Implementing and Configuring Cisco Identity Services Engine (SISE) v6.2
Question 1
Which URL should you enter into the SCEP Certificate Authority profile to enable Native
Supplicant Provisioning?
- A. http:/[ise-server-name/IP]/mscep/mscep.dll
- B. http:/[ise-server-name/IP]/mscep/scep.dll
- C. http:/[ise-server-name/IP]/certsrv/scep/scep.dll
- D. http:/[ise-server-name/IP]/certsrv/mscep/mscep.dll
Answer : D
Question 2
Which network information device sensor is sending in the RADIUS accounting packet?
- A. DHCP
- B. HTTP
- C. LLDP
- D. CDP
Answer : A
Question 3
Which of these is not a default behavior of Cisco ISE 1.1, with respect to authentication, when a user connects to a switch port that is configured for 802.1X, MAB, and web authentication?
- A. MAB uses internal endpoints for retrieving identity.
- B. 802.1X uses internal users for retrieving identity.
- C. Central WebAuth relies on MAB for initial port authentication.
- D. Authentication fails if there is no matching policy.
Answer : D
Question 4
Refer to the exhibit.
Which two statements about the exhibit are true? (Choose two.)
- A. The default behavior is shown in the exhibit.
- B. The default behavior should be Continue/Continue/Continue.
- C. If Continue/Continue/Continue is configured, the endpoint is allowed on the network.
- D. The default Identity Source is shown in the exhibit.
Answer : A,D
Question 5
Refer to the exhibit.
Which two statements are true about identity groups and their use in an authorization policy? (Choose two.)
- A. Only user identity groups can be created in Cisco ISE.
- B. User identity groups can reference internal and external stores.
- C. The Whitelist identity group that is shown in the exhibit can be used to contain MAC addresses that are statically entered into Cisco ISE.
- D. The Whitelist identity group is one of the predefined identity groups in Cisco ISE.
- E. Identity groups can only reference internal endpoints and users in the local database.
Answer : C,E
Question 6
Refer to the exhibit.
The authorization policy is using "Multiple Matched Rule Applies" for rule matching.
ProfileA = VLAN attribute 10 -
ProfileB = DACL= Employee, Voice DomainPermission = TRUE
Which statement is correct with regards to the Multiple Matched rule?
- A. The Multiple Matched rule is not supported in Cisco ISE.
- B. If both Rule 1 and Rule 2 are matched based on the conditions, the switch port will only receive VLAN attribute 0 to VLAN attribute 10.
- C. If both Rule 1 and Rule 2 are matched based on the conditions, the switch port will receive VLAN attribute 10, DACL= Employee, Voice DomainPermission = TRUE.
- D. If both Rule 1 and Rule 2 are matched based on the conditions, the switch port will only receive DACL= Employee, Voice DomainPermission = TRUE.
Answer : B
Question 7
How are access control lists implemented on a Cisco WLC in a Cisco ISE authorization policy?
- A. Dynamic access lists are configured in Cisco ISE.
- B. Named access lists are configured in Cisco ISE.
- C. Named access lists are pushed down to the WLC.
- D. Named access lists are configured on the WLC.
Answer : D
Question 8
Which two statements are correct about Change of Authorization? (Choose two.)
- A. Different Change of Authorization types of action can be set based on authorization policy.
- B. Change of Authorization exception actions are configured globally in Cisco ISE.
- C. Port bounce, reauth, and port shun are supported Change of Authorization types in Cisco ISE.
- D. No CoA, port bounce, and reauth are supported Change of Authorization types in Cisco ISE.
Answer : BD
Question 9
Which two statements are correct regarding Cisco ISE Guest Services? (Choose two.)
- A. Guest portals must be located on the same secondary node where Cisco ISE network access is configured to handle RADIUS requests in the NAD.
- B. A guest administration user interface action can be made from the primary and secondary administration interfaces.
- C. The configuration mode for guest services can be different for each node in the deployment.
- D. Multiportal uploads to the primary node are replicated to the secondary node and installed as part of the standard data replication system.
Answer : A,D
Question 10
What are the Cisco ISE posture building blocks?
- A. posture check, posture rules, posture requirement, role requirements
- B. posture condition, compound posture condition, posture requirements, posture policy
- C. network access devices, Policy Service node, Administration node
- D. posture condition, posture rules, role requirements
Answer : B
Question 11
Which three of these are viable endpoint posture compliance statuses? (Choose three.)
- A. unknown
- B. infected
- C. clean
- D. compliant
- E. noncompliant
- F. quarantine
Answer : A,D,E
Question 12
Which three conditions can be used for posture checking? (Choose three.)
- A. application
- B. operating system
- C. file
- D. certificate
- E. service
Answer : ACE
Question 13
Client provisioning resources can be added into the Cisco ISE Administration node from which three of these? (Choose three.)
- A. www.cisco.com
- B. local disk
- C. Posture Agent Profile
- D. FTP
- E. TFTP
Answer : ABC
Question 14
Which element is not included in the redirect URL?
- A. hostname
- B. port
- C. ACL
- D. session ID
- E. action
Answer : C
Question 15
Which Cisco ISE component intercepts HTTP and HTTPS requests and redirects them to the Guest User Portal?
- A. Policy Service node
- B. Administration node
- C. Monitoring node
- D. network access device
Answer : D