Implementing Cisco Secure Access Solutions v13.0

Page:    1 / 18   
Exam contains 269 questions

Which command on the switch ensures that the Service-Type attribute is sent with all
RADIUS authentication request?

  • A. radius-server attribute 8 include-in-access-req
  • B. radius-server attribute 25 access-request include
  • C. radius-server attribute 6 on-for-login-auth
  • D. radius-server attribute 31 send nas-port-detail


Answer : C


Refer to the exhibit. Which authentication method is being used?

  • A. PEAP-MSCHAP
  • B. EAP-GTC
  • C. EAP-TLS
  • D. PEAP-TLS


Answer : A

Explanation:
These authentication methods are supported with LDAP:
Extensible Authentication Protocol Generic Token Card (EAP-GTC)
Extensible Authentication Protocol Transport Layer Security (EAP-TLS)
Protected Extensible Authentication Protocol Transport Layer Security (PEAP-

In the command 'aaa authentication default group tacacs local', how is the word 'default' defined?

  • A. Command set
  • B. Group name
  • C. Method list
  • D. Login type


Answer : C

What is a required configuration step for an 802.1X capable switch to support dynamic
VLAN and ACL assignments?

  • A. Configure the VLAN assignment.
  • B. Configure the ACL assignment.
  • C. Configure 802.1X authenticator authorization.
  • D. Configure port security on the switch port.


Answer : C

Which two attributes are delivered by the DHCP probe to the Cisco ISE? (Choose two.)

  • A. dhcp-client-identifier
  • B. framed-IP-address
  • C. host-name
  • D. calling-station-ID
  • E. MAC address


Answer : A,C

Which two statements about administrative access to the ACS Solution Engine are true?
(Choose two.)

  • A. The ACS Solution Engine supports command-line connections through a serial-port connection.
  • B. For GUI access, an administrative GUI user must be created with the add-guiadmin command.
  • C. The ACS Solution Engine supports command-line connections through an Ethernet interface.
  • D. An ACL-based policy must be configured to allow administrative-user access.
  • E. GUI access to the ACS Solution Engine is not supported.


Answer : B,D

In AAA, what function does authentication perform?

  • A. It identifies the actions that the user can perform on the device.
  • B. It identifies the user who is trying to access a device.
  • C. It identifies the actions that a user has previously taken.
  • D. It identifies what the user can access.


Answer : B

The NAC Agent uses which port and protocol to send discovery packets to an ISE Policy
Service Node?

  • A. tcp/8905
  • B. udp/8905
  • C. http/80
  • D. https/443


Answer : A

Explanation:
http://www.cisco.com/c/en/us/td/docs/security/ise/2-
0/installation_guide/b_ise_InstallationGuide20/
Cisco_SNS_3400_Series_Appliance_Ports_Reference.html

Which two Active Directory authentication methods are supported by Cisco ISE? (Choose two.)

  • A. MS-CHAPv2
  • B. PEAP
  • C. PPTP
  • D. EAP-PEAP
  • E. PPP


Answer : A,B

A user reports that a switch's RADIUS accounting packets are not being seen on the Cisco
ISE server Which command is the user missing in the switch's configuration?

  • A. radius-server vsa send accounting
  • B. aaa accounting network default start-stop group radius
  • C. aaa accounting resource default start-stop group radius
  • D. aaa accounting exec default start-stop group radius


Answer : A

What EAP method supports mutual certificate-based authentication?

  • A. EAP-TTLS
  • B. EAP-MSCHAP
  • C. EAP-TLS
  • D. EAP-MD5


Answer : C

An organization has recently deployed ISE with the latest models of Cisco switches, and it plans to deploy Trustsec to secure its infrastructure. The company also wants to allow different network access policies for different user groups (e.g., administrators). Which solution is needed to achieve these goals?

  • A. Cisco Security Group Access Policies in order to use SGACLs to control access based on SGTs assigned to different users
  • B. MACsec in Multiple-Host Mode in order to open or close a port based on a single authentication
  • C. Identity-based ACLs on the switches with user identities provided by ISE
  • D. Cisco Threat Defense for user group control by leveraging Netflow exported from the switches and login information from ISE


Answer : A

Which remediation type ensures that Automatic Updates configuration is turned on
Windows clients per security policy to remediate Windows clients for posture compliance?

  • A. AS Remediation
  • B. File Remediation
  • C. Launch Program Remediation
  • D. Windows Update Remediation
  • E. Windows Server Update Services Remediation


Answer : D

Which two types of client provisioning resources are used for BYOD implementations?
(Choose two.)

  • A. user agent
  • B. Cisco NAC agent
  • C. native supplicant profiles
  • D. device sensor
  • E. software provisioning wizards


Answer : C,E

Which authorization method is the Cisco best practice to allow endpoints access to the
Apple App store or Google Play store with Cisco WLC software version 7.6 or newer?

  • A. dACL
  • B. DNS ACL
  • C. DNS ACL defined in Cisco ISE
  • D. redirect ACL


Answer : B

Page:    1 / 18   
Exam contains 269 questions

Talk to us!


Have any questions or issues ? Please dont hesitate to contact us