Page: 1
/ 5
Total 70 questions
Which three options are valid client profile probes m Cisco ISE? (Choose three.)
- A. DHCP
- B. 802.1X
- C. CCX
- D. NetFlow
- E. TACACS
- F. HTTP
Answer : A,D,F
An engineer is changing the authentication method of a wireless network from EAP-FAST to EAP-TLS. Which two changes are necessary? (Choose two.)
- A. Cisco Secure ACS is required.
- B. A Cisco NAC server is required.
- C. All authentication clients require their own certificates.
- D. The authentication server now requires a certificate.
- E. The users require the Cisco AnyConnect client.
Answer : C,D
An engineer has determined that the source of an authentication issue is the client laptop.
Which three items must be verified for EAP-TLS authentication? (Choose three.)
- A. The client certificate is formatted as X 509 version 3
- B. The validate server certificate option is disabled.
- C. The client certificate has a valid expiration date.
- D. The user account is the same in the certificate.
- E. The supplicant is configured correctly.
- F. The subject key identifier is configured correctly.
Answer : A,D,F
Refer to the exhibit.
What is the 1.1.1.1 IP address?
- A. the wireless client IP address
- B. the RADIUS server IP address
- C. the controller management IP address
- D. the lightweight IP address
- E. the controller AP-manager IP address
- F. the controller virtual interface IP address
Answer : F
Clients are failing EAP authentication. A debug shows that an EAPOL start is sent and the clients are then de-authenticated. Which two issues can cause this problem? (Choose two.)
- A. The WLC certificate has changed.
- B. The WLAN is not configured for the correct EAP supplicant type.
- C. The shared secret of the WLC and RADIUS server do not match.
- D. The WLC has not been added to the RADIUS server as a client.
- E. The clients are configured for machine authentication, but the RADIUS server is configured for user authentication.
Answer : C,D
When using the Standalone Profile Editor in the Cisco AnyConnect v3.0 to create a new
NAM profile, which two statements describe the profile becoming active? (Choose two.)
- A. selects the new profile from NAM
- B. selects "Network Repair" from NAM
- C. becomes active after a save of the profile name
- D. ensures use of "configuration.xml" as the profile name
- E. ensures use of "config.xml" as the profile name
- F. ensures use of "nam.xml" as the profile name
Answer : B,D
Access points at branch sites for a company are in FlexConncct mode and perform local switching, but they authenticate to the central RADIUS at headquarters. VPN connections to the headquarters have gone down, but each branch site has a local authentication server. Which three features on the wireless controller can be configured to maintain network operations if this situation reoccurs? (Choose three.)
- A. Put APs in FlexConnect Group for Remote Branches.
- B. Set Branch RADIUS as Primary.
- C. Put APs in AP Group Per Branch.
- D. Put APs in FlexConnect Group Per Branch.
- E. Set Branch RADIUS OS Secondary.
- F. Set HQ RADIUS a-s primary.
Answer : A,E,F
Client Management Frame Protection is supported on which Cisco Compatible Extensions version clients?
- A. v2 and later
- B. v3 and later
- C. v4 and later
- D. v5 only
Answer : D
What two actions must be taken by an engineer configuring wireless Identity-Based
Networking for a WLAN to enable VLAN tagging? (Choose two.)
- A. enable AAA override on the WLAN
- B. create and apply the appropriate ACL to the WLAN
- C. update the RADIUS server attributes for tunnel type 64, medium type 65, and tunnel private group type 81
- D. configure RADIUS server with WLAN subnet and VLAN ID
- E. enable VLAN Select on the wireless LAN controller and the WLAN
Answer : A,C