Hub for All Education Needs
An engineer has created a redirect ACL to forward traffic to Cisco ISE. Which TCP port is used for the guest portal on ISE?Reference: https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732-central-web-auth-00.html Question: Which TCP port is used for the guest portal on ISE? Options: 8021 8080 8443 443 Correct Answer The Correct Answer for this Question is 8443
An organization is deciding between single or dual SSID solutions for onboarding BYOD devices. Which item must be considered before selecting the dual SSID solution?Reference: https://community.cisco.com/t5/security-documents/ise-byod-dual-vs-single-ssid-onboarding/ta-p/3641422 Question: Which item must be considered before selecting the dual SSID solution? Options: Wireless coverage is reduced with dual SSIDs. The second SSID adds channel overhead. Additional access points … Read more
A Cisco ISE deployment wants to use Active Directory as an external identity source. Which technology is a prerequisite to configure ISE/Active Directory integration?Reference: https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/ise_active_directory_integration/ b_ISE_AD_integration_2x.html#reference_8DC463597A644A5C9CF5D582B77BB24F Question: Which technology is a prerequisite to configure ISE/Active Directory integration? Options: PTP NTP WINS CHAP Correct Answer The Correct Answer for this Question is NTP
A network administrator must remediate unpatched servers by redirecting them to their remediation portal. Which conditions in the authorization policy must the network administrator provision on Cisco ISE to accomplish this task? Question: Which conditions in the authorization policy must the network administrator provision on Cisco ISE to accomplish this task? Options: URL redirect compliant … Read more
Which characteristic of an SGT enforcement policy is true?Unlike ACLs with an implicit deny at the end, Security Group ACLs (SGACLs) implemented on a switching platform have an implicit permit to Unknown or an implicit permit to all. This policy is not enforced on the Cisco ASA firewall or the Cisco IOS zone-based firewall acting … Read more
Which type of SGT classification method is required when authentication is unavailable? Question: Which type of SGT classification method is required when authentication is unavailable? Options: Bypass Dynamic Static Inline Correct Answer The Correct Answer for this Question is Static
An engineer is investigating an issue with their Posture Run-time Services implementation. Which protocol services are used by NAC Agents to communicate with NAC Servers? Question: Which protocol services are used by NAC Agents to communicate with NAC Servers? Options: SWISS IPsec IKEv2 FIX Correct Answer The Correct Answer for this Question is SWISS
Which supplicants(s) and server(s) are capable of supporting EAP-CHAINING? Question: Which supplicants(s) and server(s) are capable of supporting EAP-CHAINING? Options: Cisco AnyConnect NAM and Cisco Access Control Server isco Secure Services Client and Cisco Access Control Server Cisco AnyConnect NAM and Cisco Identity Service Engine Windows Native Supplicant and Cisco Identity Service Engine Correct Answer … Read more
If an endpoint is marked noncompliant during that download, a CoA is sent and the device is forced to reauthenticate, providing a different result? Question: If an endpoint is marked noncompliant during that download, a CoA is sent and the device is forced to reauthenticate, providing a different result? Options: quarantine exit default end Correct … Read more
Which internal Cisco ISE component reduces demand on JVM memory by limiting the number of devices the profiler handles? Question: Which internal Cisco ISE component reduces demand on JVM memory by limiting the number of devices the profiler handles? Options: eventHandlerQueueSize maxEndPointsInLocalDb NetworkDeviceEventHandler forwarderQueueSize Correct Answer The Correct Answer for this Question is eventHandlerQueueSize