Q1. What are the initial steps to configure an ACS as a TACACS server?
A. 1. Choose Network Devices and AAA Clients > Network Resources.
2. Click Create.
B. 1. Choose Network Resources > Network Devices and AAA Clients.
2. Click Create.
C. 1. Choose Network Resources > Network Devices and AAA Clients.
2. Click Manage.
D. 1. Choose Network Devices and AAA Clients > Network Resources.
2. Click Install.
Answer: B
Q2. In this simulation, you are task to examine the various authentication events using the ISE GUI. For example, you should see events like Authentication succeeded. Authentication failed and etc...
Which two statements are correct regarding the event that occurred at 2014-05-07 00:16:55.393? (Choose two.)
A. The failure reason was user entered the wrong username.
B. The supplicant used the PAP authentication method.
C. The username entered was it1.
D. The user was authenticated against the Active Directory then also against the ISE interal user database and both fails.
E. The NAS switch port where the user connected to has a MAC address of 44:03:A7:62:41:7F
F. The user is being authenticated using 802.1X.
G. The user failed the MAB.
H. The supplicant stopped responding to ISE which caused the failure.
Answer: C,F
Explanation:
Event Details:
Screen Shot 2015-06-23 at 5.45.07 PM Screen Shot 2015-06-23 at 5.45.16 PM
Q3. Which two types of client provisioning resources are used for BYOD implementations? (Choose two.)
A. user agent
B. Cisco NAC agent
C. native supplicant profiles
D. device sensor
E. software provisioning wizards
Answer: C,E
Q4. Wireless client supplicants attempting to authenticate to a wireless network are generating excessive log messages. Which three WLC authentication settings should be disabled? (Choose three.)
A. RADIUS Server Timeout
B. RADIUS Aggressive-Failover
C. Idle Timer
D. Session Timeout
E. Client Exclusion
F. Roaming
Answer: B,C,D
Q5. Which three algorithms should be avoided due to security concerns? (Choose three.)
A. DES for encryption
B. SHA-1 for hashing
C. 1024-bit RSA
D. AES GCM mode for encryption
E. HMAC-SHA-1
F. 256-bit Elliptic Curve Diffie-Hellman
G. 2048-bit Diffie-Hellman
Answer: A,B,C
Q6. In the command 'aaa authentication default group tacacs local', how is the word 'default' defined?
A. Command set
B. Group name
C. Method list
D. Login type
Answer: C
Q7. Which feature of Cisco ASA allows VPN users to be postured against Cisco ISE without requiring an inline posture node?
A. RADIUS Change of Authorization
B. device tracking
C. DHCP snooping
D. VLAN hopping
Answer: A
Q8. During client provisioning on a Mac OS X system, the client system fails to renew its IP address. Which change can you make to the agent profile to correct the problem?
A. Enable the Agent IP Refresh feature.
B. Enable the Enable VLAN Detect Without UI feature.
C. Enable CRL checking.
D. Edit the Discovery Host parameter to use an IP address instead of an FQDN.
Answer: A
Q9. Which two components are required to connect to a WLAN network that is secured by EAP-TLS authentication? (Choose two.)
A. Kerberos authentication server
B. AAA/RADIUS server
C. PSKs
D. CA server
Answer: B,D
Q10. What steps must you perform to deploy a CA-signed identity certificate on an ISE device?
A. 1. Download the CA server certificate and install it on ISE.
2. Generate a signing request and save it as a file.
3. Access the CA server and submit the CA request.
4. Install the issued certificate on the ISE.
B. 1. Download the CA server certificate and install it on ISE.
2. Generate a signing request and save it as a file.
3. Access the CA server and submit the CSR.
4. Install the issued certificate on the CA server.
C. 1. Generate a signing request and save it as a file.
2. Download the CA server certificate and install it on ISE.
3. Access the ISE server and submit the CA request.
4. Install the issued certificate on the CA server.
D. 1. Generate a signing request and save it as a file.
2. Download the CA server certificate and install it on ISE.
3. Access the CA server and submit the CSR.
4. Install the issued certificate on the ISE.
Answer: D