An administrator replaced a PSN in the distributed Cisco ISE environment. When endpoints authenticate to it, the devices are not getting the right profiles or attributes and as a result, are not hitting the correct policies. This was working correctly on the previous PSN. Which action must be taken to ensure the endpoints get identified?

1. A. Verify that the MnT node is tracking the session.
2. B. Verify the shared secret used between the switch and the PSN.
3. C. Verify that the profiling service is running on the new PSN.
4. D. Verify that the authentication request the PSN is receiving is not malformed.

Correct Answer: C

An engineer is configuring static SGT classification. Which configuration should be used when authentication is disabled and third-party switches are in use?

1. A. VLAN to SGT mapping
2. B. IP Address to SGT mapping
3. C. L3IF to SGT mapping
4. D. Subnet to SGT mapping

Correct Answer: B
https://community.cisco.com/t5/security-knowledge-base/segmentation-strategy/ta-p/3757424: "The method of sending out IP to SGT mappings from ISE is particularly useful if the access switch does not support TrustSec"

An engineer is unable to use SSH to connect to a switch after adding the required CLI commands to the device to enable TACACS+. The device administration license has been added to Cisco ISE, and the required policies have been created. Which action is needed to enable access to the switch?

1. A. The ip ssh source-interface command needs to be set on the switch
2. B. 802.1X authentication needs to be configured on the switch.
3. C. The RSA keypair used for SSH must be regenerated after enabling TACACS+.
4. D. The switch needs to be added as a network device in Cisco ISE and set to use TACACS+.

Correct Answer: D

An administrator made changes in Cisco ISE and needs to apply new permissions for endpoints that have already been authenticated by sending a CoA packet to the network devices. Which IOS command must be configured on the devices to accomplish this goal?

1. A. aaa server radius dynamic-author
2. B. authentication command bounce-port
3. C. authentication command disable-port
4. D. aaa nas port extended

Correct Answer: A

A network engineer needs to deploy 802.1x using Cisco ISE in a wired network environment where thin clients download their system image upon bootup using PXE. For which mode must the switch ports be configured?

1. A. closed
2. B. restricted
3. C. monitor
4. D. low-impact

Correct Answer: D