Q1. Which option restricts guests from connecting more than one device at a time?
A. Guest Portal policy > Set Device registration portal limit
B. Guest Portal Policy > Set Allow only one guest session per user
C. My Devices Portal > Set Maximum number of devices to register
D. Multi-Portal Policy > Guest users should be able to do device registration
Answer: B
Q2. In AAA, what function does authentication perform?
A. It identifies the actions that the user can perform on the device.
B. It identifies the user who is trying to access a device.
C. It identifies the actions that a user has previously taken.
D. It identifies what the user can access.
Answer: B
Q3. You discover that the Cisco ISE is failing to connect to the Active Directory server. Which option is a possible cause of the problem?
A. NTP server time synchronization is configured incorrectly.
B. There is a certificate mismatch between Cisco ISE and Active Directory.
C. NAT statements required for Active Directory are configured incorrectly.
D. The RADIUS authentication ports are being blocked by the firewall.
Answer: A
Q4. Which two statements about administrative access to the ACS Solution Engine are true? (Choose two.)
A. The ACS Solution Engine supports command-line connections through a serial-port connection.
B. For GUI access, an administrative GUI user must be created with the add-guiadmin command.
C. The ACS Solution Engine supports command-line connections through an Ethernet interface.
D. An ACL-based policy must be configured to allow administrative-user access.
E. GUI access to the ACS Solution Engine is not supported.
Answer: B,D
Q5. From which location can you run reports on endpoint profiling?
A. Reports > Operations > Catalog > Endpoint
B. Operations > Reports > Catalog > Endpoint
C. Operations > Catalog > Reports > Endpoint
D. Operations > Catalog > Endpoint
Answer: B
Q6. What is a required step when you deploy dynamic VLAN and ACL assignments?
A. Configure the VLAN assignment.
B. Configure the ACL assignment.
C. Configure Cisco IOS Software 802.1X authenticator authorization.
D. Configure the Cisco IOS Software switch for ACL assignment.
Answer: C
Q7. You configured wired 802.1X with EAP-TLS on Windows machines. The ISE authentication detail report shows "EAP-TLS failed SSL/TLS handshake because of an unknown CA in the client certificates chain." What is the most likely cause of this error?
A. The ISE certificate store is missing a CA certificate.
B. The Wireless LAN Controller is missing a CA certificate.
C. The switch is missing a CA certificate.
D. The Windows Active Directory server is missing a CA certificate.
Answer: A
Q8. Where is client traffic decrypted in a controller-based wireless network protected with WPA2 Security?
A. Access Point
B. Switch
C. Wireless LAN Controller
D. Authentication Server
Answer: A
Q9. In the command 'aaa authentication default group tacacs local', how is the word 'default' defined?
A. Command set
B. Group name
C. Method list
D. Login type
Answer: C
Q10. Which command enables static PAT for TCP port 25?
A. nat (outside,inside) static 209.165.201.3 209.165.201.226 eq smtp
B. nat static 209.165.201.3 eq smtp
C. nat (inside,outside) static 209.165.201.3 service tcp smtp smtp
D. static (inside,outside) 209.165.201.3 209.165.201.226 netmask 255.255.255.255
Answer: C