Question 121
A network administrator is configuring client provisioning resource policies for client machines and must ensure that an agent pop-up is presented to the client when attempting to connect to the network.
Which configuration item needs to be added to allow for this?
A. a temporal agent that gets installed onto the system
B. a remote posture agent proxying the network connection
C. the client provisioning URL in the authorization policy
D. an API connection back to the client
Question 122
An employee must access the internet through the corporate network from a new mobile device that does not support native supplicant provisioning provided byCisco ISE.
Which portal must the employee use to provision to the device?
A. My Devices
B. BYOD
C. Personal Device
D. Client Provisioning
Question 123
Which two task types are included in the Cisco ISE common tasks support for TACACS+ profiles? (Choose two.)
A. ASA
B. Firepower
C. Shell
D. WLC
E. IOS
Question 124
What are two benefits of TACACS+ versus RADIUS for device administration? (Choose two.)
A. TACACS+ has command authorization, and RADIUS does not.
B. TACACS+ uses UDP, and RADIUS uses TCP.
C. TACACS+ supports 802.1X, and RADIUS supports MAB.
D. TACACS+ provides the service type, and RADIUS does not.
E. TACACS+ encrypts the whole payload, and RADIUS encrypts only the password.
Question 125
A user reports that the RADIUS accounting packets are not being seen on the Cisco ISE server.
Which command is the user missing in the switch's configuration?
A. aaa accounting resource default start-stop group radius
B. radius-server vsa send accounting
C. aaa accounting network default start-stop group radius
D. aaa accounting exec default start-stop group radius
Question 126
Refer to the exhibit.
A network engineer is configuring the switch to accept downloadable ACLs from a Cisco ISE server.
Which two commands should be run to complete the configuration? (Choose two.)
A. radius-server attribute 8 include-in-access-req
B. ip device tracking
C. dot1x system-auth-control
D. radius server vsa send authentication
E. aaa authorization auth-proxy default group radius
Question 127
DRAG DROP -Drag and drop the description from the left onto the protocol on the right that is used to carry out system authentication, authorization, and accounting.
Select and Place:
Question 128
An administrator is configuring Cisco ISE to authenticate users logging into network devices using TACACS+. The administrator is not seeing any of the authentication in the TACACS+ live logs.
Which action ensures the users are able to log into the network devices?
A. Enable the device administration service in the PSN persona.
B. Enable the device administration service in the Administration persona.
C. Enable the session services in the Administration persona.
D. Enable the service sessions in the PSN persona.
Question 129
Refer to the exhibit. An engineer is creating a new TACACS+ command set and cannot use any show commands after logging into the device with this command set authorization.
Which configuration is causing this issue?
A. The command set is allowing all commands that are not in the command list.
B. The wildcard command listed is in the wrong format.
C. The command set is working like an ACL and denying every command.
D. Question marks are not allowed as wildcards for command sets.
Question 130
An administrator is configuring RADIUS on a Cisco switch with a key set to Cisc407294634 but is receiving the error `Authentication failed: 22040 Wrong password or invalid shared secret.`
What must be done to address this issue?
A. Add the network device as a NAD inside Cisco ISE using the existing key.
B. Configure the key on the Cisco ISE instead of the Cisco switch.
C. Validate that the key is correct on both the Cisco switch as well as Cisco ISE.
D. Use a key that is between eight and ten characters.
