Q21. Which error in a redirect ACL can cause the redirection of an endpoint to the provisioning portal to fail? 

A. The redirect ACL is blocking access to ports 80 and 443. 

B. The redirect ACL is applied to an incorrect SVI. 

C. The redirect ACL is blocking access to the client provisioning portal. 

D. The redirect ACL is blocking access to Cisco ISE port 8905. 

Answer:


Q22. Which setting provides the best security for a WLAN and authenticates users against a centralized directory store? 

A. WPA2 AES-CCMP and 801.X authentication 

B. WPA2 AES-CCMP and PSK authentication 

C. WPA2 TKIP and PSK authentication 

D. WPA2 TKIP and 802.1X authentication 

Answer:


Q23. When RADIUS NAC and AAA Override are enabled for a WLC on a Cisco ISE, which two statements about RADIUS NAC are true? (Choose two.) 

A. It returns an access-accept and sends the redirection URL for all users. 

B. It establishes secure connectivity between the RADIUS server and the Cisco ISE. 

C. It allows the Cisco ISE to send a CoA request that indicates when the user is authenticated. 

D. It is used for posture assessment, so the Cisco ISE changes the user profile based on posture result. 

E. It allows multiple users to authenticate at the same time. 

Answer: C,D 


Q24. What steps must you perform to deploy a CA-signed identify certificate on an ISE device? 

A. 1. Download the CA server certificate. 

2. Generate a signing request and save it as a file. 

3. Access the CA server and submit the ISE request. 

4. Install the issued certificate on the ISE. 

B. 1. Download the CA server certificate. 

2. Generate a signing request and save it as a file. 

3. Access the CA server and submit the ISE request. 

4. Install the issued certificate on the CA server. 

C. 1. Generate a signing request and save it as a file. 

2. Download the CA server certificate. 

3. Access the ISE server and submit the CA request. 

4. Install the issued certificate on the CA server. 

D. 1. Generate a signing request and save it as a file. 

2. Download the CA server certificate. 

3. Access the CA server and submit the ISE request. 

4. Install the issued certificate on the ISE. 

Answer:


Q25. Where is client traffic decrypted in a controller-based wireless network protected with WPA2 Security? 

A. Access Point 

B. Switch 

C. Wireless LAN Controller 

D. Authentication Server 

Answer:


Q26. Which action must an administrator take after joining a Cisco ISE deployment to an Active Directory domain? 

A. Choose an Active Directory user. 

B. Configure the management IP address. 

C. Configure replication. 

D. Choose an Active Directory group. 

Answer:


Q27. Which administrative role has permission to assign Security Group Access Control Lists? 

A. System Admin 

B. Network Device Admin 

C. Policy Admin 

D. Identity Admin 

Answer:


Q28. Which two identity store options allow you to authorize based on group membership? (Choose two). 

A. Lightweight Directory Access Protocol 

B. RSA SecurID server 

C. RADIUS 

D. Active Directory 

Answer: A,D 


Q29. What implementation must be added to the WLC to enable 802.1X and CoA for wireless endpoints? 

A. the ISE 

B. an ACL 

C. a router 

D. a policy server 

Answer:


Q30. In the command 'aaa authentication default group tacacs local', how is the word 'default' defined? 

A. Command set 

B. Group name 

C. Method list 

D. Login type 

Answer: