What does the dot1x system-auth-control command do?

1. A. causes a network access switch not to track 802.1x sessions
2. B. globally enables 802.1x
3. C. enables 802.1x on a network access device interface
4. D. causes a network access switch to track 802.1x sessions

Correct Answer: B
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/XE3-8-0E/15-24E/configuration/guide/xe-380

What is an advantage of using EAP-TLS over EAP-MS-CHAPv2 for client authentication?

1. A. EAP-TLS uses a username and password for authentication to enhance security, while EAP-MS-CHAPv2 does not.
2. B. EAP-TLS secures the exchange of credentials, while EAP-MS-CHAPv2 does not.
3. C. EAP-TLS uses a device certificate for authentication to enhance security, while EAP-MS-CHAPv2 does not.
4. D. EAP-TLS uses multiple forms of authentication, while EAP-MS-CHAPv2 only uses one.

Correct Answer: C

An engineer is implementing Cisco ISE and needs to configure 802.1X. The port settings are configured for port-based authentication. Which command should be used to complete this configuration?

1. A. dot1x pae authenticator
2. B. dot1x system-auth-control
3. C. authentication port-control auto
4. D. aaa authentication dot1x default group radius

Correct Answer: B
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/31sg/configuration/guide/conf/dot1x.

When configuring Active Directory groups, what does the Cisco ISE use to resolve ambiguous group names?

1. A. MIB
2. B. TGT
3. C. OMAB
4. D. SID

Correct Answer: D

An administrator is attempting to join a new node to the primary Cisco ISE node, but receives the error message "Node is Unreachable". What is causing this error?

1. A. The second node is a PAN node.
2. B. No administrative certificate is available for the second node.
3. C. The second node is in standalone mode.
4. D. No admin privileges are available on the second node.

Correct Answer: B
https://www.ciscopress.com/articles/article.asp?p=2812072