- All Exams Instant Download
The Secure-X company has recently successfully tested the 802.1X authentication deployment using the Cisco Catalyst switch and the Cisco ISEv1.2 appliance. Currently, each employee desktop is connected to an 802.1X enabled switch port and is able to use the Cisco AnyConnect NAM 802.1Xsupplicantto log in and connect to the network
SIMULATION The Secure-X company has recently successfully tested the 802.1X authentication deployment using the Cisco Catalyst switch and the Cisco ISEv1.2 appliance. Currently, each employee desktop is connected to an 802.1X enabled switch port and is able to use the Cisco AnyConnect NAM 802.1Xsupplicantto log in and connect to the...
Which two options can the engineer select in the new Antivirus remediation policy?
A security engineer must create an Antivirus remediation policy within Cisco ISE. Which two options can the engineer select in the new Antivirus remediation policy? (Choose two.)A . program installation pathB . Antivirus vendor nameC . uniform resource locatorD . file to uploadE . operating systemView AnswerAnswer: B, E
Which network component would issue the CoA?
Which network component would issue the CoA?A . switchB . endpointC . Admin NodeD . Policy Service NodeView AnswerAnswer: D
You configured wired 802.1X with EAP-TLS on Windows machines. The ISE authentication detail report shows "EAP-TLS failed SSL/TLS handshake because of an unknown CA in the client certificates chain." What is the most likely cause of this error?
You configured wired 802.1X with EAP-TLS on Windows machines. The ISE authentication detail report shows "EAP-TLS failed SSL/TLS handshake because of an unknown CA in the client certificates chain." What is the most likely cause of this error?A . The ISE certificate store is missing a CA certificate.B . The...
Which command can check a AAA server authentication for server group Group1, user cisco, and password cisco555 on a Cisco ASA device?
Which command can check a AAA server authentication for server group Group1, user cisco, and password cisco555 on a Cisco ASA device?A . ASA# test aaa-server authentication Group1 username cisco password cisco555B . ASA# test aaa-server authentication group Group1 username cisco password cisco555C . ASA# aaa-server authorization Group1 username cisco...
Which two portals can be configured to use portal FQDN? (Choose two.)
Which two portals can be configured to use portal FQDN? (Choose two.)A . adminB . sponsorC . guestD . my devicesE . monitoring and troubleshootingView AnswerAnswer: B,D
Which two fields are characteristics of IEEE 802.1AE frame? (Choose two.)
Which two fields are characteristics of IEEE 802.1AE frame? (Choose two.)A . destination MAC addressB . source MAC addressC . 802.1AE header in EtherTypeD . security group tag in EtherTypeE . integrity check valueF . CRC/FCSView AnswerAnswer: C,E
What is a unique characteristic of the most secure mode?
Cisco 802.1X phasing enables flexible deployments through the use of open, low-impact, and closed modes. What is a unique characteristic of the most secure mode?A . Granular ACLs applied prior to authenticationB . Per user dACLs applied after successful authenticationC . Only EAPoL traffic allowed prior to authenticationD . Adjustable...
What is the function of the SGACL policy matrix on a Cisco TrustSec domain with SGT Assignment?
What is the function of the SGACL policy matrix on a Cisco TrustSec domain with SGT Assignment?A . It determines which access policy to apply to the endpoint.B . It determines which switches are trusted within the TrustSec domain.C . It determines the path the SGT of the packet takes...
How can the device propagate SGT information?
You are configuring SGA on a network device that is unable to perform SGT tagging. How can the device propagate SGT information?A . The device can use SXP to pass IP-address-to-SGT mappings to a TrustSec-capable hardware peer.B . The device can use SXP to pass MAC-address-to-STG mappings to a TrustSec-capable...
