What is the purpose of adding a user with the username radiustest password password

command?

d. The switch can send periodic RADIUS Access-Requests to the AAA servers to verify whether
they are still alive. The username and password will be used for that test.

Which of the following are TACACS+ messages sent from the AAA client to the AAA server?
(Select all that apply.)

b. START

Which supplicant(s) is capable of EAP chaining?

c. Cisco AnyConnect NAM

Which of the following technologies enables an administrator to maintain the same

configuration on all access ports, on all switches, regardless of the type of device connecting to
the network?

d. Flex-Auth

True or False? The supplicant is required to trust the certificate of the authentication server
before it will form the TLS tunnel within which the EAP transaction will occur.

b. False

True or False? IEEE 802.1X may use TACACS+ to communicate the EAP identity to the
authentication server.

a. False

What is the name of the “secure cookie” used with EAP-FAST that can be used in lieu of a
certificate, or even in addition to a certificate?

b. Protected access credential (PAC)

Which three probes exist with device sensor?

d. CDP, DHCP, LLDP

True or False? RADIUS can be used for device administration AAA.

b. True
Which of the following is true?

c. The EAP communication occurs between the supplicant and theauthentication server.

How are updated profiles distributed to customer ISE deployments?

a. Cisco’s Profiler Feed Service.

Which of the following protocols is best suited for granular command level control with device
administration AAA?

a. TACACS+

Which of the following Cisco products should be used for device administration with TACACS+?

d. Cisco Secure Access Control Server (ACS)

Which of the following protocols is best suited for authenticating and authorizing a user for network
access AAA?

d. RADIUS

What determines when an endpoint is assigned to a profile?

d. The certainty value must equal or exceed the minimum certainty value of the profile.

Which command on a Cisco switch will display the current status of the AAA server(s)?

c. show aaa servers

What will happen when an ISE administrator has modified a profile and then a Feed Service update is
downloaded that contains an updated version of that profile?

a. All nonconflicting profiles will be downloaded and installed. The conflicting profiles will be ignored.

Which of the following best describes an AV-pair?

d. When communicating with an AAA protocol, the AV-pair stipulates a common attribute or object and
its assigned value.
Which of the following best describes the difference between authentication and authorization?

c. Authentication validates the user’s identity, whereas authorization determines what that user is
permitted to do.

True or False? ISE deployments must wait for Feed Service updates for new profiles.

a. False

Which of the following are types of AAA as related to the topics of this exam?

c. Network access

e. Device administration

Which ISE tool enables an administrator to drill down in to the profiles that have been assigned to locate
a specific endpoint with that profile?

c. Endpoints Drill-down

What are the three main components of IEEE 802.1X?

a. Authentication server, supplicant, authenticator

When configuring a Cisco Wireless LAN Controller (WLC) for communication with ISE, what must be
configured for the wireless LAN (WLAN)? (Choose two.)

a. The WLAN must be configured for RADIUS NAC.

Which command will validate that authentications are being attempted, which authentications are
successful, and which authorization results have been assigned?

b. show authentication session interface <interface>

True or False? Cisco switches should be configured in production to send syslog messages to the ISE
MNT node.

b. False
When using RADIUS, what tells the AAA server which type of action is being authenticated?

d. The Service-Type field.

True or False? A machine authentication may use EAP-FAST.

a. True

What are two ways to collect HTTP user agent strings?

a. Directly from ISE web portals

e. SPAN port mirroring

Which interface-level command is the equivalent of “turn authentication on”?

a. authentication port-control auto

Name three ways in which an endpoint profile can be used in an authorization policy rule?

a. Logical profiles

b. Endpoint identity groups

c. EndPointPolicy attribute

Which host mode will permit a virtually unlimited number of endpoints per port, allowing all subsequent
MAC addresses to share the authorization result of the first endpoint authorized?

a. Multi-Host

Why is RADIUS or TACACS+ needed? Why can’t the end user authenticate directly to the authentication
server?

d. Both RADIUS and TACACS+ extend the Layer-2 authentication protocols, allowing the end user to
communicate with an authentication server that is not Layer-2 adjacent

Which probe is used to trigger the SNMPQUERY probe to query a NAD?

e. Both A and D
True or False? MSCHAPv2 may be used to perform machine authentication with an LDAP connection to
Active Directory.

b. False

True or False? The profiling service is enabled by default on ISE policy service nodes.

b. True

True or False? A tunneled EAP type is able to use native EAP types as its inner method.

a. True

When configuring a Cisco switch for 802.1X, at which level of the configuration do the 802.1X -related
commands exist?

a. Both at global configuration level as well as per interface.

True or False? 802.1X can be configured on all switch interfaces, including Layer-3 interfaces.

a. False

What is the purpose of an outer identity?

b. The outer identity provides a mechanism to authenticate the identity of the endpoint during the
tunnel establishment phase.