Q1. In a basic ACS deployment consisting of two servers, for which three tasks is the primary server responsible? (Choose three.)
A. configuration
B. authentication
C. sensing
D. policy requirements
E. monitoring
F. repudiation
Answer: A,B,D
Q2. When RADIUS NAC and AAA Override are enabled for a WLC on a Cisco ISE, which two statements about RADIUS NAC are true? (Choose two.)
A. It returns an access-accept and sends the redirection URL for all users.
B. It establishes secure connectivity between the RADIUS server and the Cisco ISE.
C. It allows the Cisco ISE to send a CoA request that indicates when the user is authenticated.
D. It is used for posture assessment, so the Cisco ISE changes the user profile based on posture result.
E. It allows multiple users to authenticate at the same time.
Answer: C,D
Q3. In an 802.1X authorization process, a network access device provides which three functions? (Choose three.)
A. Filters traffic prior to authentication
B. Passes credentials to authentication server
C. Enforces policy provided by authentication server
D. Hosts a central web authentication page
E. Confirms supplicant protocol compliance
F. Validates authentication credentials
Answer: A,B,C
Q4. Which three pieces of information can be found in an authentication detail report? (Choose three.)
A. DHCP vendor ID
B. user agent string
C. the authorization rule matched by the endpoint
D. the EAP method the endpoint is using
E. the RADIUS username being used
F. failed posture requirement
Answer: C,D,E
Q5. Which two Cisco Catalyst switch interface commands allow only a single voice device and a single data device to be connected to the IEEE 802.1X-enabled interface? (Choose two.)
A. authentication host-mode single-host
B. authentication host-mode multi-domain
C. authentication host-mode multi-host
D. authentication host-mode multi-auth
Answer: A,B
Q6. Which two statements about MAB are true? (Choose two.)
A. It requires a preexisting database of the MAC addresses of permitted devices.
B. It is unable to control network access at the edge.
C. If MAB fails, the device is unable to fall back to another authentication method.
D. It is unable to link the IP and MAC addresses of a device.
E. It is unable to authenticate individual users.
Answer: A,E
Q7. Which two profile attributes can be collected by a Cisco Catalyst Switch that supports Device Sensor? (Choose two.)
A. LLDP agent information
B. user agent
C. DHCP options
D. open ports
E. operating system
F. trunk ports
Answer: A,C
Q8. Which command is useful when troubleshooting AAA Authentication between a Cisco router and the AAA server?
A. test aaa-server test cisco cisco123 all new-code
B. test aaa group7 tacacs+ auth cisco123 new-code
C. test aaa group tacacs+ cisco cisco123 new-code
D. test aaa-server tacacs+ group7 cisco cisco123 new-code
Answer: C
Q9. Which three components comprise the Cisco ISE profiler? (Choose three.)
A. the sensor, which contains one or more probes
B. the probe manager
C. a monitoring tool that connects to the Cisco ISE
D. the trigger, which activates ACLs
E. an analyzer, which uses configured policies to evaluate endpoints
F. a remitter tool, which fails over to redundant profilers
Answer: A,B,E
Q10. What is another term for 802.11i wireless network security?
A. 802.1x
B. WEP
C. TKIP
D. WPA
E. WPA2
Answer: E