- All Exams Instant Download
Which personas can a Cisco ISE node assume'?
Which personas can a Cisco ISE node assume'?A . policy service, gatekeeping, and monitoringB . administration, policy service, and monitoringC . administration, policy service, gatekeepingD . administration, monitoring, and gatekeepingView AnswerAnswer: B Explanation: https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_dis_deploy.html The persona or personas of a node determine the services provided by a node. An ISE...
Which probe must be used to accomplish this task?
An engineer is implementing network access control using Cisco ISE and needs to separate the traffic based on the network device ID and use the IOS device sensor capability . Which probe must be used to accomplish this task?A . HTTP probeB . NetFlow probeC . network scan probeD ....
Which command should the engineer run on the interface to accomplish this goal?
A network security engineer needs to configure 802.1X port authentication to allow a single host to be authenticated for data and another single host to be authenticated for voice . Which command should the engineer run on the interface to accomplish this goal?A . authentication host-mode single-hostB . authentication host-mode...
Which command should be used to accomplish this task?
An engineer is configuring web authentication using non-standard ports and needs the switch to redirect traffic to the correct port . Which command should be used to accomplish this task?A . permit tcp any any eq <port number>B . aaa group server radius proxyC . ip http port <port number>D...
Which statement about configuring certificates for BYOD is true?
Which statement about configuring certificates for BYOD is true?A . An Android endpoint uses EST, whereas other operating systems use SCEP for enrollmentB . The SAN field is populated with the end user name.C . An endpoint certificate is mandatory for the Cisco ISE BYODD . The CN field is...
What does a fully distributed Cisco ISE deployment include?
What does a fully distributed Cisco ISE deployment include?A . PAN and PSN on the same node while MnTs are on their own dedicated nodes.B . PAN and MnT on the same node while PSNs are on their own dedicated nodes.C . All Cisco ISE personas on their own dedicated...
Which portal must the security engineer configure to accomplish this task?
An engineer is designing a BYOD environment utilizing Cisco ISE for devices that do not support native supplicants. Which portal must the security engineer configure to accomplish this task?A . MDMB . Client provisioningC . My devicesD . BYODView AnswerAnswer: C Explanation: https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/admin_guide/b_ise_admin_guide_22/b_ise_admin_guide_22_chapter_01111.html
What does the dot1x system-auth-control command do?
What does the dot1x system-auth-control command do?A . causes a network access switch not to track 802.1x sessionsB . globally enables 802.1xC . enables 802.1x on a network access device interfaceD . causes a network access switch to track 802.1x sessionsView AnswerAnswer: B Explanation: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/XE3-8-0E/15-24E/configuration/guide/xe-380-configuration/dot1x.html
What should be done to enable this type of posture check?
An organization is implementing Cisco ISE posture services and must ensure that a host-based firewall is in place on every Windows and Mac computer that attempts to access the network They have multiple vendors’ firewall applications for their devices, so the engineers creating the policies are unable to use a...
What is an advantage of using EAP-TLS over EAP-MS-CHAPv2 for client authentication?
What is an advantage of using EAP-TLS over EAP-MS-CHAPv2 for client authentication?A . EAP-TLS uses a username and password for authentication to enhance security, while EAP-MS-CHAPv2 does not.B . EAP-TLS secures the exchange of credentials, while EAP-MS-CHAPv2 does not.C . EAP-TLS uses a device certificate for authentication to enhance security,...
