Tag Archives: administrator

An administrator is adding a switch to a network that is running Cisco ISE and is only for IP Phones. The phones do not have the ability to authenticate via 802.1X. Which command is needed on each switch port for authentication?

A. dot1x system-auth-control B. enable bypass-MAC C. enable network-authentication D. mab Answer: Option D. Explanation:  No answer description available for this question Show AnswerDiscussion The post An administrator is adding a switch to a network that is running Cisco ISE and is only for IP Phones. The phones do not have the ability to authenticate via 802.1X. <br>Which… Read More »

A network administrator changed a Cisco ISE deployment from pilot to production and noticed that the JVM memory utilization increased significantly. The administrator suspects this is due to replication between the nodes. What must be configured to minimize performance degradation?

A. Enable the endpoint attribute filter. B. Review the profiling policies for any misconfiguration. C. Ensure that Cisco ISE is updated with the latest profiler feed update. D. Change the reauthentication interval. Answer: Option A. Explanation:  Reference: https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/admin_guide/b_ise_admin_guide_23/ b_ise_admin_guide_23_chapter_010111.html Show AnswerDiscussion The post A network administrator changed a Cisco ISE deployment from pilot to production and noticed that… Read More »

An administrator is attempting to replace the built-in self-signed certificates on a Cisco ISE appliance. The CA is requesting some information about the appliance in order to sign the new certificate. What must be done in order to provide the CA this information?

A. Install the Root CA and intermediate CA. B. Generate the CSR. C. Download the CA server certificate. D. Download the intermediate server certificate. Answer: Option B. Explanation:  No answer description available for this question Show AnswerDiscussion The post An administrator is attempting to replace the built-in self-signed certificates on a Cisco ISE appliance. The CA is requesting… Read More »

An administrator is adding network devices for a new medical building into Cisco ISE. These devices must be in a network device group that is identifying them as “Medical Switch” so that the policies can be made separately for the endpoints connecting through them. Which configuration item must be changed in the network device within Cisco ISE to accomplish this goal?

A. Change the device profile to Medical Switch. B. Change the device type to Medical Switch. C. Change the device location to Medical Switch. D. Change the model name to Medical Switch. Answer: Option B. Explanation:  No answer description available for this question Show AnswerDiscussion The post An administrator is adding network devices for a new medical building… Read More »

An organization wants to split their Cisco ISE deployment to separate the device administration functionalities from the main deployment. For this to work, the administrator must deregister any nodes that will become a part of the new deployment, but the button for this option is grayed out.Which configuration is causing this behavior?

A. All of the nodes are actively being synched. B. All of the nodes participate in the PAN auto failover. C. One of the nodes is an active PSN. D. One of the nodes is the Primary PAN. Answer: Option D. Explanation:  Reference: https://www.cisco.eom/c/en/us/td/docs/security/ise/2-4/admin_guide/Workflow/PDF/ b_ISE_admin_24_pdf.pdf Show AnswerDiscussion The post An organization wants to split their Cisco ISE deployment… Read More »

A network administrator must configure endpoints using an 802.1X authentication method with EAP identity certificates that are provided by the Cisco ISE. When the endpoint presents the identity certificate to Cisco ISE to validate the certificate, endpoints must be authorized to connect to the network. Which EAP type must be configured by the network administrator to complete this task?

A. EAP-TTLS B. EAP-TLS C. EAP-FAST D. EAP-PEAP-MSCHAPv2 Answer: Option B. Explanation:  Reference: https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/214975configure-eap-tls- authentication-with-is.html Show AnswerDiscussion The post A network administrator must configure endpoints using an 802.1X authentication method with EAP identity certificates that are provided by the Cisco ISE. When the endpoint presents the identity certificate to Cisco ISE to validate the certificate, endpoints must be… Read More »

An administrator connects an HP printer to a dot1x enable port, but the printer is nor accessible. Which feature must the administrator enable to access the printer?

A. change of authorization B. MAC authentication bypass C. TACACS authentication D. RADIUS authentication Answer: Option B. Explanation:  Reference: https://community.cisco.com/t5/network-access-control/ise-mab-soa/td-p/2214921 Show AnswerDiscussion The post An administrator connects an HP printer to a dot1x enable port, but the printer is nor accessible.<br> Which feature must the administrator enable to access the printer? appeared first on Majanto.

When configuring an authorization policy, an administrator cannot see specific Active Directory groups present in their domain to be used as a policy condition. However, other groups that are in the same domain are seen. What is causing this issue?

A. Cisco ISE’s connection to the AD join point is failing. B. Cisco ISE only sees the built-in groups, not user created ones. C. The groups are not added to Cisco ISE under the AD join point. D. The groups are present but need to be manually typed as conditions. Answer: Option C. Explanation:  Reference: https://www.cisco.Com/c/en/us/td/docs/security/ise/2-3/ise_active_directory_integration/ b_ISE_AD_integration_2x.html Show… Read More »

A Cisco ISE administrator needs to ensure that guest endpoint registrations are only valid for 1 day. When testing the guest policy flow, the administrator sees that the Cisco ISE does not delete the endpoint in the GuestEndpoints identity store after 1 day and allows access to the guest network after that period. Which configuration is causing this problem?

A. The Guest Account Purge Policy is set to 15 days. B. The length of access is set to 7 days in the Guest Portal Settings. C. The Endpoint Purge Policy is set to 30 days for guest devices. D. The RADIUS policy set for guest access is set to allow repeated authentication of the same device. Answer:… Read More »