Q61. Which three features should be enabled as best practices for MAB? (Choose three.) 

A. MD5 

B. IP source guard 

C. DHCP snooping 

D. storm control E. DAI 


Answer: B,C,E 

Q62. When RADIUS NAC and AAA Override are enabled for a WLC on a Cisco ISE, which two statements about RADIUS NAC are true? (Choose two.) 

A. It returns an access-accept and sends the redirection URL for all users. 

B. It establishes secure connectivity between the RADIUS server and the Cisco ISE. 

C. It allows the Cisco ISE to send a CoA request that indicates when the user is authenticated. 

D. It is used for posture assessment, so the Cisco ISE changes the user profile based on posture result. 

E. It allows multiple users to authenticate at the same time. 

Answer: C,D 

Q63. Which option restricts guests from connecting more than one device at a time? 

A. Guest Portal policy > Set Device registration portal limit 

B. Guest Portal Policy > Set Allow only one guest session per user 

C. My Devices Portal > Set Maximum number of devices to register 

D. Multi-Portal Policy > Guest users should be able to do device registration 


Q64. Certain endpoints are missing DHCP profiling data. 

Which option describes what can be used to determine if DHCP requests from clients are reaching Cisco ISE? 

A. output of show interface gigabitEthernet 0 from the CLI 

B. output of debug logging all 7 from the CLI 

C. output of show logging application profiler.log from the CLI 

D. the TCP dump diagnostic tool through the GUI 

E. the posture troubleshooting diagnostic tool through the GUI 


Q65. Cisco 802.1X phasing enables flexible deployments through the use of open, low-impact, and closed modes. What is a unique characteristic of the most secure mode? 

A. Granular ACLs applied prior to authentication 

B. Per user dACLs applied after successful authentication 

C. Only EAPoL traffic allowed prior to authentication 

D. Adjustable 802.1X timers to enable successful authentication 


Q66. Which action must an administrator take after joining a Cisco ISE deployment to an Active Directory domain? 

A. Choose an Active Directory user. 

B. Configure the management IP address. 

C. Configure replication. 

D. Choose an Active Directory group. 


Q67. What is the default posture status for non-agent capable devices, such as Linux and iDevices? 

A. Unknown 

B. Validated 

C. Default 

D. Compliant 


Q68. When you add a new PSN for guest access services, which two options must be enabled under deployment settings? (Choose two.) 

A. Admin 

B. Monitoring 

C. Policy Service 

D. Session Services 

E. Profiling 

Answer: C,D 

Q69. Which command in the My Devices Portal can restore a previously lost device to the network? 

A. Reset 

B. Found 

C. Reinstate 

D. Request 


Q70. Which two profile attributes can be collected by a Cisco Catalyst Switch that supports Device Sensor? (Choose two.) 

A. LLDP agent information 

B. user agent 

C. DHCP options 

D. open ports 

E. operating system 

F. trunk ports 

Answer: A,C