Question 41
An administrator needs to connect ISE to Active Directory as an external authentication source and allow the proper ports through the firewall.Which two ports should be opened to accomplish this task? (Choose two.)
A. TELNET: 23
B. HTTPS: 443
C. HTTP: 80
D. LDAP: 389
E. MSRPC:445
Question 42
An engineer is implementing Cisco ISE and needs to configure 802.1X. The port settings are configured for port-based authentication.Which command should be used to complete this configuration?
A. aaa authentication dot1x default group radius
B. dot1x system-auth-control
C. authentication port-control auto
D. dot1x pae authenticator
Question 43
DRAG DROP -An organization wants to implement 802.1X and is debating whether to use PEAP-MSCHAPv2 or PEAP-EAP-TLS for authentication. Drag the characteristics on the left to the corresponding protocol on the right.Select and Place:
Question 44
DRAG DROP -Drag the descriptions on the left onto the components of 802.1X on the right.Select and Place:
Question 45
A network engineer is configuring Cisco TrustSec and needs to ensure that the Security Group Tag is being transmitted between two devices.Where in the Layer 2 frame should this be verified?
A. payload
B. 802.1 AE header
C. CMD field
D. 802.1Q field
Question 46
A network administrator must configure endpoints using an 802.1X authentication method with EAP identity certificates that are provided by the Cisco ISE. When the endpoint presents the identity certificate to Cisco ISE to validate the certificate, endpoints must be authorized to connect to the network.Which EAP type must be configured by the network administrator to complete this task?
A. EAP-TTLS
B. EAP-TLS
C. EAP-FAST
D. EAP-PEAP-MSCHAPv2
Question 47
An organization wants to standardize the 802.1X configuration on their switches and remove static ACLs on the switch ports while allowing Cisco ISE to communicate to the switch what access to provide.What must be configured to accomplish this task?
A. dynamic access list within the authorization profile
B. extended access-list on the switch for the client
C. security group tag within the authorization policy
D. port security on the switch based on the client's information
Question 48
Refer to the exhibit.In which scenario does this switch configuration apply?
A. when allowing a hub with multiple clients connected
B. when allowing multiple IP phones to be connected
C. when preventing users with hypervisor
D. when bypassing IP phone authentication
Question 49
Refer to the exhibit.Which switch configuration change will allow only one voice and one data endpoint on each port?
A. auto to manual
B. mab to dot1x
C. multi-auth to multi-domain
D. multi-auth to single-auth
Question 50
A network security engineer needs to configure 802.1X port authentication to allow a single host to be authenticated for data and another single host to be authenticated for voice.Which command should the engineer run on the interface to accomplish this goal?
A. authentication host-mode multi-domain
B. authentication host-mode single-host
C. authentication host-mode multi-auth
D. authentication host-mode multi-host
