500-254 - Implementing and Configuring Cisco Identity Service Engine - SISE
Go back to Cisco
Which Authentication Policy option should be selected for MAB rule to support Central Web Auth?
Which URL should you enter into the SCEP Certificate Authority profile to enable Native Supplicant Provisioning?
Which three conditions can be used for posture checking? (Choose three.)
What is the Cisco ISE default admin login name and password?
admin/no default password--the admin password is configured at setup
How are access control lists implemented on a Cisco WLC in a Cisco ISE authorization policy?
Named access lists are configured on the WLC.
What are the Cisco ISE posture building blocks?
posture condition, compound posture condition, posture requirements, posture policy
What is the default authorization rule in Cisco ISE?
permit all access
Which three encryption policies does MACsec support? (Choose three.)
Which option represents the default action or actions that ISE 1.x 1.0 takes when the endpoint usage count exceeds licensed endpoint values?
do not block traffic, and generate an INFO, WARNING, or CRITICAL alarm
Which of these is not a default behavior of Cisco ISE 1.1, with respect to authentication, when a user connects to a switch port that is configured for 802.1X, MAB, and web authentication?
Authentication fails if there is no matching policy.
Which statement is correct about Change of Authorization?
Authentication is the supported Change of Authorization action type.
Which two statements are correct regarding Cisco ISE Guest Services? (Choose two.)
Guest portals must be located on the same secondary node where Cisco ISE network access is configured to handle RADIUS requests in the NAD.
Multiportal uploads to the primary node are replicated to the secondary node and installed as part of the standard data replication system.
Which three network information items are required to set up Cisco ISE? (Choose three.)
primary name server
Network Time Protocol server
Which of these is NOT a high-availability option that is available for Cisco ISE deployments?
In the event of failure of the Primary Administration node, the standby instance automatically becomes active.
What is the default period for Cisco ISE to automatically purge expired guest accounts?
Which statement is true about 802.1X closed mode?
Cisco Discovery Protocol is allowed before authentication.
Which two statements are correct about Change of Authorization? (Choose two.)
Change of Authorization exception actions are configured globally in Cisco ISE.
No CoA, port bounce, and reauth are supported Change of Authorization types in Cisco ISE.
Which Cisco ISE component intercepts HTTP and HTTPS requests and redirects them to the Guest User Portal?
network access device
Which three client provisioning policies can an administrator create to provision different resources? (Choose three.)
endpoint operating system
user identity group
Which two EAP authentication methods require only a server certificate? (Choose two.)
What is the limit of groups that Cisco ISE can retrieve from an Active Directory?
What are the three default Cisco ISE identity user groups? (Choose three.)
Which global command is used to activate 802.1X on a switch?
What are two methods to verify that Cisco ISE is properly connected to AD? (Choose two.)
Use the Test Connection feature in the Cisco ISE External Identity Sources Active Directory.
View the Active Directory Log /opt/CSCOcmp/logs/ad_agent.log.
Which of these is NOT an Inline Posture node operating mode?
Which network information device sensor is sending in the RADIUS accounting packet?
Where is the license installed within Cisco ISE deployment?
A license is installed only on the primary Administration node within ISE deployment.
Which three Cisco TrustSec enforcement modes are used to help protect network operations when securing the network? (Choose three.)
If MAB is enabled before WebAuth in Policy -> Authentications, what option must be selected if authentication fails, in order for users to have the ability to log in to the guest portal?
Inline Posture nodes support which enforcement mechanisms?
Client provisioning resources can be added into the Cisco ISE Administration node from which three of these? (Choose three.)
Posture Agent Profile
What is the recommended time zone for Cisco ISE installations?
Coordinated Universal Time
If there is a firewall between Cisco ISE and an Active Directory external identity store, which port does not need to be open?
What is the process for Cisco ISE to obtain a signed certificate from a CA?
Generate a CSR; export the CSR to the local file system and send to the CA; download the certificate from the CA, and bind the CA-signed certificate with its private key.
The 802.1X protocol supports which two port types? (Choose two.)
Layer 2 access port
Layer 3 access port
The default Cisco ISE node configuration has which role or roles enabled by default?
Policy Service, Monitoring, and Administration
Which of these is NOT a Cisco ISE deployment recommendation?
Profiling requires maintenance of L3 information.
Which element is not included in the redirect URL?
Which two commands are needed to configure 802.1X open mode? (Choose two.)
authentication host-mode multi-auth