An administrator is adding a switch to a network that is running Cisco ISE and is only for IP Phones The phones do not have the ability to authenticate via 802 1X Which command is needed on each switch port for authentication?

1. A. dot1x system-auth-control
2. B. enable bypass-mac
3. C. enable network-authentication
4. D. mab

Correct Answer: D
https://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_aaa/configuration/15-2mt/sec-config-mab.html

Which are two characteristics of TACACS+? (Choose two)

1. A. It uses TCP port 49.
2. B. It combines authorization and authentication functions.
3. C. It separates authorization and authentication functions.
4. D. It encrypts the password only.
5. E. It uses UDP port 49.

Correct Answer: AC

A network administrator must use Cisco ISE to check whether endpoints have the correct version of antivirus installed Which action must be taken to allow this capability?

1. A. Configure a native supplicant profile to be used for checking the antivirus version
2. B. Configure Cisco ISE to push the HostScan package to the endpoints to check for the antivirus version.
3. C. Create a Cisco AnyConnect Network Visibility Module configuration profile to send the antivirus information of the endpoints to Cisco ISE.
4. D. Create a Cisco AnyConnect configuration within Cisco ISE for the Compliance Module and associated configuration files

Correct Answer: A
https://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_client_prov.html About Anyconnect Network Visibility Module
https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect45/administration/guide/b_An

If a user reports a device lost or stolen, which portal should be used to prevent the device from accessing the network while still providing information about why the device is blocked?

1. A. Client Provisioning
2. B. Guest
3. C. BYOD
4. D. Blacklist

Correct Answer: D
https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Borderless_Networks/Unified_Access/BYOD_Desi The Blacklist identity group is system generated and maintained by ISE to prevent access to lost or stolen devices. In this design guide, two authorization profiles are used to enforce the permissions for wireless and wired devices within the Blacklist:
Blackhole WiFi Access
Blackhole Wired Access

An organization is adding nodes to their Cisco ISE deployment and has two nodes designated as primary and secondary PAN and MnT nodes. The organization also has four PSNs An administrator is adding two more PSNs to this deployment but is having problems adding one of them What is the problem?

1. A. The new nodes must be set to primary prior to being added to the deployment
2. B. The current PAN is only able to track a max of four nodes
3. C. Only five PSNs are allowed to be in the Cisco ISE cube if configured this way.
4. D. One of the new nodes must be designated as a pxGrid node

Correct Answer: C