Q1. What three changes require restarting the application service on an ISE node?.(Choose three.)
A. Registering a node.
B. Changing the primary node to standalone.
C. Promoting the administration node.
D. Installing the root CA certificate.
E. Changing the guest portal default port settings.
F. Adding a network access device.
Answer: A,B,C
Q2. Which set of commands allows IPX inbound on all interfaces?
A. ASA1(config)# access-list IPX-Allow ethertype permit ipx ASA1(config)# access-group IPX-Allow in interface global
B. ASA1(config)# access-list IPX-Allow ethertype permit ipx ASA1(config)# access-group IPX-Allow in interface inside
C. ASA1(config)# access-list IPX-Allow ethertype permit ipx ASA1(config)# access-group IPX-Allow in interface outside
D. ASA1(config)# access-list IPX-Allow ethertype permit ipx ASA1(config)# access-group IPX-Allow out interface global
Answer: A
Q3. What is the purpose of the Cisco ISE Guest Service Sponsor Portal?
A. It tracks and stores user activity while connected to the Cisco ISE.
B. It securely authenticates guest users for the Cisco ISE Guest Service.
C. It filters guest users from account holders to the Cisco ISE.
D. It creates and manages Guest User accounts.
Answer: D
Q4. Which three personas can a Cisco ISE assume in a deployment? (Choose three.)
A. connection
B. authentication
C. administration
D. testing
E. policy service
F. monitoring
Answer: C,E,F
Q5. Which authorization method is the Cisco best practice to allow endpoints access to the
Apple App store or Google Play store with Cisco WLC software version 7.6 or newer?
A. dACL
B. DNS ACL
C. DNS ACL defined in Cisco ISE
D. redirect ACL
Answer: B
Q6. Which option is required for inline security group tag propagation?
A. Cisco Secure Access Control System
B. hardware support
C. Security Group Tag Exchange Protocol (SXP) v4
D. Cisco Identity Services Engine
Answer: B
Q7. What are the initial steps to configure an ACS as a TACACS server?
A. 1. Choose Network Devices and AAA Clients > Network Resources.
2. Click Create.
B. 1. Choose Network Resources > Network Devices and AAA Clients.
2. Click Create.
C. 1. Choose Network Resources > Network Devices and AAA Clients.
2. Click Manage.
D. 1. Choose Network Devices and AAA Clients > Network Resources.
2. Click Install.
Answer: B
Q8. An organization has recently deployed ISE with Trustsec capable Cisco switches and would like to allow differentiated network access based on user groups. Which solution is most suitable for achieving these goals?
A. Cyber Threat Defense for user group control by leveraging Netflow exported from the Cisco switches and identity information from ISE
B. MACsec in Multiple-Host Mode in order to encrypt traffic at each hop of the network infrastructure
C. Identity-based ACLs preconfigured on the Cisco switches with user identities provided by ISE
D. Cisco Security Group Access Policies to control access based on SGTs assigned to different user groups
Answer: D
Q9. What are two possible reasons why a scheduled nightly backup of ISE to a FTP repository would fail? (Choose two.)
A. ISE attempted to write the backup to an invalid path on the FTP server.
B. The ISE and FTP server clocks are out of sync.
C. The username and password for the FTP server are invalid.
D. The server key is invalid or misconfigured.
E. TCP port 69 is disabled on the FTP server.
Answer: A,C
Q10. When MAB is configured, how often are ports reauthenticated by default?
A. every 60 seconds
B. every 90 seconds
C. every 120 seconds
D. never
Answer: D