Q1. Which functionality does the Cisco ISE self-provisioning flow provide?
A. It provides support for native supplicants, allowing users to connect devices directly to the network.
B. It provides the My Devices portal, allowing users to add devices to the network.
C. It provides support for users to install the Cisco NAC agent on enterprise devices.
D. It provides self-registration functionality to allow guest users to access the network.
Answer: A
Q2. Which feature must you configure on a switch to allow it to redirect wired endpoints to Cisco ISE?
A. the http secure-server command
B. RADIUS Attribute 29
C. the RADIUS VSA for accounting
D. the RADIUS VSA for URL-REDIRECT
Answer: A
Q3. A network administrator must enable which protocol to utilize EAP-Chaining?
A. EAP-FAST
B. EAP-TLS
C. MSCHAPv2
D. PEAP
Answer: A
Q4. Which three features should be enabled as best practices for MAB? (Choose three.)
A. MD5
B. IP source guard
C. DHCP snooping
D. storm control E. DAI
F. URPF
Answer: B,C,E
Q5. You are troubleshooting wired 802.1X authentications and see the following error: "Authentication failed: 22040 Wrong password or invalid shared secret." What should you inspect to determine the problem?
A. RADIUS shared secret
B. Active Directory shared secret
C. Identity source sequence
D. TACACS+ shared secret
E. Certificate authentication profile
Answer: A
Q6. Your guest-access wireless network is experiencing degraded performance and excessive latency due to user saturation. Which type of rate limiting can you implement on your network to correct the problem?
A. per-device
B. per-policy
C. per-access point
D. per-controller
E. per-application
Answer: A
Q7. Which two Active Directory authentication methods are supported by Cisco ISE? (Choose two.)
A. MS-CHAPv2
B. PEAP
C. PPTP
D. EAP-PEAP
E. PPP
Answer: A,B
Q8. With which two appliance-based products can Cisco Prime Infrastructure integrate to perform centralized management? (Choose two.)
A. Cisco Managed Services Engine
B. Cisco Email Security Appliance
C. Cisco Wireless Location Appliance
D. Cisco Content Security Appliance
E. Cisco ISE
Answer: A,E
Q9. When you add a new PSN for guest access services, which two options must be enabled under deployment settings? (Choose two.)
A. Admin
B. Monitoring
C. Policy Service
D. Session Services
E. Profiling
Answer: C,D
Q10. Refer to the exhibit.
You are configuring permissions for a new Cisco ISE standard authorization profile. If you configure the Tunnel-Private-Group-ID attribute as shown, what does the value 123 represent?
A. the VLAN ID
B. the VRF ID
C. the tunnel ID
D. the group ID
Answer: A