

An engineer is assigned to enhance security across the campus network. The task is to enable MAB across all access switches in the network. Which command must be entered on the switch to enable MAB?

A Cisco device has a port configured in multi-authentication mode and is accepting connections only from hosts assigned the SGT of SGT_0422048549 The VLAN trunk link supports a maximum of 8 VLANS What is the reason for these restrictions?

A network engineer must enforce access control using special tags, without re-engineering the network design. Which feature should be configured to achieve this in a scalable manner?

Which two authentication protocols are supported by RADIUS but not by TACACS+? (Choose two.)

An engineer is working with a distributed deployment of Cisco ISE and needs to configure various network probes to collect a set of attributes from the used to accomplish this task?

A Cisco ISE engineer is creating a certificate authentication profile to be used with machine authentication for the network. The engineer wants to be able to compare the user-presented certificate with a certificate stored in Active Directory. What must be done to accomplish this?

A network engineer is configuring Cisco TrustSec and needs to ensure that the Security Group Tag is being transmitted between two devices Where in the Layer 2 frame should this be verified?

An administrator is editing a csv list of endpoints and wants to reprofile some of the devices indefinitely before importing the list into Cisco ISE. Which field and Boolean value must be changed for the devices before the list is reimported?

What is the maximum number of PSN nodes supported in a medium-sized deployment?

An administrator has added a new Cisco ISE PSN to their distributed deployment. Which two features must the administrator enable to accept authentication requests and profile the endpoints correctly, and add them to their respective endpoint identity groups? (Choose two )

What service can be enabled on the Cisco ISE node to identity the types of devices connecting to a network?

A Cisco ISE administrator must authenticate users against Microsoft Active Directory. The solution must meet these requirements:

Users and computers must be authenticated.

User groups must be retrieved during authentication.

Which protocol must be added to the allowed protocols on the policy to authenticate the users?

Which personas can a Cisco ISE node assume'?

Drag the descriptions on the left onto the components of 802.1X on the right.

An organization wants to enable web-based guest access for both employees and visitors The goal is to use a single portal for both user types Which two authentication methods should be used to meet this requirement? (Choose two )

Which type of identity store allows for creating single-use access credentials in Cisco ISE?

Refer to the exhibit.

An organization recently implemented network device administration using Cisco ISE. Upon testing the ability to access all of the required devices, a user in the Cisco ISE group IT Admins is attempting to login to a device in their organization's finance department but is unable to. What is the problem?

Which default "guest type" is included with Cisco ISE?

An engineer is configuring Cisco ISE to reprofile endpoints based only on new requests of INIT-REBOOT and SELECTING message types. Which probe should be used to accomplish this task?

NO: 184

An engineer builds a five-node distributed Cisco ISE deployment The first two deployed nodes are responsible for the primary and secondary administration and monitoring personas Which persona configuration is necessary to have the remaining three Cisco ISE nodes serve as dedicated nodes in the Cisco ISE cube that is responsible only for handling the RADIUS and TACACS+ authentication requests, identity lookups, and policy evaluation?

A)

B)

C)

D)

Which RADIUS attribute is used to dynamically assign the inactivity active timer for MAB users from the Cisco ISE node'?

An administrator enables the profiling service for Cisco ISE to use for authorization policies while in closed mode. When the endpoints connect, they receive limited access so that the profiling probes can gather information and Cisco ISE can assign the correct profiles. They are using the default values within Cisco ISE. but the devices do not change their access due to the new profile. What is the problem'?

Which CLI command must be configured on the switchport to immediately run the MAB process if a non-802.1X capable endpoint connects to the port?

An engineer is configuring a new Cisco ISE node. Context-sensitive information must be shared between the Cisco ISE and a Cisco ASA. Which persona must be enabled?

What allows an endpoint to obtain a digital certificate from Cisco ISE during a BYOD flow?

An engineer is using Cisco ISE and configuring guest services to allow wireless devices to access the network. Which action should accomplish this task?

Refer to the exhibit.

Which switch configuration change will allow only one voice and one data endpoint on each port?

An engineer is configuring web authentication using non-standard ports and needs the switch to redirect traffic to the correct port. Which command should be used to accomplish this task?

A network engineer must configure a policy rule to check the endpoint. The policy must ensure disk encryption is enabled and the appropriate antivirus software version is installed. Which configuration must the engineer apply to the rule?

An engineer is configuring Central Web Authentication in Cisco ISE to provide guest access. When an authentication rule is configured in the Default Policy Set for the Wired_MAB or Wireless_MAB conditions, what must be selected for the "if user not found" setting?

A policy is being created in order to provide device administration access to the switches on a network. There is a requirement to ensure that if the session is not actively being used, after 10 minutes, it will be disconnected. Which task must be configured in order to meet this requirement?

An engineer is deploying a new Cisco ISE environment for a company. The company wants the deployment to use TACACS+. The engineer verifies that Cisco ISE has a Device Administration license. What must be configured to enable TACACS+ operations?

Which action must be taken before configuring the Secure Client Agent profile when creating the Secure Client configuration for ISE posture services?

Which two responses from the RADIUS server to NAS are valid during the authentication process? (Choose two)

An engineer is configuring sponsored guest access and needs to limit each sponsored guest to a maximum of two devices. There are other guest services in production that rely on the default guest types. How should this configuration change be made without disrupting the other guest services currently offering three or more guest devices per user?

What is needed to configure wireless guest access on the network?

What must be configured on the Cisco ISE authentication policy for unknown MAC addresses/identities for successful authentication?

An engineer is enabling a newly configured wireless SSID for tablets and needs visibility into which other types of devices are connecting to it. What must be done on the Cisco WLC to provide this information to Cisco ISE9

An engineer needs to configure a Cisco ISE server to issue a CoA for endpoints already authenticated to access the network. The CoA option must be enforced on a session, even if there are multiple active sessions on a port. What must be configured to accomplish this task?

Refer to the exhibit. In which scenario does this switch configuration apply?

During BYOD flow, from where does a Microsoft Windows PC download the Network Setup Assistant?

An engineer must configure Cisco ISE to provide internet access for guests in which guests are required to enter a code to gain network access. Which action accomplishes the goal?

A network engineer must create a guest portal for wireless guests on Cisco ISE. The guest users must not be able to create accounts; however, the portal should require a username and password to connect. Which portal type must be created in Cisco ISE to meet the requirements?

An administrator must deploy the Cisco Secure Client posture agent to employee endpoints that access a wireless network by using URL redirection in Cisco ISE. The compliance module must be downloaded from Cisco and uploaded to the Cisco ISE client provisioning resource. What must be used to upload the compliance module?

An engineer is configuring web authentication and needs to allow specific protocols to permit DNS traffic. Which type of access list should be used for this configuration?

There is a need within an organization for a new policy to be created in Cisco ISE. It must validate that a specific anti-virus application is not only installed, but running on a machine before it is allowed access to the network. Which posture condition should the administrator configure in order for this policy to work?

A company is attempting to improve their BYOD policies and restrict access based on certain criteria. The company's subnets are organized by building. Which attribute should be used in order to gain access based on location?

An administrator is configuring a new profiling policy within Cisco ISE The organization has several endpoints that are the same device type and all have the same Block ID in their MAC address. The profiler does not currently have a profiling policy created to categorize these endpoints. therefore a custom profiling policy must be created Which condition must the administrator use in order to properly profile an ACME Al Connector endpoint for network access with MAC address ?

An administrator made changes in Cisco ISE and needs to apply new permissions for endpoints that have already been authenticated by sending a CoA packet to the network devices. Which IOS command must be configured on the devices to accomplish this goal?

A Cisco ISE administrator needs to ensure that guest endpoint registrations are only valid for 1 day. When testing the guest policy flow, the administrator sees that the Cisco ISE does not delete the endpoint in the Guest Endpoints identity store after one day and allows access to the guest network after that period. Which configuration is causing this problem?

Wireless network users authenticate to Cisco ISE using 802.1X through a Cisco Catalyst switch. An engineer must create an updated configuration to assign a security group tag to the user's traffic using inline tagging to prevent unauthenticated users from accessing a restricted server. The configurations were performed:

• configured Cisco ISE as a Cisco TrustSec AAA server

• configured the switch as a RADIUS device in Cisco ISE

• configured the wireless LAN controller as a TrustSec device in Cisco ISE

• created a security group tog for the wireless users

• created a certificate authentication profile

■ created an identity source sequence

• assigned an appropriate security group tag to the wireless users

• defined security group access control lists to specify an egress policy

• enforced the access control lists on the TrustSec policy matrix in Cisco ISE

• configured TrustSec on the switch

• configured TrustSec on the wireless LAN controller

Which two actions must be taken to complete the configuration? (Choose two.)

An engineer is configuring the remote access VPN to use Cisco ISE for AAA and needs to conduct posture checks on the connecting endpoints After the endpoint connects, it receives its initial authorization result and continues onto the compliance scan What must be done for this AAA configuration to allow compliant access to the network?

A network engineer must enable a profiling probe. The profiling must take details through the Active Directory. Where in the Cisco ISE interface would the engineer enable the probe?

Refer to the exhibit. An engineer must configure BYOD in Cisco ISE. A single SSID must be used to allow BYOD devices to connect to the network. These configurations have been performed on Wireless LAN Controller already:

RADIUS server

BYOD-Dot1x SSID

Which two configurations must be done in Cisco ISE to meet the requirement? (Choose two.)

An administrator must block access to BYOD endpoints that were onboarded without a certificate and have been reported as stolen in the Cisco ISE My Devices Portal. Which condition must be used when configuring an authorization policy that sets DenyAccess permission?

An administrator is configuring a new profiling policy in Cisco ISE for a printer type that is missing from the profiler feed The logical profile Printers must be used in the authorization rule and the rule must be hit. What must be done to ensure that this configuration will be successful^

Which two ports do network devices typically use for CoA? (Choose two)

An engineer is configuring a posture policy for Windows 10 endpoints and wants to ensure that users in each AD group have different conditions to meet to be compliant. What must be done to accomplish this task?

Drag and drop the description from the left onto the protocol on the right that is used to carry out system authentication, authentication, and accounting.

What must be configured on the WLC to configure Central Web Authentication using Cisco ISE and a WLC?

Which two fields are available when creating an endpoint on the context visibility page of Cisco IS? (Choose two)

When creating a policy within Cisco ISE for network access control, the administrator wants to allow different access restrictions based upon the wireless SSID to which the device is connecting. Which policy condition must be used in order to accomplish this?

An engineer is creating a new authorization policy to give the endpoints access to VLAN 310 upon successful authentication The administrator tests the 802.1X authentication for the endpoint and sees that it is authenticating successfully What must be done to ensure that the endpoint is placed into the correct VLAN?

The Cisco Wireless LAN Controller and guest portal must be set up in Cisco ISE. These configurations were performed:

• configured all the required Cisco Wireless LAN Controller configurations

• added the wireless controller to Cisco ISE network devices

• created an endpoint identity group

• configured credentials to be sent by email

• configured the SMTP server

• configured an authorization profile with redirection to the guest portal and redirected the access control list

• configured an authentication policy for MAB users

• created an authorization policy

Which two components would be required to complete the configuration? (Choose two.)

On which port does Cisco ISE present the Admin certificate for posture and client provisioning?

Which two task types are included in the Cisco ISE common tasks support for TACACS+ profiles?

(Choose two.)

What is a valid guest portal type?

Which Cisco ISE service allows an engineer to check the compliance of endpoints before connecting to the network?

What is the Microsoft security policy recommendation (or fast user switching in Cisco ISE?

Which nodes are supported in a distributed Cisco ISE deployment?

An administrator must provide network access to legacy Windows endpoints with a specific device type and operating system version using Cisco ISE profiler services. The ISE profiler services and access switches must be configured to identify endpoints using the dhcp-class-identifier and parameters-request-list attributes from the DHCP traffic. These configurations were performed:

enabled the DHCP probe in Cisco ISE

configured the Cisco ISE PSN interface to receive DHCP packets

configured the attributes in custom profiling conditions

configured a custom profiling policy

configured an authorization rule with permit access

Which action completes the configuration?

Which two methods should a sponsor select to create bulk guest accounts from the sponsor portal? (Choose two )

An engineer is configuring 802.1X and is testing out their policy sets. After authentication, some endpoints are given an access-reject message but are still allowed onto the network. What is causing this issue to occur?

The security team identified a rogue endpoint with MAC address 00:46:91:02:28:4A attached to the network. Which action must security engineer take within Cisco ISE to effectively

restrict network access for this endpoint?