What is an advantage of using EAP-TLS over EAP-MS-CHAPv2 for client authentication?

A.

EAP-TLS uses a username and password for authentication to enhance security, while EAP-MS-CHAPv2 does not.

B.

EAP-TLS secures the exchange of credentials, while EAP-MS-CHAPv2 does not.

C.

EAP-TLS uses a device certificate for authentication to enhance security, while EAPMS- CHAPv2 does not.

D.

EAP-TLS uses multiple forms of authentication, while EAP-MS-CHAPv2 only uses one.

Which three default endpoint identity groups does cisco ISE create? (Choose three)

A.

Unknown

B.

whitelist

C.

end point

D.

profiled

E.

blacklist

A network engineer is configuring guest access and notices that when a guest user
registers a second device for access, the first device loses access What must be done to
ensure that both devices for a particular user are able to access the guest network
simultaneously?

A.

Configure the sponsor group to increase the number of logins.

B.

Use a custom portal to increase the number of logins

C.

Modify the guest type to increase the number of maximum devices

D.

Create an Adaptive Network Control policy to increase the number of devices

MacOS users are complaining about having to read through wordy instructions when remediating their workstations to gam access to the network Which alternate method should be used to tell users how to remediate?

A.

URL link

B.

Bmessage text

C.

executable

D.

file distribution

A network administrator is configuring a secondary cisco ISE node from the backup
configuration of the primary cisco ISE node to create a high availability pair The Cisco ISE
CA certificates and keys must be manually backed up from the primary Cisco ISE and
copied into the secondary Cisco ISE Which command most be issued for this to work?

A.

copy certificate Ise

B.

application configure Ise

C.

certificate configure Ise

D.

Import certificate Ise

An engineer is configuring web authentication and needs to allow specific protocols to permit DNS traffic. Which type of access list should be used for this configuration?

A.

reflexive ACL

B.

extended ACL

C.

standard ACL

D.

numbered ACL

A network security engineer needs to configure 802.1X port authentication to allow a single
host to be authenticated for data and another single host to be authenticated for voice. Which command should the engineer run on the interface to accomplish this goal?

A.

authentication host-mode single-host

B.

authentication host-mode multi-auth

C.

authentication host-mode multi-host

D.

authentication host-mode multi-domain

When creating a policy within Cisco ISE for network access control, the administrator wants to allow different access restrictions based upon the wireless SSID to which the device is connecting. Which policy condition must be used in order to accomplish this?

A.

Network Access NetworkDeviceName CONTAINS <SSID Name>

B.

DEVICE Device Type CONTAINS <SSID Name>

C.

Radius Called-Station-ID CONTAINS <SSID Name>

D.

Airespace Airespace-Wlan-ld CONTAINS <SSID Name>

An organization is hosting a conference and must make guest accounts for several of the
speakers attending. The conference ended two days early but the guest accounts are still
being used to access the network. What must be configured to correct this?

A.

Create an authorization rule denying sponsored guest access.

B.

Navigate to the Guest Portal and delete the guest accounts.

C.

Create an authorization rule denying guest access.

D.

Navigate to the Sponsor Portal and suspend the guest accounts

What must be configured on the WLC to configure Central Web Authentication using Cisco ISE and a WLC?

A.

Set the NAC State option to SNMP NAC.

B.

Set the NAC State option to RADIUS NAC.

C.

Use the radius-server vsa send authentication command.

D.

Use the ip access-group webauth in command.