Question 1

An administrator is configuring a switch port for use with 802 1X What must be done so that the port will allow voice and multiple data endpoints?

Options :

A : Configure the port with the authentication host-mode multi-auth command

B : Connect the data devices to the port, then attach the phone behind them.

C : Use the command authentication host-mode multi-domain on the port

D : Connect a hub to the switch port to allow multiple devices access after authentication

Answer: A

Question 2

An engineer is configuring sponsored guest access and needs to limit each sponsored guest to a maximum of two devices. There are other guest services in production that rely on the default guest types. How should this configuration change be made without disrupting the other guest services currently offering three or more guest devices per user?

Options :

A : Create an ISE identity group to add users to and limit the number of logins via the group configuration.

B : Create a new guest type and set the maximum number of devices sponsored guests can register

C : Create an LDAP login for each guest and tag that in the guest portal for authentication.

D : Create a new sponsor group and adjust the settings to limit the devices for each guest.

Answer: B

Question 3

An administrator must block access to BYOD endpoints that were onboarded without a certificate and have been reported as stolen in the Cisco ISE My Devices Portal. Which condition must be used when configuring an authorization policy that sets DenyAccess permission?

Options :

A : Endpoint Identity Group is Blocklist, and the BYOD state is Registered.

B : Endpoint Identify Group is Blocklist, and the BYOD state is Pending.

C : Endpoint Identity Group is Blocklist, and the BYOD state is Lost.

D : Endpoint Identity Group is Blocklist, and the BYOD state is Reinstate.

Answer: A

Question 4

An administrator is configuring posture with Cisco ISE and wants to check that specific services are present on the workstations that are attempting to access the network. What must be configured to accomplish this goal?

Options :

A : Create a registry posture condition using a non-OPSWAT API version.

B : Create an application posture condition using a OPSWAT API version.

C : Create a compound posture condition using a OPSWAT API version.

D : Create a service posture condition using a non-OPSWAT API version.

Answer: D

Question 5

An administrator needs to connect ISE to Active Directory as an external authentication source and allow the proper ports through the firewall. Which two ports should be opened to accomplish this task? (Choose two)

Options :

A : TELNET 23

B : LDAP 389

C : HTTP 80

D : HTTPS 443

E : MSRPC 445

Answer: B,E