An administrator is configuring posture assessment in Cisco ISE for the first time. Which two components must be uploaded to Cisco ISE to use Secure Client for the agent configuration in a client provisioning policy?

An engineer wants to learn more about Cisco ISE and deployed a new lab with two nodes. Which two persona configurations allow the engineer to successfully test redundancy of a failed node?

An administrator is troubleshooting an endpoint that is supposed to bypass 802.1X and use MAB. The endpoint is bypassing 802.1X and successfully getting network access using MAB, however the endpoint cannot communicate because it cannot obtain an IP address. What is the problem?

An administrator is configuring a Cisco WLC for web authentication. Which two client profiling methods are enabled by default if the Apply Cisco ISE Default Settings check box has been selected?

An engineer is designing a BYOD environment utilizing Cisco ISE for devices that do not support native supplicants. Which portal must the security engineer configure to accomplish this task?

Which two authentication protocols are supported by RADIUS but not by TACACS+?

An engineer is deploying Cisco ISE to use 802.1x authentication for controlling access to the company's wired network. The request from company management is to minimize the impact on users during the rollout of 802.1x on the company switches. Which mode must be used first in a phased 802.1X deployment to fulfill this request?

An administrator needs to allow guest devices to connect to a private network without requiring usernames and passwords. Which two features must be configured to allow for this?

Which two probes provide IP-to-MAC address binding information to the ARP cache in Cisco ISE?

An engineer must configure an HTTP probe on a Cisco ISE virtual appliance running on VMWare using a dedicated interface for profiling. The interface is assigned to the VM Network port group. The engineer is logged into the hypervisor with a user account that only provides access to the Cisco ISE VM and the network settings for the VM. Which security setting must be changed for this interface to accept SPAN traffic?

An organization wants to enable web-based guest access for both employees and visitors. The goal is to use a single portal for both user types. Which two authentication methods should be used to meet this requirement?

An engineer is configuring sponsored guest access and needs to limit each sponsored guest to a maximum of two devices. There are other guest services in production that rely on the default guest types. How should this configuration change be made without disrupting the other guest services currently offering three or more guest devices per user?

An engineer deploys Cisco ISE and must configure Active Directory to then use information from Active Directory in an authorization policy. Which two components must be configured, in addition to Active Directory groups, to achieve this goal?

A network administrator is configuring a secondary Cisco ISE node from the backup configuration of the primary Cisco ISE node to create a high availability pair. The Cisco ISE CA certificates and keys must be manually backed up from the primary Cisco ISE and copied into the secondary Cisco ISE. Which command must be issued for this to work?

Due to a recent network incident, all access to network devices must be centrally logged and tracked in Cisco ISE. On which nodes must the Device Admin service be enabled?

An administrator is configuring an AD domain to be used with authentication for endpoints and users within Cisco ISE. Which two steps are required to configure this to be used as an external identity store?

To configure BYOD using Cisco ISE, an administrator is considering issuing certificates to the devices connecting to provide a better user experience. Extemal CA servers cannot be used for this purpose because everything must be local to the Cisco ISE. What must be done to accomplish this?

A network engineer is configuring a new certificate template on the internal CA within Cisco ISE to provision certificates to BYOD devices that must be enrolled in the network. What must be configured in the SAN field of the certificate to identify the devices after enrollment?

An engineer tests Cisco ISE posture services on the network and must configure the compliance module to automatically download and install on endpoints. Which action accomplishes this task for VPN users?

A network administrator must configure endpoints using an 802.1X authentication method with EAP identity certificates that are provided by the Cisco ISE. When the endpoint presents the identity certificate to Cisco ISE to validate the certificate, endpoints must be authorized to connect to the network. Which EAP type must be configured by the network administrator to complete this task?