- All Exams Instant Download
Which are two characteristics of TACACS+? (Choose two)
Which are two characteristics of TACACS+? (Choose two)A . It uses TCP port 49.B . It combines authorization and authentication functions.C . It separates authorization and authentication functions.D . It encrypts the password only.E . It uses UDP port 49.View AnswerAnswer: A, C
When configuring Active Directory groups, what does the Cisco ISE use to resolve ambiguous group names?
When configuring Active Directory groups, what does the Cisco ISE use to resolve ambiguous group names?A . MIBB . TGTC . OMABD . SIDView AnswerAnswer: D
Which two ports do network devices typically use for CoA? (Choose two)
Which two ports do network devices typically use for CoA? (Choose two)A . 443B . 19005C . 8080D . 3799E . 1700View AnswerAnswer: D, E
What is the purpose of the ip http server command on a switch?
What is the purpose of the ip http server command on a switch?A . It enables the https server for users for web authenticationB . It enables MAB authentication on the switchC . It enables the switch to redirect users for web authentication.D . It enables dot1x authentication on the...
Which default endpoint identity group does an endpoint that does not match any profile in Cisco ISE become a member of?
Which default endpoint identity group does an endpoint that does not match any profile in Cisco ISE become a member of?A . EndpointB . unknownC . blacklistD . white listE . profiledView AnswerAnswer: B Explanation: If you do not have a matching profiling policy, you can assign an unknown profiling...
Why should the engineer configure MAB in this situation?
When planning for the deployment of Cisco ISE, an organization's security policy dictates that they must use network access authentication via RADIUS. It also states that the deployment provide an adequate amount of security and visibility for the hosts on the network. Why should the engineer configure MAB in this...
What is a method for transporting security group tags throughout the network?
What is a method for transporting security group tags throughout the network?A . by enabling 802.1AE on every network deviceB . by the Security Group Tag Exchange ProtocolC . by embedding the security group tag in the IP headerD . by embedding the security group tag in the 802.1Q headerView...
If a user reports a device lost or stolen, which portal should be used to prevent the device from accessing the network while still providing information about why the device is blocked?
If a user reports a device lost or stolen, which portal should be used to prevent the device from accessing the network while still providing information about why the device is blocked?A . Client ProvisioningB . GuestC . BYODD . BlacklistView AnswerAnswer: D Explanation: https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Borderless_Networks/Unified_Access/BYOD_Design_Guide/Managing_Lost_or_Stolen_Device.html#90273 The Blacklist identity group is...
What is a requirement for Feed Service to work?
What is a requirement for Feed Service to work?A . TCP port 3080 must be opened between Cisco ISE and the feed serverB . Cisco ISE has a base license.C . Cisco ISE has access to an internal server to download feed updateD . Cisco ISE has Internet access to...
Which advanced option within a WLAN must be enabled to trigger Central Web Authentication for Wireless users on AireOS controller?
Which advanced option within a WLAN must be enabled to trigger Central Web Authentication for Wireless users on AireOS controller?A . DHCP serverB . static IP tunnelingC . override Interface ACLD . AAA overrideView AnswerAnswer: D
