Question 31
What should be configured on the Cisco ISE authentication policy for unknown MAC addresses/identities for successful authentication?
A. continue
B. pass
C. drop
D. reject
Question 32
Which command displays all 802.1X/MAB sessions that are active on the switch ports of a Cisco Catalyst switch?
A. show authentication sessions interface Gi1/0/x output
B. show authentication sessions
C. show authentication sessions output
D. show authentication sessions interface Gi 1/0/x
Question 33
What are two requirements of generating a single certificate in Cisco ISE by using a certificate provisioning portal, without generating a certificate signing request?(Choose two.)
A. Enter the IP address of the device.
B. Enter the common name.
C. Choose the hashing method.
D. Locate the CSV file for the device MAC.
E. Select the certificate template.
Question 34
Refer to the exhibit. Which command is typed within the CLI of a switch to view the troubleshooting output?
A. show authentication sessions mac 000e.84af.59af details
B. show authentication registrations
C. show authentication interface gigabitethernet2/0/36
D. show authentication sessions method
Question 35
What gives Cisco ISE an option to scan endpoints for vulnerabilities?
A. authentication policy
B. authorization profile
C. authentication profile
D. authorization policy
Question 36
Which two values are compared by the binary comparison function in authentication that is based on Active Directory?
A. user-presented certificate and a certificate stored in Active Directory
B. MS-CHAPv2 provided machine credentials and credentials stored in Active Directory
C. user-presented password hash and a hash stored in Active Directory
D. subject alternative name and the common name
Question 37
What happens when an internal user is configured with an external identity store for authentication, but an engineer uses the Cisco ISE admin portal to select an internal identity store as the identity source?
A. Authentication is redirected to the internal identity source.
B. Authentication is granted.
C. Authentication fails.
D. Authentication is redirected to the external identity source.
Question 38
Which two actions occur when a Cisco ISE server device administrator logs in to a device? (Choose two.)
A. The Cisco ISE server queries the internal identity store.
B. The device queries the external identity store.
C. The device queries the Cisco ISE authorization server.
D. The device queries the internal identity store.
E. The Cisco ISE server queries the external identity store.
Question 39
An engineer is configuring a guest password policy and needs to ensure that the password complexity requirements are set to mitigate brute force attacks.Which two requirements should be included in this policy? (Choose two.)
A. active username limit
B. password expiration period
C. access code control
D. username expiration date
E. minimum password length
Question 40
An engineer is using the low-impact mode for a phased deployment of Cisco ISE and is trying to connect to the network prior to authentication.Which access will be denied in this deployment?
A. DNS
B. DHCP
C. EAP
D. HTTP
