Question 111
An employee logs on to the My Devices portal and marks a currently on-boarded device as `Lost`.
Which two actions occur within Cisco ISE as a result of this action? (Choose two.)
A. BYOD Registration status is updated to No.
B. BYOD Registration status is updated to Unknown.
C. The device access has been denied.
D. Certificates provisioned to the device are not revoked.
E. The device status is updated to Stolen.
Question 112
A network administrator is configuring a secondary Cisco ISE node from the backup configuration of the primary Cisco ISE node to create a high availability pair.
The Cisco ISE CA certificates and keys must be manually backed up from the primary Cisco ISE and copied into the secondary Cisco ISE.
Which command must be issued for this to work?
A. copy certificate ise
B. certificate configure ise
C. import certificate ise
D. application configure ise
Question 113
A network engineer has been tasked with enabling a switch to support standard web authentication for Cisco ISE. This must include the ability to provision for URL redirection on authentication.
Which two commands must be entered to meet this requirement? (Choose two.)
A. ip http secure-server
B. ip http authentication
C. ip http server
D. ip http redirection
E. ip http secure-authentication
Question 114
Which two endpoint compliance statuses are possible? (Choose two.)
A. compliant
B. valid
C. unknown
D. known
E. invalid
Question 115
Which two ports must be open between Cisco ISE and the client when you configure posture on Cisco ISE? (Choose two.)
A. TCP 80
B. TCP 8905
C. TCP 8443
D. TCP 8906
E. TCP 443
Question 116
What are two components of the posture requirement when configuring Cisco ISE posture? (Choose two.)
A. Client Provisioning portal
B. remediation actions
C. updates
D. access policy
E. conditions
Question 117
Which port does Cisco ISE use for native supplicant provisioning of a Windows laptop?
A. TCP 8905
B. TCP 8909
C. TCP 443
D. UDP 1812
Question 118
When planning for the deployment of Cisco ISE, an organization's security policy dictates that they must use network access authentication via RADIUS. It also states that the deployment needs to provide an adequate amount of security and visibility for the hosts on the network.
Why should the engineer configure MAB in this situation?
A. The Cisco switches only support MAB.
B. MAB provides the strongest form of authentication available.
C. MAB provides user authentication.
D. The devices in the network do not have a supplicant.
Question 119
An organization is implementing Cisco ISE posture services and must ensure that a host-based firewall is in place on every Windows and Mac computer that attempts to access the network. They have multiple vendors' firewall applications for their devices, so the engineers creating the policies are unable to use a specific application check in order to validate the posture for this.
What should be done to enable this type of posture check?
A. Enable the default application condition to identify the applications installed and validate the firewall app.
B. Enable the default firewall condition to check for any vendor firewall application.
C. Use a compound condition to look for the Windows or Mac native firewall applications.
D. Use the file registry condition to ensure that the firewall is installed and running appropriately.
Question 120
A network administrator must use Cisco ISE to check whether endpoints have the correct version of antivirus installed.
Which action must be taken to allow this capability?
A. Create a Cisco AnyConnect Network Visibility Module configuration profile to send the antivirus information of the endpoints to Cisco ISE.
B. Configure Cisco ISE to push the HostScan package to the endpoints to check for the antivirus version.
C. Configure a native supplicant profile to be used for checking the antivirus version.
D. Create a Cisco AnyConnect configuration within Cisco ISE for the Compliance Module and associated configuration files.
