لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت

السؤال #1
A network engineer needs to ensure that the access credentials are not exposed during the 802.1x authentication among components.Which two protocols should complete this task?
A. he Cisco switches only support MAB
B. AB provides the strongest form of authentication available
C. he devices in the network do not have a supplicant
D. AB provides user authentication
عرض الإجابة
اجابة صحيحة: BD
السؤال #2
Which default endpoint identity group does an endpoint that does not match any profile in Cisco ISE become a member of?
A. ndpoint
B. nknown
C. lacklist
D. hite list
E. rofiled
عرض الإجابة
اجابة صحيحة: B
السؤال #3
A Cisco ISE administrator must restrict specific endpoints from accessing the network while in closed mode. The requirement is to have Cisco ISE centrally store the endpoints to restrict access from.What must be done to accomplish this task?
A. Create a profiling policy for each endpoint with the cdpCacheDeviceId attribute
B. Create a logical profile for each device's profile policy and block that via authorization policies
C. Add each MAC address manually to a blocklist identity group and create a policy denying access
D. Add each IP address to a policy denying access
عرض الإجابة
اجابة صحيحة: B
السؤال #4
Which two task types are included in the Cisco ISE common tasks support for TACACS+ profiles?(Choose two.)
A. etwork Access Control
B. y Devices Portal
C. pplication Visibility and Control
D. upplicant Provisioning Wizard
عرض الإجابة
اجابة صحيحة: BE
السؤال #5
Which three default endpoint identity groups does cisco ISE create? (Choose three)
A. lease refer to Explanation below for the answer
عرض الإجابة
اجابة صحيحة: ADE
السؤال #6
An engineer is designing a BYOD environment utilizing Cisco ISE for devices that do not support native supplicants Which portal must the security engineer configure to accomplish this task?
A. DM
B. lient provisioning
C. y devices
D. YOD
عرض الإجابة
اجابة صحيحة: C
السؤال #7
An administrator is troubleshooting an endpoint that is supposed to bypass 802.1X and use MAB. The endpoint is bypassing 802.1X and successfully getting network access using MAB, however the endpoint cannot communicate because it cannot obtain an IP address.What is the problem?
A. The endpoint is using the wrong protocol to authenticate with Cisco ISE
B. The 802
C. The DHCP probe for Cisco ISE is not working as expected
D. An ACL on the port is blocking HTTP traffic
عرض الإجابة
اجابة صحيحة: B
السؤال #8
An engineer is using Cisco ISE and configuring guest services to allow wireless devices to access the network.Which action should accomplish this task?
A. reate the redirect ACL on the WLC and add it to the WLC policy
B. reate the redirect ACL on the WLC and add it to the Cisco ISE policy
C. reate the redirect ACL on Cisco ISE and add it to the WLC policy
D. reate the redirect ACL on Cisco ISE and add it to the Cisco ISE Policy
عرض الإجابة
اجابة صحيحة: B
السؤال #9
Which two values are compared by the binary comparison (unction in authentication that is based on Active Directory?
A. ubject alternative name and the common name
B. S-CHAPv2 provided machine credentials and credentials stored in Active Directory
C. ser-presented password hash and a hash stored in Active Directory
D. ser-presented certificate and a certificate stored in Active Directory
عرض الإجابة
اجابة صحيحة: A
السؤال #10
Which two external identity stores support EAP-TLS and PEAP-TLS? (Choose two.)
A. RSA SecurID
B. RADIUS Token
C. Active Directory
D. Internal Database
E. LDAP
عرض الإجابة
اجابة صحيحة: CE
السؤال #11
An engineer deploys Cisco ISE and must configure Active Directory to then use information from Active Directory in an authorization policy.Which two components must be configured, in addition to Active Directory groups, to achieve this goal? (Choose two.)
A. Identity Source Sequences
B. LDAP External Identity Sources
C. Active Directory External Identity Sources
D. Library Condition for Identity Group: User Identity Group
E. Library Condition for External Identity: External Groups
عرض الإجابة
اجابة صحيحة: AC
السؤال #12
Which permission is common to the Active Directory Join and Leave operations?
A. reate a Cisco ISE machine account in the domain if the machine account does not already exist
B. emove the Cisco ISE machine account from the domain
C. et attributes on the Cisco ISE machine account
D. earch Active Directory to see if a Cisco ISE machine account already ex
عرض الإجابة
اجابة صحيحة: D
السؤال #13
Refer to the exhibitWhich switch configuration change will allow only one voice and one data endpoint on each port?
A. reate one shell profile and multiple command sets
B. reate multiple shell profiles and multiple command sets
C. reate one shell profile and one command set
D. reate multiple shell profiles and one command set
عرض الإجابة
اجابة صحيحة: A
السؤال #14
An engineer is working on a switch and must tag packets with SGT values such that it learns via SXP. Which command must be entered to meet this requirement?
A. p source guard
B. p dhcp snooping
C. p device tracking maximum
D. p arp inspection
عرض الإجابة
اجابة صحيحة: C
السؤال #15
A new employee just connected their workstation to a Cisco IP phone. The network administrator wants to ensure that the Cisco IP phone remains online when the user disconnects their Workstation from the corporate network Which CoA configuration meets this requirement?
A. onfigure a native supplicant profile to be used for checking the antivirus version
B. onfigure Cisco ISE to push the HostScan package to the endpoints to check for the antivirus version
C. reate a Cisco AnyConnect Network Visibility Module configuration profile to send the antivirus information of the endpoints to Cisco ISE
D. reate a Cisco AnyConnect configuration within Cisco ISE for the Compliance Module and associated configuration files
عرض الإجابة
اجابة صحيحة: C
السؤال #16
How is policy services node redundancy achieved in a deployment?
A. y enabling VIP
B. y utilizing RADIUS server list on the NAD
C. y creating a node group
D. y deploying both primary and secondary node
عرض الإجابة
اجابة صحيحة: C
السؤال #17
Which two roles are taken on by the administration person within a Cisco ISE distributed environment? (Choose two.)
A. lease refer to Explanation below for the answer
عرض الإجابة
اجابة صحيحة: BD
السؤال #18
Which statement about configuring certificates for BYOD is true?
A. n Android endpoint uses EST, whereas other operating systems use SCEP for enrollment
B. he SAN field is populated with the end user name
C. n endpoint certificate is mandatory for the Cisco ISE BYOD
D. he CN field is populated with the endpoint host name
عرض الإجابة
اجابة صحيحة: C
السؤال #19
What sends the redirect ACL that is configured in the authorization profile back to the Cisco WLC?
A. isco-av-pair
B. lass attribute
C. vent
D. tate attribute
عرض الإجابة
اجابة صحيحة: A
السؤال #20
A network security engineer needs to configure 802.1X port authentication to allow a single host to be authenticated for data and another single host to be authenticated for voice.Which command should the engineer run on the interface to accomplish this goal?
A. uthentication host-mode single-host
B. uthentication host-mode multi-auth
C. uthentication host-mode multi-host
D. uthentication host-mode multi-domain
عرض الإجابة
اجابة صحيحة: D
السؤال #21
Which two probes must be enabled for the ARP cache to function in the Cisco ISE profile service so that a user can reliably bind the IP address and MAC addresses of endpoints? (Choose two.)
A. ession timeout
B. dle timeout
C. adius-server timeout
D. ermination-action
عرض الإجابة
اجابة صحيحة: DE
السؤال #22
Which portal is used to customize the settings for a user to log in and download the compliance module?
A. lient Profiling
B. lient Endpoint
C. lient Provisioning
D. lient Guest
عرض الإجابة
اجابة صحيحة: C
السؤال #23
What happens when an internal user is configured with an external identity store for authentication, but an engineer uses the Cisco ISE admin portal to select an internal identity store as the identity source?
A. uthentication is redirected to the internal identity source
B. uthentication is redirected to the external identity source
C. uthentication is granted
D. uthentication fails
عرض الإجابة
اجابة صحيحة: D
السؤال #24
An employee logs on to the My Devices portal and marks a currently on-boarded device as `Lost'.
A. AC authentication bypass
B. hange of authorization
C. ACACS authentication
D. ADIUS authentication
عرض الإجابة
اجابة صحيحة: AB
السؤال #25
An engineer is configuring Cisco ISE to reprofile endpoints based only on new requests of INIT- REBOOT and SELECTING message types.Which probe should be used to accomplish this task?
A. MAP
B. NS
C. HCP
D. ADIUS
عرض الإجابة
اجابة صحيحة: C
السؤال #26
Which two fields are available when creating an endpoint on the context visibility page of Cisco IS? (Choose two)
A. t enables the https server for users for web authentication
B. t enables MAB authentication on the switch
C. t enables the switch to redirect users for web authentication
D. t enables dot1x authentication on the switch
عرض الإجابة
اجابة صحيحة: AC
السؤال #27
An organization wants to standardize the 802 1X configuration on their switches and remove static ACLs on the switch ports while allowing Cisco ISE to communicate to the switch what access to provide What must be configured to accomplish this task?
A. ecurity group tag within the authorization policy
B. xtended access-list on the switch for the client
C. ort security on the switch based on the client's information
D. ynamic access list within the authorization profile
عرض الإجابة
اجابة صحيحة: A
السؤال #28
What is the minimum certainty factor when creating a profiler policy?
A. he minimum number that a predefined condition provides
B. he maximum number that a predefined condition provides
C. he minimum number that a device certainty factor must reach to become a member of the profile
D. he maximum number that a device certainty factor must reach to become a member of the profile
عرض الإجابة
اجابة صحيحة: C
السؤال #29
An administrator is configuring a Cisco ISE posture agent in the client provisioning policy and needs to ensure that the posture policies that interact with clients are monitored, and end users are required to comply with network usage rules Which two resources must be added in Cisco ISE to accomplish this goal? (Choose two)
A. ulti-auth to multi-domain
B. ab to dot1x
C. uto to manual
D. ulti-auth to single-auth
عرض الإجابة
اجابة صحيحة: AE
السؤال #30
An engineer is designing a new distributed deployment for Cisco ISE in the network and is considering failover options for the admin nodes. There is a need to ensure that an admin node is available for configuration of policies at all times.What is the requirement to enable this feature?
A. ne primary admin and one secondary admin node in the deployment
B. ne policy services node and one secondary admin node
C. ne policy services node and one monitoring and troubleshooting node
D. ne primary admin node and one monitoring and troubleshooting node
عرض الإجابة
اجابة صحيحة: A
السؤال #31
A policy is being created in order to provide device administration access to the switches on a network. There is a requirement to ensure that if the session is not actively being used, after 10 minutes, it will be disconnected.Which task must be configured in order to meet this requirement?
A. ession timeout
B. dle time
C. onitor
D. et attribute as
عرض الإجابة
اجابة صحيحة: A
السؤال #32
What service can be enabled on the Cisco ISE node to identity the types of devices connecting to a network?
A. auses a network access switch not to track 802
B. lobally enables 802
C. nables 802
D. auses a network access switch to track 802
عرض الإجابة
اجابة صحيحة: B
السؤال #33
An engineer is configuring Cisco ISE and needs to dynamically identify the network endpoints and ensure that endpoint access is protected. Which service should be used to accomplish this task?
A. uest access
B. rofiling
C. osture
D. lient provisioning
عرض الإجابة
اجابة صحيحة: B
السؤال #34
An engineer is implementing Cisco ISE and needs to configure 802.1X. The port settings are configured for port-based authentication.Which command should be used to complete this configuration?
A. ot1x pae authenticator
B. ot1x system-auth-control
C. uthentication port-control auto
D. aa authentication dot1x default group radius
عرض الإجابة
اجابة صحيحة: B
السؤال #35
What are two requirements of generating a single signing in Cisco ISE by using a certificate provisioning portal, without generating a certificate request? (Choose two )
A. AB
B. rofiling
C. osture
D. entral web authentication
عرض الإجابة
اجابة صحيحة: BD
السؤال #36
There is a need within an organization for a new policy to be created in Cisco ISE. It must validate that a specific anti-virus application is not only installed, but running on a machine before it is allowed access to the network.Which posture condition should the administrator configure in order for this policy to work?
A. ile
B. egistry
C. pplication
D. ervice
عرض الإجابة
اجابة صحيحة: C
السؤال #37
An engineer is using profiling to determine what access an endpoint must receive. After configuring both Cisco ISE and the network devices for 802.1X and profiling, the endpoints do not profile prior to authentication.What are two reasons this is happening? (Choose two.)
A. Closed mode is restricting the collection of the attributes prior to authentication
B. The HTTP probe is malfunctioning due to closed mode being enabled
C. The SNMP probe is not enabled
D. NetFlow is not enable on the switch, so the attributes will not be collected
E. The switch is collecting the attributes via RADIUS but the probes are not sending them
عرض الإجابة
اجابة صحيحة: CE
السؤال #38
A network administrator is configuring authorization policies on Cisco ISE There is a requirement to use AD group assignments to control access to network resources After a recent power failure and Cisco ISE rebooting itself, the AD group assignments no longer work What is the cause of this issue?
A. he AD join point is no longer connected
B. he AD DNS response is slow
C. he certificate checks are not being conducted
D. he network devices ports are shut down
عرض الإجابة
اجابة صحيحة: A
السؤال #39
A network administrator has just added a front desk receptionist account to the Cisco ISE Guest Service sponsor group. Using the Cisco ISE Guest Sponsor Portal, which guest services can the receptionist provide?
A. eep track of guest user activities
B. onfigure authorization settings for guest users
C. reate and manage guest user accounts
D. uthenticate guest users to Cisco ISE
عرض الإجابة
اجابة صحيحة: C
السؤال #40
There are several devices on a network that are considered critical and need to be placed into the ISE database and a policy used for them. The organization does not want to use profiling.What must be done to accomplish this goal?
A. nter the MAC address in the correct Endpoint Identity Group
B. nter the MAC address in the correct Logical Profile
C. nter the IP address in the correct Logical Profile
D. nter the IP address in the correct Endpoint Identity Group
عرض الإجابة
اجابة صحيحة: A
السؤال #41
What gives Cisco ISE an option to scan endpoints for vulnerabilities?
A. uthorization policy
B. uthentication policy
C. uthentication profile
D. uthorization profile
عرض الإجابة
اجابة صحيحة: A
السؤال #42
DRAG DROP (Drag and Drop is not supported)Drag and drop the description from the left onto the protocol on the right that is used to carry out system authentication, authorization, and accounting.
A. lease refer to Explanation below for the answer
عرض الإجابة
اجابة صحيحة: A
السؤال #43
A network administrator is setting up wireless guest access and has been unsuccessful in testing client access. The endpoint is able to connect to the SSID but is unable to grant access to the guest network through the guest portal.What must be done to identify the problem?
A. se context visibility to verify posture status
B. se the endpoint ID to execute a session trace
C. se the identity group to validate the authorization rules
D. se traceroute to ensure connectivity
عرض الإجابة
اجابة صحيحة: B
السؤال #44
Which two features are available when the primary admin node is down and the secondary admin node has not been promoted? (Choose two.)
A. TTP
B. MTP
C. TTPS
D. SH
عرض الإجابة
اجابة صحيحة: BC
السؤال #45
An organization is implementing Cisco ISE posture services and must ensure that a host-based firewall is in place on every Windows and Mac computer that attempts to access the network They have multiple vendors' firewall applications for their devices, so the engineers creating the policies are unable to use a specific application check in order to validate the posture for this What should be done to enable this type of posture check?
A. se the file registry condition to ensure that the firewal is installed and running appropriately
B. se a compound condition to look for the Windows or Mac native firewall applications
C. nable the default firewall condition to check for any vendor firewall application
D. nable the default application condition to identify the applications installed and validade the firewall app
عرض الإجابة
اجابة صحيحة: C
السؤال #46
During BYOD flow, from where does a Microsoft Windows PC download the Network Setup Assistant?
A. n authenticated, wired EAP-capable endpoint is discovered
B. n endpoint profiling policy is changed for authorization policy
C. n endpoint that is disconnected from the network is discovered
D. ndpoints are created through device registration for the guests
عرض الإجابة
اجابة صحيحة: C
السؤال #47
What must be configured on the Cisco ISE authentication policy for unknown MAC addresses/identities for successful authentication?
A. ass
B. eject
C. rop
D. ontinue
عرض الإجابة
اجابة صحيحة: D
السؤال #48
An engineer is starting to implement a wired 802.1X project throughout the campus. The task is for failed authentication to be logged to Cisco ISE and also have a minimal impact on the users. Which command must the engineer configure?
A. uthentication open
B. ae dot1x enabled
C. uthentication host-mode multi-auth
D. onitor-mode enabled
عرض الإجابة
اجابة صحيحة: D
السؤال #49
What does the dot1x system-auth-control command do?
A. how authentication sessions output
B. how authentication sessions
C. how authentication sessions interface Gi 1/0/x
D. how authentication sessions interface Gi1/0/x output
عرض الإجابة
اجابة صحيحة: B
السؤال #50
An engineer is configuring web authentication using non-standard ports and needs the switch to redirect traffic to the correct port.Which command should be used to accomplish this task?
A. ermit tcp any any eq
B. aa group server radius proxy
C. p http port
D. aa group server radius
عرض الإجابة
اجابة صحيحة: C
السؤال #51
An engineer is migrating users from MAB to 802.1X on the network. This must be done during normal business hours with minimal impact to users.Which CoA method should be used?
A. ort Bounce
B. ort Shutdown
C. ession Termination
D. ession Reauthentication
عرض الإجابة
اجابة صحيحة: D
السؤال #52
When configuring an authorization policy, an administrator cannot see specific Active Directory groups present in their domain to be used as a policy condition. However, other groups that are in the same domain are seen What is causing this issue?
A. isco ISE only sees the built-in groups, not user created ones
B. he groups are present but need to be manually typed as conditions
C. isco ISE's connection to the AD join point is failing
D. he groups are not added to Cisco ISE under the AD join point
عرض الإجابة
اجابة صحيحة: D
السؤال #53
A Cisco ISE administrator needs to ensure that guest endpoint registrations are only valid for one day When testing the guest policy flow, the administrator sees that the Cisco ISE does not delete the endpoint in the Guest Endpoints identity store after one day and allows access to the guest network after that period.Which configuration is causing this problem?
A. he Endpoint Purge Policy is set to 30 days for guest devices
B. he RADIUS policy set for guest access is set to allow repeated authentication of the same device
C. he length of access is set to 7 days in the Guest Portal Settings
D. he Guest Account Purge Policy is set to 15 days
عرض الإجابة
اجابة صحيحة: A
السؤال #54
Which RADIUS attribute is used to dynamically assign the Inactivity active timer for MAB users from the Cisco ISE node?
A. NMP version
B. hared secret
C. ertificate
D. rofile
عرض الإجابة
اجابة صحيحة: B
السؤال #55
An engineer is testing Cisco ISE policies in a lab environment with no support for a deployment server. In order to push supplicant profiles to the workstations for testing, firewall ports will need to be opened. From which Cisco ISE persona should this traffic be originating?
A. onitoring
B. olicy service
C. dministration
D. uthentication
عرض الإجابة
اجابة صحيحة: B
السؤال #56
Which two methods should a sponsor select to create bulk guest accounts from the sponsor portal? (Choose two.)
A. Known
B. Monthly
C. Daily
D. Imported
E. Random
عرض الإجابة
اجابة صحيحة: AE
السؤال #57
Which two endpoint compliance statuses are possible? (Choose two.)
A. lease refer to Explanation below for the answer
عرض الإجابة
اجابة صحيحة: AD
السؤال #58
What is a valid guest portal type?
A. ponsored-Guest
B. y Devices
C. ponsor
D. aptive-Guest
عرض الإجابة
اجابة صحيحة: A
السؤال #59
What is the purpose of the ip http server command on a switch?
A. It enables the https server for users for web authentication
B. It enables dot1x authentication on the switch
C. It enables MAB authentication on the switch
D. It enables the switch to redirect users for web authentication
عرض الإجابة
اجابة صحيحة: C
السؤال #60
What are two components of the posture requirement when configuring Cisco ISE posture? (Choose two)
A. y enabling 802
B. y the Security Group Tag Exchange Protocol
C. y embedding the security group tag in the IP header
D. y embedding the security group tag in the 802
عرض الإجابة
اجابة صحيحة: BD
السؤال #61
In a Cisco ISE split deployment model, which load is split between the nodes?
A. AA
B. etwork admission
C. og collection
D. evice admission
عرض الإجابة
اجابة صحيحة: A

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف: