642-591 - CANAC - Implementing Cisco NAC Appliance

Go back to Cisco

Example Questions

Where is a local user validated? What is the local user account primarily used for? Which three components compromise a Cisco NAC Appliance Solution? (Choose three.) What does the secondary Cisco NAM do after it reboots from its initial configuration? Which interface is always used by Cisco NAM failover peers to support inter-peer connections? In Cisco NAC Appliance Solutions, which statements is correct regarding devices on the certified list? Which Cisco NAS Appliance out-of-band solution statement is correct? You are implementing switch management in a Cisco NAM for out-of-band deployment. Once communication between the switch and the Cisco NAM has been verified, what is configured next? How do you ensure that the Cisco NAS has the most recent version of the Cisco NAA to install on user devices? When the Cisco NAS is configured for Windows Active Directory SSO to which component in a Cisco NAC Appliance solution does the client make a request for a Kerberos Service ticket? When trying to restrict a guest-role end user to a host that has multiple or dynamic IP Addresses; the administrator would create which type of policy? What is an exempt device? A college network administrator wants to restrict access to specific; targeted subnets by role such as student, administration, faculty and guest roles. How would this be accomplished using the Cisco NAM? Which Cisco NAC appliance out-of-band solution statement is correct? The NAS is configured to autogenerate an IP Address pool of 30 subnets with a netmask of /30, beginning at address 192.168.10.0. Which IP Address is leased to the end-user host on the second subnet? If an administrator configures interfaces E0, E1 and S0 to support NAM high-availability failover, what information is exchanged over these interfaces? Which features must be configured to ensure that users can perform update and remediation? Which two functions can a Cisco NAC Appliance Agent be configured to perform? (Choose two.) Why is critically important to maintain clock synchronization between Cisco NAC Appliance components? How does the Cisco NAM determine the presence of vulnerability without using the Cisco NAA on the client machine? What must be done to upgrade a Cisco NAC Appliance implementation to take advantage of a major release of NAC Appliance? Which high-availability option is supported by a Cisco NAC Appliance Solution? In an out-of-band Cisco NAC Appliance high-availability deployment, why must port security be disabled between the switch interfaces to which the Cisco NAS and Cisco NAM are connected? A search of available switches has been performed and a list of switches is presented. Which two SNMP attributes need to match what is configured in the Cisco switch profile for a listed switch to be added to the Cisco NAM? (Choose two.) A CA-signed certificate is returned from the CA authority and the private key on which the CA certificate is based no longer matches the one in the Cisco NAS. What should the administrator do? When Configuring the Cisco NAM to implement Cisco NAA requirement checking on client machines, what is the next step after configuring checks and rules? A small public library wants to implement network admission control for their public wireless network and their internal wired network. Their network contains switches from a variety of vendors. Which Cisco NAC Appliance solution would best suit this client? In a Cisco NAM high-availability configuration, when does the secondary Cisco NAM take over? In a Layer 3 out-of-band deployment, which Cisco NAC Appliance component provides the Client-Machie IP Address to MAC address mapping? How is Cisco NAC Appliance Network Scanning Configured? What is an advantage of a Layer 2 out-of-band virtual gateway deployment using port-based VLAN assignment? When trying to restrict a guest role to a specific library server using a specific protocol, such as HTTP, the administrator would create which type of policy? What are two pairs of attributes of traffic policies? (Choose two.) What method is used to pass traffic from the client to the Cisco NAS in an in-band Virtual-Gateway L2 deployment? Why are managed subnets configure in out-of-band virtual gateway mode? In a Cisco NAC Appliance Windows Active Directory SSO Deployment, what are the cached credentials and Kerberos TGT from the client-machine Windows login used for? When configuring an in-band central-deployment virtual gateway on the Cisco NAS, what must be configured to ensure that the interface traffic on the same Layer 2 switch does not create a loop? When using Windows Active Directory Single-Sign-On (SSO), the Cisco NAA on the client machine will ask the client machine for a service Ticket (ST) with which username to communicate with the Cisco NAS? Based on the Boolean order of precedence, how would Cisco NAC Appliance evaluate the following rule? AdAwareLogRecent&(NorAVProcesslsActiveymAVProcesslsActive) In an edge deployment of an in-band virtual-gateway Cisco NAC Appliance solution, how does the Cisco NAS ensure that authenticated client traffic arrives at the correct default gateway? Which type of certificate is recommended in a high-availability Cisco NAM configuration for the service IP Address? Which NAC Appliance Component performs network scanning? Which default Administrator group has delete permissions? After you implement a network scan and view the report, you notice that a plug-in did not access any of it's dependent plug-ins. What did you forget to do? Which Cisco NAC Appliance Component performs network scanning?