Jump to content

ccnpexam18

Members
  • Content Count

    2
  • Joined

  • Last visited

Community Reputation

1,694 Excellent

6 Followers

About ccnpexam18

  • Rank
    Junior Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. @Karabas, thanks a lot for your explanations, you wrote: Yes, it's clear. But at least should it be something very similar?
  2. Hello everyone, Could somebody clarify what useful hint documents should we use for CCIE Security V6 Lab preparation? Based on official site: [Hidden Content] CCIE Security V6 Lab should be based on almost all Cisco Security technologies (ASA, FTD, AMP4E, ESA, ISE, Umbrella, WSA, IOS and even StealthWatch) Some users shares V6 Lab Workbook: But it's based only on a few solutions (ASA, routers, switches... ) so I don't think that we will have only that on exam. Here is CCIE Security (v6.0) Equipment and Software List: [Hidden Content] That's why I assume the workbooks should include at least the main technologies (ASA, FTD, ESA, WSA, ISE and IOS). I've never taken any CCIE labs, that's why could you clarify what should we look for in the i-net and here(Workbooks, maybe some labs, something else we might have on exam)? Are there some dumps for that with the configuration steps/screenshots etc? Cisco shared a great Learning Matrix for CCIE Security preparation: [Hidden Content] but still there should be some materials that we can use for a better preparation. Please, feel free to share your opinion and what you already have and found. In addition, please, don't write, watch the videos/trainings from Obama or Putin, could you be more specific and provide the links where we can find them. Thank you in advance.
  3. Hello everyone, could you clarify what is the point of this workbook? Do you mean that this is something that we should expect on the real CCIE Security exam? If yes, it's only about ASAs, routers and switches... how is it possible? What about WSA, ESA, FTD, AMP4E, ISE etc? In the shared document there are some .unl files, what should we do with them? Could somebody clarify, please, because it's not clear at all.
  4. Hello everyone, The dumps are valid and I passed today with a high score. I'd like to share with you questions and answers I used. I did my homework and reviewed all the questions. I don't have VCE readers, so I use only PDF! That's why for everyone who doesn't have VCE and wanted a PDF file, feel free to use it! I'll paste all the Q&A here. Just to mention what I used. 1. I provided almost everywhere links or screenshots 2. Where it was possible I tried to use the ISE 2.6 release. (the latest is 2.7, but there shouldn't be any difference in the answers) 3. I didn't use at all 1.x releases (because they are too old) and tried to avoid 2.0 - 2.3 releases 4. Where it was possible I provided screenshots from ISE 2.6 5. Some of the links are not from the admin guide, but are from community (just keep in mind that their authors are Cisco BU, so we can trust them!!!) 6. I marked in YELLOW questions, where my answer is different from the dumps I uploaded on the fist page. 7. Since the PDF is created by my, I don't want to upload it, because there might be some metadata from my pc/names etc, that's why I just post everything here. 8. Thanks to everyone who supported this topic ( I tried to compare your comments and answers and in general, we are on the same page...) Enjoy!!! QUESTION 1 Which two fields are available when creating an endpoint on the context visibility page of Cisco ISE? (Choose two ) A. Policy Assignment B. Endpoint Family C. Identity Group Assignment D. Security Group Tag E. IP Address Answer: AC QUESTION 2 When configuring Active Directory groups, what does the Cisco ISE use to resolve ambiguous group names? A. MIB B. TGT C. OMAB D. SID Answer: D [Hidden Content] QUESTION 3 What is the purpose of the ip http server command on a switch? A. It enables the https server for users for web authentication B. It enables MAB authentication on the switch C. It enables the switch to redirect users for web authentication. D. It enables dot1x authentication on the switch. Answer: C [Hidden Content] QUESTION 4 What are two requirements of generating a single signing in Cisco ISE by using a certificate provisioning portal, without generating a certificate request? (Choose two ) A. Location the CSV file for the device MAC B. Select the certificate template C. Choose the hashing method D. Enter the common name E. Enter the IP address of the device Answer: BD Explanation: [Hidden Content] QUESTION 5 What service can be enabled on the Cisco ISE node to identity the types of devices connecting to a network? A. MAB B. profiling C. posture D. central web authentication Answer: B [Hidden Content] QUESTION 6 In which two ways can users and endpoints be classified for TrustSec? (Choose two) A. VLAN B. SXP C. dynamic D. QoS E. SGACL Answer: AC (the previous answer was E, which is wrong) Classification means assigning an SGT to an IP address. IPv4 and IPv6 IP addresses are supported. There are dynamic and static classifications: [Hidden Content] SGACL is the wrong answer, because it’s an enforcement mechanism QUESTION 7 What does the dot1x system-auth-control command do? A. causes a network access switch not to track 802.1x sessions B. globally enables 802.1x C. enables 802.1x on a network access device interface D. causes a network access switch to track 802.1x sessions Answer: B Explanation: [Hidden Content] QUESTION 8 Which command displays all 802 1X/MAB sessions that are active on the switch ports of a Cisco Catalyst switch? A. show authentication sessions output B. Show authentication sessions C. show authentication sessions interface Gi 1/0/x D. show authentication sessions interface Gi1/0/x output Answer: B [Hidden Content]#65566 QUESTION 9 What gives Cisco ISE an option to scan endpoints for vulnerabilities? A. authorization policy B. authentication policy C. authentication profile D. authorization profile Answer: D QUESTION 10 A network administrator has just added a front desk receptionist account to the Cisco ISE Guest Service sponsor group. Using the Cisco ISE Guest Sponsor Portal, which guest services can the receptionist provide? A. Keep track of guest user activities B. Configure authorization settings for guest users C. Create and manage guest user accounts D. Authenticate guest users to Cisco ISE Answer: C [Hidden Content] QUESTION 11 Which interface-level command is needed to turn on 802 1X authentication? A. Dofl1x pae authenticator B. dot1x system-auth-control C. authentication host-mode single-host D. aaa server radius dynamic-author Answer: A: [Hidden Content] [Hidden Content] QUESTION 12 Which permission is common to the Active Directory Join and Leave operations? A. Create a Cisco ISE machine account in the domain if the machine account does not already exist B. Remove the Cisco ISE machine account from the domain. C. Set attributes on the Cisco ISE machine account D. Search Active Directory to see if a Cisco ISE machine account already exists. Answer: D [Hidden Content] QUESTION 13 Which two features must be used on Cisco ISE to enable the TACACS. feature? (Choose two) A. Device Administration License B. Server Sequence C. Command Sets D. Device Admin Service E. External TACACS Servers Answer: AD [Hidden Content] QUESTION 14 During BYOD flow, from where does a Microsoft Windows PC download the Network Setup Assistant? A. Cisco App Store B. Microsoft App Store C. Cisco ISE directly D. Native OTA functionality Answer: C QUESTION 15 Drag and Drop Question Drag the steps to configure a Cisco ISE node as a primary administration node from the left into the correct order on the night. Answer: [Hidden Content] QUESTION 16 What are two components of the posture requirement when configuring Cisco ISE posture? (Choose two ) A. updates B. remediation actions C. Client Provisioning portal D. conditions E. access policy Answer: BD QUESTION 17 What is a method for transporting security group tags throughout the network? A. by enabling 802.1AE on every network device B. by the Security Group Tag Exchange Protocol C. by embedding the security group tag in the IP header D. by embedding the security group tag in the 802.1Q header Answer: B [Hidden Content] QUESTION 18 Which two ports must be open between Cisco ISE and the client when you configure posture on Cisco ISE? (Choose two). A. TCP 8443 B. TCP 8906 C. TCP 443 D. DTCP80 E. TCP 8905 Answer: AE [Hidden Content] QUESTION 19 Which profiling probe collects the user-agent string? A. DHCP B. AD C. HTTP D. NMAP Answer: C [Hidden Content] QUESTION 20 Which supplicant(s) and server(s) are capable of supporting EAP-CHAINING? A. Cisco AnyConnect NAM and Cisco Identity Service Engine B. Cisco AnyConnect NAM and Cisco Access Control Server C. Cisco Secure Services Client and Cisco Access Control Server D. Windows Native Supplicant and Cisco Identity Service Engine Answer: A [Hidden Content] QUESTION 21 Which two values are compared by the binary comparison function in authentication that is based on Active Directory? (Choose Two) A. subject alternative name and the common name B. MS-CHAFV2 provided machine credentials and credentials stored in Active Directory C. user-presented password hash and a hash stored in Active Directory D. user-presented certificate and a certificate stored in Active Directory Answer: AD (The previous answer B should be wrong) [Hidden Content] QUESTION 22 Which Cisco ISE component intercepts HTTP and HTTPS requests and redirects them to the Guest User Portal? A. network access device B. Policy Service node C. Monitoring node D. Administration node Answer: A QUESTION 23 What are two benefits of TACACS+ versus RADIUS for device administration? (Choose two ) A. TACACS+ supports 802.1X, and RADIUS supports MAB B. TACACS+ uses UDP, and RADIUS uses TCP C. TACACS+ has command authorization, and RADIUS does not. D. TACACS+ provides the service type, and RADIUS does not E. TACACS+ encrypts the whole payload, and RADIUS encrypts only the password. Answer: CE [Hidden Content] QUESTION 24 Client provisioning resources can be added into the Cisco ISE Administration node from which three of these? (Choose three.) A. FTP B. TFTP C. www-cisco.com D. local disk E. Posture Agent Profile Answer: CDE [Hidden Content] QUESTION 25 How is policy services node redundancy achieved in a deployment? A. by enabling VIP B. by utilizing RADIUS server list on the NAD C. by creating a node group D. by deploying both primary and secondary node Answer: B or C (the previous answer D is wrong) Since you can point NAD to many PSN nodes and creating of a node group is an only recommendation (not mandatory), answer B could be also correct [Hidden Content] QUESTION 26 If a user reports a device lost or stolen, which portal should be used to prevent the device from accessing the network while still providing information about why the device is blocked? A. Client Provisioning B. Guest C. BYOD D. Blacklist Answer: D Explanation: [Hidden Content] QUESTION 27 A user reports that the RADIUS accounting packets are not being seen on the Cisco ISE server. Which command is the user missing in the switch's configuration? A. radius-server vsa send accounting B. aaa accounting network default start-stop group radius C. aaa accounting resource default start-stop group radius D. aaa accounting exec default start-stop group radios Answer: B (the previous answer A should be wrong) [Hidden Content] QUESTION 28 Which two task types are included in the Cisco ISE common tasks support for TACACS+ profiles? (Choose two.) A. Firepower B. WLC C. IOS D. ASA E. Shell Answer: BE Explanation: [Hidden Content] QUESTION 29 What allows an endpoint to obtain a digital certificate from Cisco ISE during a BYOD flow? A. Network Access Control B. My Devices Portal C. Application Visibility and Control D. Supplicant Provisioning Wizard Answer: D [Hidden Content] QUESTION 30 What occurs when a Cisco ISE distributed deployment has two nodes and the secondary node is deregistered? A. The primary node restarts B. The secondary node restarts. C. The primary node becomes standalone D. Both nodes restart. Answer: C (the previous answer should D should be wrong) [Hidden Content] QUESTION 31 Which port does Cisco ISE use for native supplicant provisioning of a Windows laptop? A. TCP 8909 B. TCP 8905 C. CUDP 1812 D. TCP 443 Answer: B (the previous answer A is wrong) [Hidden Content] [Hidden Content] QUESTION 32 Which of these is not a method to obtain Cisco ISE profiling data? A. RADIUS B. HTTP C. SNMP query D. active scans E. Netflow F. DNS Answer: D [Hidden Content] QUESTION 33 Which of the following is not true about profiling in Cisco ISE? A. Profiling policies are automatically enabled for use. B. Cisco ISE comes with predefined profiles. C. The use of Identity Groups is required to leverage the use of profiling in the authorization policy. D. Cisco ISE does not support hierarchy within the profiling policy. Answer: C (the previous answer D is wrong) [Hidden Content] QUESTION 34 Which two default endpoint identity groups does cisco ISE create? (Choose two ) A. Unknown B. whitelist C. end point D. profiled E. blacklist Answer: ADE Explanation: [Hidden Content] QUESTION 35 Which Cisco ISE service allows an engineer to check the compliance of endpoints before connecting to the network? A. personas B. qualys C. nexpose D. posture Answer: D Explanation: [Hidden Content] QUESTION 36 Which default endpoint identity group does an endpoint that does not match any profile in Cisco ISE become a member of? A. Endpoint B. unknown C. blacklist D. white list E. profiled Answer: B [Hidden Content] QUESTION 37 Refer to the exhibit. Which command is typed within the CU of a switch to view the troubleshooting output? A. show authentication sessions mac 000e.84af.59af details B. show authentication registrations C. show authentication interface gigabitethemet2/0/36 D. show authentication sessions method Answer: A all other answers provide different output [Hidden Content] QUESTION 38 What must be configured on the Cisco ISE authentication policy for unknown MAC addresses/identities for successful authentication? A. pass B. reject C. drop D. continue Answer: D [Hidden Content] QUESTION 39 Which two probes must be enabled for the ARP cache to function in the Cisco ISE profile service so that a user can reliably bind the IP address and MAC addresses of endpoints? (Choose two.) A. NetFlow B. SNMP C. HTTP D. DHCP E. RADIUS Answer: DE [Hidden Content] QUESTION 40 Which RADIUS attribute is used to dynamically assign the Inactivity active timer for MAB users from the Cisco ISE node? A. session timeout B. idle timeout C. radius-server timeout D. termination-action Answer: B [Hidden Content] Which personas can a Cisco ISE node assume? A. policy service, gatekeeping, and monitonng B. administration, policy service, and monitoring C. administration, policy service, gatekeeping D. administration, monitoring, and gatekeeping Answer: B [Hidden Content] What is a characteristic of the UDP protocol? A. UDP can detect when a server is down. B. UDP offers best-effort delivery C. UDP can detect when a server is slow D. UDP offers information about a non-existent server Answer: B QUESTION 43 Which two endpoint compliance statuses are possible? (Choose two.) A. unknown B. known C. invalid D. compliant E. valid Answer: AD [Hidden Content]#reference_9F7A4C168209417EA8F2D8F446B0918F QUESTION 44 Which are two characteristics of TACACS+? (Choose two ) , A. It uses TCP port 49. B. It combines authorization and authentication functions. C. It separates authorization and authentication functions. D. It encrypts the password only. E. It uses UDP port 49. Answer: AC QUESTION 45 Which two ports do network devices typically use for CoA? (Choose two ) A. 443 B. 19005 C. 8080 D. 3799 E. 1700 Answer: DE [Hidden Content] QUESTION 46 Which two responses from the RADIUS server to NAS are valid during the authentication process? (Choose two ) A. access-response B. access-request C. access-reserved D. access-accept E. access-challenge Answer: DE [Hidden Content] QUESTION 47 Which two components are required for creating a Native Supplicant Profile within a BYOD flow? (Choose two ) A. Windows Settings B. Connection Type C. iOS Settings D. Redirect ACL E. Operating System Answer: BE QUESTION 48 What is the minimum certainty factor when creating a profiler policy? A. the minimum number that a predefined condition provides B. the maximum number that a predefined condition provides C. the minimum number that a device certainty factor must reach to become a member of the profile D. the maximum number that a device certainty factor must reach to become a member of the profile Answer: C (the previous answer B is wrong) [Hidden Content] QUESTION 49 What must match between Cisco ISE and the network access device to successfully authenticate endpoints? A. SNMP version B. shared secret C. certificate D. profile Answer: B [Hidden Content] QUESTION 50 Which two methods should a sponsor select to create bulk guest accounts from the sponsor portal? (Choose two ) A. Random B. Monthly C. Daily D. Imported E. Known Answer: AD [Hidden Content] QUESTION 51 Which statement about configuring certificates for BYOD is true? A. An Android endpoint uses EST, whereas other operating systems use SCEP for enrollment B. The SAN field is populated with the end user name. C. An endpoint certificate is mandatory for the Cisco ISE BYOD D. The CN field is populated with the endpoint host name Answer: C should be wrong, B and D should be also wrong. Couldn’t find a confirmation regarding A, but it’s the only left answer and might be correct ([Hidden Content]) [Hidden Content] QUESTION 52 What sends the redirect ACL that is configured in the authorization profile back to the Cisco WLC? A. Cisco-av-pair B. Class attribute C. Event D. State attribute Answer: A QUESTION 53 Which two events trigger a CoA for an endpoint when CoA is enabled globally for ReAuth? (Choose two.) A. endpoint marked as lost in My Devices Portal B. addition of endpoint to My Devices Portal C. endpoint profile transition from Apple-device to Apple-iPhone D. endpoint profile transition from Unknown to Windows 10-Workstation E. updating of endpoint dACL. Answer: CD [Hidden Content] QUESTION 54 What is a requirement for Feed Service to work-? A. TCP port 3080 must be opened between Cisco ISE and the feed server B. Cisco ISE has a base license. C. Cisco ISE has access to an internal server to download feed update D. Cisco ISE has Internet access to download feed update Answer: D (the previous answer C is wrong) [Hidden Content] Offline Manual Update doesn’t require access to an internal server(answer C), it’s uploaded from the PC QUESTION 55 Which advanced option within a WLAN must be enabled to trigger Central Web Authentication for Wireless users on AireOS controller? A. DHCP server B. static IP tunneling C. override Interface ACL D. AAA override Answer: D [Hidden Content] QUESTION 56 What is a valid guest portal type? A. Sponsored-Guest B. My Devices C. Sponsor D. Captive-Guest Answer: A [Hidden Content] QUESTION 57 What is needed to configure wireless guest access on the network? A. endpoint already profiled in ISE B. WEBAUTH ACL for redirection C. valid user account in Active Directory D. Captive Portal Bypass turned on Answer: B (the previous answer D should be wrong) [Hidden Content] QUESTION 58 The default Cisco ISE node configuration has which role or roles enabled by default? A. Administration only B. Inline Posture only C. Administration and Pokey Service D. Policy Service Monitoring, and Administration Answer: D [Hidden Content] QUESTION 59 What does MAB stand for? A. MAC Address Binding B. MAC Authorization Binding C. MAC Authorization Bypass D. MAC Authentication Bypass Answer: D QUESTION 60 What is the Cisco ISE default admin login name and password? A. ISEAdmin/admin B. admin/cisco C. admin/no default password--the admin password is configured at setup D. admin/admin Answer: C [Hidden Content] QUESTION 61 What is the condition that a Cisco ISE authorization policy cannot match? A. company contact B. custom C. time D. device type E. posture Answer: A (the previous answer B should be wrong) [Hidden Content] QUESTION 62 Which statement is not correct about the Cisco ISE Monitoring node? A. The local collector agent collects logs locally from itself and from any NAD that is configured to send logs to the Policy Service node. B. Cisco ISE supports distributed log collection across all nodes to optimize local data collection, aggregation, and centralized correlation and storage. C. The local collector agent process runs only the Inline Posture node. D. The local collector buffers transport the collected data to designated Cisco ISE Monitoring nodes as syslog; once Monitoring nodes are globally defined via Administration, ISE nodes automatically send logs to one or both of the configured Monitoring nodes. Answer: C QUESTION 63 The profiling data from network access devices is sent to which Cisco ISE node? A. Monitoring node B. Administration node C. Inline Posture node D. Policy Service node Answer: D QUESTION 64 Drag and Drop Question Drag the Cisco ISE node types from the left onto the appropriate purposes on the right. Answer: QUESTION 65 Which configuration is required in the Cisco ISE authentication policy to allow Central Web Authentication? A. MAB and if user not found, continue B. MAB and if authentication failed, continue C. Dot1x and if user not found, continue D. Dot1x and if authentication failed, continue Answer: A QUESTION 66 Which portal is used to customize the settings for a user to log in and download the compliance module? A. Client Profiling B. Client Endpoint C. Client Provisioning D. Client Guest Answer: C QUESTION 67 Which term refers to an endpoint agent that tries to join an 802 1X-enabled network? A. EAP server B. supplicant C. client D. authenticator Answer: B (the previous answer D is wrong) [Hidden Content] QUESTION 68 Which two features are available when the primary admin node is down and the secondary admin node has not been promoted? (Choose two) A. hotspot B. new AD user 802 1X authentication C. BYOD D. guest AUP Answer: AB (the previous answer BC is wrong) [Hidden Content] QUESTION 69 Which protocol must be allowed for a BYOD device to access the BYOD portal? A. HTTP B. SMTP C. HTTPS D. SSH Answer: C QUESTION 70 In which two ways can users and endpoints be classified for TrustSec? (Choose Two.) A. VLAN B. SXP C. dynamic D. QoS E. SGACL Answer: AC (the previous answer was E, which is wrong) QUESTION 71 Which types of design are required in the Cisco ISE ATP program? A. schematic and detailed B. preliminary and final C. high-level and low-level designs D. top down and bottom up Answer: C QUESTION 72 If there is a firewall between Cisco ISE and an Active Directory external identity store, which port does not need to be open? A. UDP/TCP 389 B. UDP123 C. TCP 21 D. TCP 445 E. TCP 88 Answer: C [Hidden Content] QUESTION 73 What are the three default behaviors of Cisco ISE with respect to authentication, when a user connects to a switch that is configured for 802.1X, MAB, and WebAuth? (Choose three) A. MAB traffic uses internal endpoints for retrieving identity. B. Dot1X traffic uses a user-defined identity store for retrieving identity. C. Unmatched traffic is allowed on the network. D. Unmatched traffic is dropped because of the Reject/Reject/Drop action that is configured under Options. E. Dot1 traffic uses internal users for retrieving identity. Answer: ADE (or ABD) QUESTION 74 Which statement is true? A. A Cisco ISE Advanced license is perpetual in nature. B. A Cisco ISE Advanced license can be installed on top of a Base and/or Wireless license. C. A Cisco ISE Wireless license can be installed on top of a Base and/or Advanced license. D. A Cisco ISE Advanced license can be used without any Base licenses. Answer: B QUESTION 75 In which scenario does Cisco ISE allocate an Advanced license? A. guest services with dACL enforcement B. endpoint authorization using SGA enforcement C. dynamic device profiling D. high availability Administrator nodes Answer: Should be B (not C) [Hidden Content] QUESTION 76 Which Cisco ISE node does not support automatic failover? A. Inline Posture node B. Monitoring node C. Policy Services node D. Admin node Answer: C (the previous answer D is wrong) [Hidden Content] QUESTION 77 Which scenario does not support Cisco ISE guest services? A. wired NAD with local WebAuth B. wireless LAN controller with central WebAuth C. wireless LAN controller with local WebAuth D. wired NAD with central WebAuth Answer: A (the previous answer B should be wrong) wired NAD and WLC with CWA are supported: [Hidden Content] WLC with LWA is also supported for guests: [Hidden Content] QUESTION 78 By default, which traffic does an 802.IX-enabled switch allow before authentication? A. all traffic B. no traffic C. traffic permitted in the port dACL on Cisco ISE D. traffic permitted in the default ACL on the switch Answer: B (the previous answer D is wrong) [Hidden Content] QUESTION 79 What does MAB leverage a MAC address for? A. Calling-Station-ID B. password C. cisco-av-pair D. username Answer: D [Hidden Content] QUESTION 80 Which three conditions can be used for posture checking? (Choose three.) A. certificate B. operating system C. file D. application E. service Answer: CDE
  5. QUESTION 57 What is needed to configure wireless guest access on the network? A. endpoint already profiled in ISE B. WEBAUTH ACL for redirection C. valid user account in Active Directory D. Captive Portal Bypass turned on Answer: B (the previous answer D should be wrong) [Hidden Content] QUESTION 61 What is the condition that a Cisco ISE authorization policy cannot match? A. company contact B. custom C. time D. device type E. posture Answer: A (the previous answer B should be wrong) [Hidden Content] QUESTION 75 In which scenario does Cisco ISE allocate an Advanced license? A. guest services with dACL enforcement B. endpoint authorization using SGA enforcement C. dynamic device profiling D. high availability Administrator nodes Answer: Should be B (not C) [Hidden Content]
  6. QUESTION 48 What is the minimum certainty factor when creating a profiler policy? A. the minimum number that a predefined condition provides B. the maximum number that a predefined condition provides C. the minimum number that a device certainty factor must reach to become a member of the profile D. the maximum number that a device certainty factor must reach to become a member of the profile Answer: C (the previous answer B is wrong) [Hidden Content] QUESTION 54 What is a requirement for Feed Service to work-? A. TCP port 3080 must be opened between Cisco ISE and the feed server B. Cisco ISE has a base license. C. Cisco ISE has access to an internal server to download feed update D. Cisco ISE has Internet access to download feed update Answer: D (the previous answer C is wrong) [Hidden Content] Offline Manual Update doesn’t require access to an internal server(answer C), it’s uploaded from the PC
  7. QUESTION 33 Which of the following is not true about profiling in Cisco ISE? A. Profiling policies are automatically enabled for use. B. Cisco ISE comes with predefined profiles. C. The use of Identity Groups is required to leverage the use of profiling in the authorization policy. D. Cisco ISE does not support hierarchy within the profiling policy. Answer: C (the previous answer D is wrong) [Hidden Content]
  8. QUESTION 31 Which port does Cisco ISE use for native supplicant provisioning of a Windows laptop? A. TCP 8909 B. TCP 8905 C. CUDP 1812 D. TCP 443 Answer: B (the previous answer A is wrong) [Hidden Content] [Hidden Content]
  9. QUESTION 30 What occurs when a Cisco ISE distributed deployment has two nodes and the secondary node is deregistered? A. The primary node restarts B. The secondary node restarts. C. The primary node becomes standalone D. Both nodes restart. Answer: C (the previous answer should D should be wrong) [Hidden Content]
  10. QUESTION 25 How is policy services node redundancy achieved in a deployment? A. by enabling VIP B. by utilizing RADIUS server list on the NAD C. by creating a node group D. by deploying both primary and secondary node Answer: B or C (the previous answer D is wrong) Since you can point NAD to many PSN nodes and creating of a node group is an only recommendation (not mandatory), answer B could be also correct [Hidden Content]
  11. QUESTION 21 Which two values are compared by the binary comparison function in authentication that is based on Active Directory? (Choose Two) A. subject alternative name and the common name B. MS-CHAFV2 provided machine credentials and credentials stored in Active Directory C. user-presented password hash and a hash stored in Active Directory D. user-presented certificate and a certificate stored in Active Directory Answer: AD (The previous answer B should be wrong) [Hidden Content]
  12. Hello everyone and thanks a lot for your contribution. Here are few mistakes with links I found: QUESTION 6 In which two ways can users and endpoints be classified for TrustSec? (Choose two) A. VLAN B. SXP C. dynamic D. QoS E. SGACL Answer: AC (the previous answer was E, which is wrong) Classification means assigning an SGT to an IP address. IPv4 and IPv6 IP addresses are supported. There are dynamic and static classifications: [Hidden Content] SGACL is the wrong answer, because it’s an enforcement mechanism
  13. First of all congratulation, CCSP2020. Well done and thanks a lot for your feedback. You are 100% correct that the correct answer should be B - Supplicant. An 802.1X authentication can be initiated by either the switch or the supplicant. (As we know, switch is not an endpoint agent). But Supplicant—A client that runs on the endpoint and submits credentials for authentication. Here is a confirmation: [Hidden Content]
  14. According to Cisco Press it will be published on Oct. 6, 2020: [Hidden Content] So we will have to wait a little bit, till it becomes available and will be uploaded for free somewhere...
  15. Here is the link to download the 80q dumps. I've not checked the questions yet (there might be mistakes) and don't know if they are valid... [hide][Hidden Content]] Make use of Hide Tag while posting download links. Usage: [ hide ] link [ /hide ] (without spaces). Read the Board Rules or get banned.
×
×
  • Create New...