Question 11
A network engineer is configuring a network device that needs to filter traffic based on security group tags using a security policy on a routed interface.Which command should be used to accomplish this task?
A. cts role-based policy priority-static
B. cts cache enable
C. cts authorization list
D. cts role-based enforcement
Question 12
In a Cisco ISE split deployment model, which load is split between the nodes?
A. log collection
B. device admission
C. AAA
D. network admission
Question 13
What is the deployment mode when two Cisco ISE nodes are configured in an environment?
A. standalone
B. distributed
C. standard
D. active
Question 14
An engineer is testing Cisco ISE policies in a lab environment with no support for a deployment server. In order to push supplicant profiles to the workstations for testing, firewall ports will need to be opened.From which Cisco ISE persona should this traffic be originating?
A. administration
B. authentication
C. policy service
D. monitoring
Question 15
What does a fully distributed Cisco ISE deployment include?
A. PAN and MnT on the same node while PSNs are on their own dedicated nodes.
B. All Cisco ISE personas are sharing the same node.
C. All Cisco ISE personas on their own dedicated nodes.
D. PAN and PSN on the same node while MnTs are on their own dedicated nodes.
Question 16
An engineer is configuring 802.1X and wants it to be transparent from the users' point of view. The implementation should provide open authentication on the switch ports while providing strong levels of security for non-authenticated devices.Which deployment mode should be used to achieve this?
A. closed
B. high-impact
C. low-impact
D. open
Question 17
A network administrator changed a Cisco ISE deployment from pilot to production and noticed that the JVM memory utilization increased significantly. The administrator suspects this is due to replication between the nodes.What must be configured to minimize performance degradation?
A. Enable the endpoint attribute filter.
B. Review the profiling policies for any misconfiguration.
C. Ensure that Cisco ISE is updated with the latest profiler feed update.
D. Change the reauthentication interval.
Question 18
An administrator is attempting to replace the built-in self-signed certificates on a Cisco ISE appliance. The CA is requesting some information about the appliance in order to sign the new certificate.What must be done in order to provide the CA this information?
A. Install the Root CA and intermediate CA.
B. Generate the CSR.
C. Download the CA server certificate.
D. Download the intermediate server certificate.
Question 19
An administrator is adding network devices for a new medical building into Cisco ISE. These devices must be in a network device group that is identifying them as`Medical Switch` so that the policies can be made separately for the endpoints connecting through them.Which configuration item must be changed in the network device within Cisco ISE to accomplish this goal?
A. Change the device profile to Medical Switch.
B. Change the device type to Medical Switch.
C. Change the device __cpLocation to Medical Switch.
D. Change the model name to Medical Switch.
Question 20
An organization wants to split their Cisco ISE deployment to separate the device administration functionalities from the main deployment. For this to work, the administrator must deregister any nodes that will become a part of the new deployment, but the button for this option is grayed out.Which configuration is causing this behavior?
A. All of the nodes are actively being synched.
B. All of the nodes participate in the PAN auto failover.
C. One of the nodes is an active PSN.
D. One of the nodes is the Primary PAN.
