Implementing Cisco Secure Access Solutions 試験
Question No : 1
Which protocol is EAP encapsulated in for communications between the authenticator and the authentication server ?
Question No : 2
Which two component are required for creating native supplicant profile ?
Question No : 3
Which RADIUS attribute can be used to dynamically assign the Inactivity active timer for MAB users from the Cisco ISE node?
When the inactivity timer is enabled, the switch monitors the activity from authenticated endpoints.
When the inactivity timer expires, the switch removes the authenticated session.
The inactivity timer for MAB can be statically configured on the switch port, or it can be dynamically assigned using the RADIUS Idle-Timeout attribute (Attribute 28).
Cisco recommends setting the timer using the RADIUS attribute because this approach lets gives you control over which endpoints are subject to this timer and the length of the timer for each class of endpoints.
For example, endpoints that are known to be quiet for long periods of time can be assigned a longer inactivity timer value than chatty endpoints.
Question No : 4
What are the four code fields which identify the type of an EAP packet?
Question No : 5
An engineer of Company A wants to know what kind of devices are connecting to the network. Which service can be enabled on the Cisco ISE node?
Cisco ISE Profiling Services provides dynamic detection and classification of endpoints connected to the
network.Using MAC addresses as the unique identifier, ISE collects various attributes for each network endpoint to build an internal endpoint database.
Question No : 6
Why does Cisco recommend assigning dynamic classification security group tag assignment at the access layer?
Question No : 7
A security engineer has configured a switch port in 802. 1X closed mode. Which protocol is allowed to pass through before a device is authenticated?
Question No : 8
Refer to the exhibit. Which authentication method is being used?
These authentication methods are supported with LDAP:
Extensible Authentication Protocol C Generic Token Card (EAP-GTC)
Extensible Authentication Protocol C Transport Layer Security (EAP-TLS)
Protected Extensible Authentication Protocol C Transport Layer Security (PEAP-
Question No : 9
A security engineer has a new TrustSec project and must create a few static security group tag classifications as a proof of concept. Which two classifications can the tags be mapped to? (Choose two.)
In static classification the tag maps to some thing (an IP, subnet, VLAN, or interface) rather than relying on an
authorization from the Cisco ISE.
This process of assigning the SGT is defined as “classification.” These classifications are thentransported
deeper into the network for policy enforcement
Question No : 10
How does the device sensor send information to a RADIUS server?
Question No : 11
Which command would be used in order to maintain a single open connection between a network access device and a tacacs server?
Question No : 12
When you select Centralized Web Auth in the ISE Authorization Profile, which component hosts the web authentication portal?
Question No : 13
An engineer must ensure that all client operating systems have the AnyConnect Agent for an upcoming posture implementation. Which two versions of OS does the AnyConnect posture agent support? (Choose two.)
Question No : 14
A security engineer is deploying Cisco ISE for a company's guest user services. Drag and drop the Cisco ISE persona on the left onto its function on the right.
Question No : 15
A network administrator has just added a front desk receptionist account to the Cisco ISE Guest Service sponsor group. Using the Cisco ISE Guest Sponsor Portal, which guest services can the receptionist provide?