Q1. What is a requirement for posture administration services in Cisco ISE?
A. at least one Cisco router to store Cisco ISE profiling policies
B. Cisco NAC Agents that communicate with the Cisco ISE server
C. an ACL that points traffic to the Cisco ISE deployment
D. the advanced license package must be installed
Answer: D
Q2. Under which circumstance would an inline posture node be deployed?
A. When the NAD does not support CoA
B. When the NAD cannot support the number of connected endpoints
C. When a PSN is overloaded
D. To provide redundancy for a PSN
Answer: A
Q3. What is the first step that occurs when provisioning a wired device in a BYOD scenario?
A. The smart hub detects that the physically connected endpoint requires configuration and must use MAB to authenticate.
B. The URL redirects to the Cisco ISE Guest Provisioning portal.
C. Cisco ISE authenticates the user and deploys the SPW package.
D. The device user attempts to access a network URL.
Answer: A
Q4. Which type of remediation does Windows Server Update Services provide?
A. automatic remediation
B. administrator-initiated remediation
C. redirect remediation
D. central Web auth remediation
Answer: A
Q5. What is the effect of the ip http secure-server command on a Cisco ISE?
A. It enables the HTTP server for users to connect on the command line.
B. It enables the HTTP server for users to connect using Web-based authentication.
C. It enables the HTTPS server for users to connect using Web-based authentication.
D. It enables the HTTPS server for users to connect on the command line.
Answer: C
Q6. An administrator can leverage which attribute to assign privileges based on Microsoft Active Directory user groups?
A. member of
B. group
C. class
D. person
Answer: A
Q7. Where would a Cisco ISE administrator define a named ACL to use in an authorization policy?
A. In the conditions of an authorization rule.
B. In the attributes of an authorization rule.
C. In the permissions of an authorization rule.
D. In an authorization profile associated with an authorization rule.
Answer: D
Q8. An organization has recently deployed ISE with the latest models of Cisco switches, and it plans to deploy Trustsec to secure its infrastructure. The company also wants to allow different network access policies for different user groups (e.g., administrators). Which solution is needed to achieve these goals?
A. Cisco Security Group Access Policies in order to use SGACLs to control access based on SGTs assigned to different users
B. MACsec in Multiple-Host Mode in order to open or close a port based on a single authentication
C. Identity-based ACLs on the switches with user identities provided by ISE
D. Cisco Threat Defense for user group control by leveraging Netflow exported from the switches and login information from ISE
Answer: A
Q9. Which command configures console port authorization under line con 0?
A. authorization default|WORD
B. authorization exec line con 0|WORD
C. authorization line con 0|WORD
D. authorization exec default|WORD
Answer: D
Q10. Which error in a redirect ACL can cause the redirection of an endpoint to the provisioning portal to fail?
A. The redirect ACL is blocking access to ports 80 and 443.
B. The redirect ACL is applied to an incorrect SVI.
C. The redirect ACL is blocking access to the client provisioning portal.
D. The redirect ACL is blocking access to Cisco ISE port 8905.
Answer: A