Implementing and Configuring Cisco Identity Services Engine (SISE) v6.2

Page:    1 / 4   
Exam contains 49 questions

Which URL should you enter into the SCEP Certificate Authority profile to enable Native
Supplicant Provisioning?

  • A. http:/[ise-server-name/IP]/mscep/mscep.dll
  • B. http:/[ise-server-name/IP]/mscep/scep.dll
  • C. http:/[ise-server-name/IP]/certsrv/scep/scep.dll
  • D. http:/[ise-server-name/IP]/certsrv/mscep/mscep.dll


Answer : D

Which network information device sensor is sending in the RADIUS accounting packet?

  • A. DHCP
  • B. HTTP
  • C. LLDP
  • D. CDP


Answer : A

Which of these is not a default behavior of Cisco ISE 1.1, with respect to authentication, when a user connects to a switch port that is configured for 802.1X, MAB, and web authentication?

  • A. MAB uses internal endpoints for retrieving identity.
  • B. 802.1X uses internal users for retrieving identity.
  • C. Central WebAuth relies on MAB for initial port authentication.
  • D. Authentication fails if there is no matching policy.


Answer : D

Refer to the exhibit.
Which two statements about the exhibit are true? (Choose two.)

  • A. The default behavior is shown in the exhibit.
  • B. The default behavior should be Continue/Continue/Continue.
  • C. If Continue/Continue/Continue is configured, the endpoint is allowed on the network.
  • D. The default Identity Source is shown in the exhibit.


Answer : A,D

Refer to the exhibit.
Which two statements are true about identity groups and their use in an authorization policy? (Choose two.)

  • A. Only user identity groups can be created in Cisco ISE.
  • B. User identity groups can reference internal and external stores.
  • C. The Whitelist identity group that is shown in the exhibit can be used to contain MAC addresses that are statically entered into Cisco ISE.
  • D. The Whitelist identity group is one of the predefined identity groups in Cisco ISE.
  • E. Identity groups can only reference internal endpoints and users in the local database.


Answer : C,E

Refer to the exhibit.


The authorization policy is using "Multiple Matched Rule Applies" for rule matching.

ProfileA = VLAN attribute 10 -
ProfileB = DACL= Employee, Voice DomainPermission = TRUE
Which statement is correct with regards to the Multiple Matched rule?

  • A. The Multiple Matched rule is not supported in Cisco ISE.
  • B. If both Rule 1 and Rule 2 are matched based on the conditions, the switch port will only receive VLAN attribute 0 to VLAN attribute 10.
  • C. If both Rule 1 and Rule 2 are matched based on the conditions, the switch port will receive VLAN attribute 10, DACL= Employee, Voice DomainPermission = TRUE.
  • D. If both Rule 1 and Rule 2 are matched based on the conditions, the switch port will only receive DACL= Employee, Voice DomainPermission = TRUE.


Answer : B

How are access control lists implemented on a Cisco WLC in a Cisco ISE authorization policy?

  • A. Dynamic access lists are configured in Cisco ISE.
  • B. Named access lists are configured in Cisco ISE.
  • C. Named access lists are pushed down to the WLC.
  • D. Named access lists are configured on the WLC.


Answer : D

Which two statements are correct about Change of Authorization? (Choose two.)

  • A. Different Change of Authorization types of action can be set based on authorization policy.
  • B. Change of Authorization exception actions are configured globally in Cisco ISE.
  • C. Port bounce, reauth, and port shun are supported Change of Authorization types in Cisco ISE.
  • D. No CoA, port bounce, and reauth are supported Change of Authorization types in Cisco ISE.


Answer : B,D

Which two statements are correct regarding Cisco ISE Guest Services? (Choose two.)

  • A. Guest portals must be located on the same secondary node where Cisco ISE network access is configured to handle RADIUS requests in the NAD.
  • B. A guest administration user interface action can be made from the primary and secondary administration interfaces.
  • C. The configuration mode for guest services can be different for each node in the deployment.
  • D. Multiportal uploads to the primary node are replicated to the secondary node and installed as part of the standard data replication system.


Answer : A,D

What are the Cisco ISE posture building blocks?

  • A. posture check, posture rules, posture requirement, role requirements
  • B. posture condition, compound posture condition, posture requirements, posture policy
  • C. network access devices, Policy Service node, Administration node
  • D. posture condition, posture rules, role requirements


Answer : B

Which three of these are viable endpoint posture compliance statuses? (Choose three.)

  • A. unknown
  • B. infected
  • C. clean
  • D. compliant
  • E. noncompliant
  • F. quarantine


Answer : A,D,E

Which three conditions can be used for posture checking? (Choose three.)

  • A. application
  • B. operating system
  • C. file
  • D. certificate
  • E. service


Answer : A,C,E

Client provisioning resources can be added into the Cisco ISE Administration node from which three of these? (Choose three.)

  • A. www.cisco.com
  • B. local disk
  • C. Posture Agent Profile
  • D. FTP
  • E. TFTP


Answer : A,B,C

Which element is not included in the redirect URL?

  • A. hostname
  • B. port
  • C. ACL
  • D. session ID
  • E. action


Answer : C

Which Cisco ISE component intercepts HTTP and HTTPS requests and redirects them to the Guest User Portal?

  • A. Policy Service node
  • B. Administration node
  • C. Monitoring node
  • D. network access device


Answer : D

Page:    1 / 4   
Exam contains 49 questions

Talk to us!


Have any questions or issues ? Please dont hesitate to contact us

Certlibrary doesn't offer Real Microsoft Exam Questions.
Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.