Which personas can a Cisco ISE node assume?

A network engineer must enforce access control using special tags, without re-engineering the network design.
Which feature should be configured to achieve this in a scalable manner?

In a standalone Cisco ISE deployment, which two personas are configured on a node? (Choose two.)

An engineer is configuring a virtual Cisco ISE deployment and needs each persona to be on a different node.
Which persona should be configured with the largest amount of storage in this environment?

What is a method for transporting security group tags throughout the network?

What is a requirement for Feed Service to work?

Which supplicant(s) and server(s) are capable of supporting EAP-CHAINING?

Which two features are available when the primary admin node is down and the secondary admin node has not been promoted? (Choose two.)

What occurs when a Cisco ISE distributed deployment has two nodes and the secondary node is deregistered?

An organization wants to split their Cisco ISE deployment to separate the device administration functionalities from the main deployment. For this to work, the administrator must deregister any nodes that will become a part of the new deployment, but the button for this option is grayed out.
Which configuration is causing this behavior?

An administrator is adding network devices for a new medical building into Cisco ISE. These devices must be in a network device group that is identifying them as
`Medical Switch` so that the policies can be made separately for the endpoints connecting through them.
Which configuration item must be changed in the network device within Cisco ISE to accomplish this goal?

An administrator is attempting to replace the built-in self-signed certificates on a Cisco ISE appliance. The CA is requesting some information about the appliance in order to sign the new certificate.
What must be done in order to provide the CA this information?

A network administrator changed a Cisco ISE deployment from pilot to production and noticed that the JVM memory utilization increased significantly. The administrator suspects this is due to replication between the nodes.
What must be configured to minimize performance degradation?

An engineer is configuring 802.1X and wants it to be transparent from the users' point of view. The implementation should provide open authentication on the switch ports while providing strong levels of security for non-authenticated devices.
Which deployment mode should be used to achieve this?

A network engineer is configuring a network device that needs to filter traffic based on security group tags using a security policy on a routed interface.
Which command should be used to accomplish this task?

In a Cisco ISE split deployment model, which load is split between the nodes?

What is the deployment mode when two Cisco ISE nodes are configured in an environment?

An engineer is testing Cisco ISE policies in a lab environment with no support for a deployment server. In order to push supplicant profiles to the workstations for testing, firewall ports will need to be opened.
From which Cisco ISE persona should this traffic be originating?

What does a fully distributed Cisco ISE deployment include?

A network administrator must configure Cisco ISE Personas in the company to share session information via syslog.
Which Cisco ISE personas must be added to syslog receivers to accomplish this goal?

Which interface-level command is needed to turn on 802.1X authentication?

Which RADIUS attribute is used to dynamically assign the Inactivity active timer for MAB users from the Cisco ISE node?

What does the dot1x system-auth-control command do?

What is the maximum number of PSN nodes supported in a medium-sized deployment?

How is policy services node redundancy achieved in a deployment?

Which two fields are available when creating an endpoint on the context visibility page of Cisco ISE? (Choose two.)

In which two ways can users and endpoints be classified for TrustSec? (Choose two.)

When configuring Active Directory groups, what does the Cisco ISE use to resolve ambiguous group names?

Which permission is common to the Active Directory Join and Leave operations?

What should be configured on the Cisco ISE authentication policy for unknown MAC addresses/identities for successful authentication?

An engineer is using the low-impact mode for a phased deployment of Cisco ISE and is trying to connect to the network prior to authentication.
Which access will be denied in this deployment?

What happens when an internal user is configured with an external identity store for authentication, but an engineer uses the Cisco ISE admin portal to select an internal identity store as the identity source?

An engineer is configuring a guest password policy and needs to ensure that the password complexity requirements are set to mitigate brute force attacks.
Which two requirements should be included in this policy? (Choose two.)

Which two values are compared by the binary comparison function in authentication that is based on Active Directory?

Which command displays all 802.1X/MAB sessions that are active on the switch ports of a Cisco Catalyst switch?

What gives Cisco ISE an option to scan endpoints for vulnerabilities?

What are two requirements of generating a single certificate in Cisco ISE by using a certificate provisioning portal, without generating a certificate signing request? (Choose two.)

Refer to the exhibit. Which command is typed within the CLI of a switch to view the troubleshooting output?

An administrator needs to connect ISE to Active Directory as an external authentication source and allow the proper ports through the firewall.
Which two ports should be opened to accomplish this task? (Choose two.)

A network security engineer needs to configure 802.1X port authentication to allow a single host to be authenticated for data and another single host to be authenticated for voice.
Which command should the engineer run on the interface to accomplish this goal?

Refer to the exhibit.
Which switch configuration change will allow only one voice and one data endpoint on each port?

An engineer is implementing Cisco ISE and needs to configure 802.1X. The port settings are configured for port-based authentication.
Which command should be used to complete this configuration?

Refer to the exhibit.
In which scenario does this switch configuration apply?

A network engineer is configuring Cisco TrustSec and needs to ensure that the Security Group Tag is being transmitted between two devices.
Where in the Layer 2 frame should this be verified?

A network administrator must configure endpoints using an 802.1X authentication method with EAP identity certificates that are provided by the Cisco ISE. When the endpoint presents the identity certificate to Cisco ISE to validate the certificate, endpoints must be authorized to connect to the network.
Which EAP type must be configured by the network administrator to complete this task?

An organization wants to standardize the 802.1X configuration on their switches and remove static ACLs on the switch ports while allowing Cisco ISE to communicate to the switch what access to provide.
What must be configured to accomplish this task?

A company manager is hosting a conference. Conference participants must connect to an open guest SSID and only use a preassigned code that they enter into the guest portal prior to gaining access to the network.
How should the manager configure Cisco ISE to accomplish this goal?

An administrator connects an HP printer to a dot1x enable port, but the printer is nor accessible.
Which feature must the administrator enable to access the printer?

When creating a policy within Cisco ISE for network access control, the administrator wants to allow different access restrictions based upon the wireless SSID to which the device is connecting.
Which policy condition must be used in order to accomplish this?

A laptop was stolen and a network engineer added it to the block list endpoint identity group.
What must be done on a new Cisco ISE deployment to redirect the laptop and restrict access?

When configuring an authorization policy, an administrator cannot see specific Active Directory groups present in their domain to be used as a policy condition.
However, other groups that are in the same domain are seen.
What is causing this issue?

An engineer is implementing network access control using Cisco ISE and needs to separate the traffic based on the network device ID and use the IOS device sensor capability.
Which probe must be used to accomplish this task?

What is an advantage of using EAP-TLS over EAP-MS-CHAPv2 for client authentication?

What must be configured on the WLC to configure Central Web Authentication using Cisco ISE and a WLC?

Refer to the exhibit.
Which component must be configured to apply the SGACL?

A network administrator is configuring authorization policies in Cisco ISE. There is a requirement to use AD group assignments to control access to network resources. After a recent power failure and Cisco ISE rebooting itself, the AD group assignments no longer work.
What is the cause of this issue?

What is needed to configure wireless guest access on the network?

Which deployment mode allows for one or more policy service nodes to be used for session failover?

A network administrator has just added a front desk receptionist account to the Cisco ISE Guest Service sponsor group.
Using the Cisco ISE Guest Sponsor Portal, which guest services can the receptionist provide?

A Cisco ISE administrator must restrict specific endpoints from accessing the network while in closed mode. The requirement is to have Cisco ISE centrally store the endpoints to restrict access from.
What must be done to accomplish this task?