Which interface-level command is needed to turn on 802 1X authentication?
A. Dot1x pae authenticator
B. dot1x system-auth-control
C. authentication host-mode single-host
D. aaa server radius dynamic-author
What sends the redirect ACL that is configured in the authorization profile back to the Cisco WLC?
A. Cisco-av-pair
B. Class attribute
C. Event
D. State attribute
Which configuration is required in the Cisco ISE authentication policy to allow Central Web Authentication?
A. MAB and if user not found, continue
B. MAB and if authentication failed, continue
C. Dot1x and if user not found, continue
D. Dot1x and if authentication failed, continue
An engineer of Company A wants to know what kind of devices are connecting to the network. Which service can be enabled on the Cisco ISE node?
A. central web authentication
B. posture
C. MAB
D. profiling
What is a function of client provisioning?
A. Client provisioning ensures that endpoints receive the appropriate posture agents.
B. Client provisioning checks a dictionary attribute with a value.
C. Client provisioning ensures an application process is running on the endpoint.
D. Client provisioning checks the existence, date, and versions of the file on a client.
Which two default guest portals are available with Cisco ISE? (Choose two.)
A. WiFi-access
B. self-registered
C. central web authentication
D. visitor
E. sponsored
A network administrator notices that after a company-wide shut down, many users cannot connect their laptops to the corporate SSID. What must be done to permit access in a timely manner?
A. Connect this system as a guest user and then redirect the web auth protocol to log in to the network.
B. Allow authentication for expired certificates within the EAP-TLS section under the allowed protocols.
C. Add a certificate issue from the CA server, revoke the expired certificate, and add the new certificate in system.
D. Authenticate the user's system to the secondary Cisco ISE node and move this user to the primary with the renewed certificate.
An engineer is configuring Cisco ISE policies to support MAB for devices that do not have 802.1X capabilities. The engineer is configuring new endpoint identity groups as conditions to be used in the AuthZ policies, but noticed that the endpoints are not hitting the correct policies.
What must be done in order to get the devices into the right policies?
A. Manually add the MAC addresses of the devices to endpoint ID groups in the context visibility database.
B. Create an AuthZ policy to identify Unknown devices and provide partial network access prior to profiling.
C. Add an identity policy to dynamically add the IP address of the devices to their endpoint identity groups.
D. Identify the non 802.1x supported device types and create custom profiles for them to profile into.
What is a function of client provisioning?
A. It ensures an application process is running on the endpoint.
B. It checks a dictionary' attribute with a value.
C. It ensures that endpoints receive the appropriate posture agents
D. It checks the existence date and versions of the file on a client.
When configuring Active Directory groups, an administrator is attempting to retrieve a group that has a name that is ambiguous with another group. What must be done so that the correct group is returned?
A. Use the SID as the identifier for the group.
B. Configure MAB to utilize one group, and 802 1xto utilize the conflicting group.
C. Select both groups, and use a TCT pointer to identity the appropriate one.
D. Utilize MIB entries to identify the desired group.
