CCNP Security Practice Test | Secure Access (SISAS)

Which is an access issue not covered in the guest services?

A. Lifetime of a guest account

B. Customizable guest portals

C. Sponsor account privileges

D. Password hashing

What are the four posture conditions that can be used to evaluate the state of a software component on a client endpoint? (Choose four)

A. File

B. Service

C. Node

D. Application

E. Registry

F. Command

Which three features need to be configured on NADs to support Central WebAuth? (Choose three)

A. Configure a local ACL.

B. Enable CoA.

C. Enable MDA mode.

D. Enable the HTTP and HTTPS services.

E. Enable MAB.

What are the four components of an ISE Authorization Rule? (Choose four)

A. Conditions

B. Permissions

C. Rule Name

D. CoA

E. Identity Group

F. External Identity Source

Which two statements regarding the Cisco NAC Web agent are true? (Choose two)

A. It is typically used for unmanaged computers and guest access.

B. It offers the most remediation options.

C. It is typically used on managed devices.

D. It requires ActiveX or Java to be installed on the endpoints.

E. It can be installed from a Web browser or an MSI package.

Which three statements regarding a single SSID design model are true? (Choose three)

A. Uses only an open SSID

B. Cannot be changed once configured

C. Least common design

D. Does not work for guests

E. Easiest model to deploy and manage

What information is not used in conjunction with Security Group information for SGFW enforcement?

A. IP version

B. Destination IP address

C. Port numbers

D. Protocol numbers

Which is not a policy function of the Cisco TrustSec architecture?

A. Classify

B. Enforce

C. Transport

D. Create

Which of the following three features does Dual SSID provide over Single SSID? (Choose three)

A. Separates provisioning and network access

B. Works for guests and employees

C. Doubles bandwidth to authenticated wireless clients

D. More secure since it is less common

E. Uses open SSID for provisioning

Which is the first step in the SGA deployment?

A. Configure the Cisco TrustSec

B. Implement dynamic classification

C. Define security groups and SGACLs

D. Configure the SGT transport

Which protocol can be used to control administrative access to specific commands on a Cisco network device?

A. EAP

B. RADIUS

C. TACACS+

D. LDAP

What occurs when an EAPOL packet is detected on a MAB enabled port?

A. WebAuth is used.

B. 802.1X authentication is used.

C. The port is disabled.

D. The posture service is initiated.

Which statement regarding the dual SSID design model is true when compared to the single SSID design model?

A. Easiest to deploy and manage

B. Does not work for guests

C. Can use open SSID for provisioning

D. Least common design

For Cisco switches, on which ports can MACsec be used? (Choose three)

A. CMD

B. 802.1Q

C. ETYPE

D. SMAC

E. DMAC

Which three statements are true regarding BYOD guest access? (Choose three)

A. Guests are sent to WebAuth.

B. The Wireless_MAB rule will be applied to guests.

C. Guest endpoints are provisioned.

D. Connection is limited to the open SSID.

E. The open SSID is only used during the initial connection phase.

For what purposes do enterprises deploy the Cisco ISE profiler service? (Choose two)

A. To allow characteristics of the physical endpoint security posture to be interrogated

B. To create a learned inventory

C. To determine the applicable endpoint identity group

D. To provide customizable portals

Which Cisco ISE probe gathers data from the Cisco IOS Device Sensor feature?

A. NMAP

B. HTTP

C. RADIUS

D. DHCP

Which features can be used to determine the identity of a user or endpoint? (Choose four)

A. VPN authentication

B. Cisco AnyConnect

C. 802.1X

D. Web authentication

E. Mac authentication bypass

Which of the following are the first four stages of the eight stage process in approaching problem solving? (Choose four)

A. Gather detailed information

B. Define the problem

C. Observe results of Implementation

D. Repeat process if not solved

E. Consider probable solution

F. Devise a plan to solve the problem

What two commands can show you the Authentication information for any 802.1X sessions on interface GigabitEthernet0/1? (Choose two)

A. show authentication sessions interface gigabitEthernet 0/1

B. show authentication intgigabitEthernet port 0/1

C. show sessions

D. show authentication sessions

What are some common potential profiler problems? (Choose three)

A. Lack of support for CoA on NAD

B. Mismatched ACL name for traffic redirection

C. Missing MAC-to-IP address binding

D. Mismatched settings of network probes and the ISE

Which three items are provided to employee endpoints after the client provisioning process? (Choose three)

A. Certificate

B. Wi-Fi profile

C. Security group tag

D. MAC address

E. Native profile

What are three of the access control operational components for Cisco ISE? (Choose three)

A. Profiler

B. Guest Service

C. Security Group Access

D. MACsec Encryption

E. Posture

F. Identity-Based Firewall

What are some common potential WebAuth problems? (Choose three)

A. Permitting data on port 80 (HTTP) and 443 (HTTPS)

B. Incorrect AAA settings on the network access device

C. Mismatched ACL name for traffic redirection

D. Incorrect authorization settings

What are the three elements that are used to build Policies? (Choose three)

A. Postures

B. Dictionaries

C. SGAs

D. Results

E. Conditions

What option simplifies ACL management?

A. dACLs

B. VLANs

C. Security Group Access

What command is used to see if a particular dynamic ACL has been applied to an interface?

A. speed

B. show

C. ssh

D. send

Which Cisco ISE profiling probe could be implemented to gather the name of the OS and the hostname of the device for classification purposes?

A. NetFlow probe

B. DHCP probe

C. HTTP probe

D. DNS probe

Identify the functions and components of IEEE 802.1X. (Choose three)

A. It provides authentication based port access control and authorization

B. It authenticates clients using an authentication server

C. It uses an authenticator such as a switch or wireless LAN controller

D. It uses a supplicant such as a Cisco ISE or RADIUS server

Which is not an ACL element used by the Modular Policy Framework?

A. Class maps

B. Device configuration

C. Service policy

D. Policy maps

What authorization rule should be set in order to redirect traffic to the WebAuth?

A. Guest Flow

B. Deny Access

C. Host Lookup

D. Allows Access

What non-tunneled Extensible Authentication Protocol (EAP) would you use if you have to use PKI certificates?

A. EAP-GTC

B. EAP-MD5

C. EAP-MSCHAPv2

D. EAP-TLS

Refer to the SXP connection command output. Which options correctly describe the result of this output? (Choose two)

Refer to the SXP connection command output. Which options correctly describe the result of this output?

A. Only the HQ device can be configured as a speaker.

B. The current configuration will not function.

C. Either device needs to be configured as the speaker.

D. Both devices would need to be configured as the speaker.

E. The current configuration will work, but sub-optimally.

Which 802.1X host mode allows for the use of multiple clients using MAB, web authorization, or 802.1X on the data VLAN?

A. Multiple host mode

B. Multiple domain authentication mode

C. Multiple authentication mode

D. Single host mode

What is the purpose and use of agents? (Choose three)

A. Typically used on managed devices

B. Installed from Web or MSI with administrator rights

C. Typically used on client or user facing systems only

D. Available for Windows and Macintosh computers

E. Web installation can be done without administrator rights but is limited

What are some of the features of the Network Access Manager (NAM)? (Choose three)

A. Virus Scanning

B. Layer 2 device management and authentication

C. Host Scan

D. Downlink MACsec

What features describe EAP Chaining? (Choose two)

A. Uses Identity-Type TLV as an optional third phase of the authentication

B. Supports authentication of machine and user inside the same TLS outer tunnel

C. Was first implemented in EAP-FASTv2

D. It is an IETF standard called TLV-TEAP

What are the three options that can be applied in the authorization policy? (Choose three)

A. Authenticated: redirect to client provisioning portal and grant restricted access

B. Unknown: redirect to client provisioning portal and restrict access

C. Failed: restrict access

D. Noncompliant: restrict access

E. Compliant: grant controlled access

F. Confirmed: grant full access

Which solution is used to classify packets using device and user identity to provide enhanced access control capability?

A. SGA

B. CoA

C. dACL

D. QoS

Which two components make up the Cisco ISE profiler? (Choose two)

A. Sponsor portal

B. Analyzer

C. Sensor

D. dACL

What is the default behavior if an Identity source cannot be accessed?

A. Processing stops on this store and the internal ISE database is checked

B. Treat it as if the user was not found and proceed to the next store in the sequence

C. Sets the Authentication Status to "Server Unavailable" and removes the Server from the Identity source sequence

D. Processing stops and it sets the Authentication Status to "Process Error"

Identify the six components of the Life cycle. (Choose six)

A. Identify

B. Enforce

C. Harden

D. Monitor

E. Isolate

F. Correlate

G. Archive

Which is a feature of the Sponsor portal?

A. Register a device

B. View guest user accounts

C. View Acceptable Use Policy screen

D. Set up own user account

What must each endpoint profiling policy rule have associated with it to determine if the policy is applied to an endpoint?

A. Minimum Certainty Factor

B. Parent Policy

C. Network Scan (NMAP) Action

D. Exception Action

Identify the features of Cisco TrustSec. (Choose two)

A. It is topology-independent

B. It uses Security Group ACL for Ingress tagging

C. It uses a Secure Group Tag for Egress filtering

D. It classifies data traffic for a particular role

What application security feature is used with Exchange servers?

A. WSA

B. ISE

C. ESA

D. NFP

Which Cisco ISE solution is an example of an authorization policy result?

A. WebAuth

B. SGACL

C. SXP

D. dACL

When using 802.1X authentication, which type of VLAN will have a centralized audit trail in the AAA system?

A. Assigned

B. Guest

C. Default

D. Restricted

E. Critical

Which web authentication redirects a user to the Cisco ISE web service to perform authentication?

A. Device Registration WebAuth

B. Wired NAD with Local WebAuth

C. Central WebAuth

D. WLC with Local WebAuth

Which of the following is true when creating NDGs?

A. The NDG name and type is required when creating a child NDG.

B. NDGs can be imported using a CSV file.

C. Predefined root NDGs can be modified.

D. Network devices can only be assigned to one NDG.

What will an employee endpoint device have after successfully being provisioned? (Choose three)

A. Wi-Fi profile

B. Certificate

C. Native supplicant

D. WPA2 shared password

In which configuration setting is the sequence of identity sources configured?

A. Advanced Search List Setting

B. Authentication Policy

C. Authentication Search List

D. Certificate Based Authentication

What is used to propagate SGT within the network? (Choose two)

A. Inline tagging

B. SGFW

C. SGACL

D. SXP

What is the key difference between Android and Apple devices when connecting employee BYOD devices to the network using Cisco ISE?

A. Android devices must disconnect from the open SSID before they can connect to the employee SSID

B. Android devices can only use the open SSID

C. Apple iOS devices must manually connect to the BYOD employee SSID

D. Apple iOS devices require an additional password authentication step

What are some of the fields you would expect to see in a Certificate? (Choose three)

A. Valid to

B. Key Version

C. MailTo

D. Valid from

E. Public key

While calculating your results take a moment to complete our simple survey!

How likely is it that you would recommend LearnCisco.net
to a friend or colleague?

Why?

Our Recommended Premium Cisco Training Resources:

While calculating your results take a moment to complete our simple survey!

How likely is it that you would recommend LearnCisco.net to a friend or colleague?

Why?

Our Recommended Premium Cisco Training Resources:

How likely is it that you would recommend LearnCisco.net
to a friend or colleague?