- (Exam Topic 2)
An engineer must configure AAA on a Cisco 9800 WLC for central web authentication Which two commands are needed to accomplish this task? (Choose two.)

1. A. Option A
2. B. Option B
3. C. Option C
4. D. Option D
5. E. Option E

Correct Answer: CD

- (Exam Topic 1)
Which method creates an EEM applet policy that is registered with EEM and runs on demand or manually?

1. A. event manager applet ondemand event registeraction 1.0 syslog priority critical msg 'This is a message from ondemand'
2. B. event manager applet ondemand event manualaction 1.0 syslog priority critical msg 'This is a message from ondemand'
3. C. event manager applet ondemand event noneaction 1.0 syslog priority critical msg 'This is a message from ondemand'
4. D. event manager applet ondemandaction 1.0 syslog priority critical msg 'This is a message from ondemand'

Correct Answer: C
An EEM policy is an entity that defines an event and the actions to be taken when that event occurs. There are two types of EEM policies: an applet or a script. An applet is a simple form of policy that is defined within the CLI configuration. answer 'event manager applet ondemand event register
action 1.0 syslog priority critical msg ‘This is a message from ondemand’
<="" p="" style="box-sizing: border-box;">
There are two ways to manually run an EEM policy. EEM usually schedules and runs policies on the basis of an event specification that is contained within the policy itself. The event none command allows EEM to identify an EEM policy that can be manually triggered. To run the policy, use either the action policy command in applet configuration mode or the event manager run command
in privileged EXEC mode.
Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/eem/configuration/xe-3s/eem-xe- 3s-book/eem-policy-cli.html

- (Exam Topic 1)
An engineer must provide wireless converge in a square office. The engineer has only one AP and believes that it should be placed it in the middle of the room. Which antenna type should the engineer use?

1. A. directional
2. B. polarized
3. C. Yagi
4. D. omnidirectional

Correct Answer: D

- (Exam Topic 2)
A vulnerability assessment highlighted that remote access to the switches is permitted using unsecure and unencrypted protocols Which configuration must be applied to allow only secure and reliable remote access for device administration?

1. A. line vty 0 15 login localtransport input none
2. B. line vty 0 15 login localtransport input telnet ssh
3. C. line vty 0 15 login localtransport input ssh
4. D. line vty 0 15 login local transport input all

Correct Answer: C

- (Exam Topic 2)
Which feature does Cisco TrustSec use to provide scalable, secure communication throughout a network?

1. A. security group tag ACL assigned to each port on a switch
2. B. security group tag number assigned to each port on a network
3. C. security group tag number assigned to each user on a switch
4. D. security group tag ACL assigned to each router on a network

Correct Answer: B
Cisco TrustSec uses tags to represent logical group privilege. This tag, called a Security Group Tag (SGT), is used in access policies. The SGT is understood and is used to enforce traffic by Cisco switches, routers and firewalls . Cisco TrustSec is defined in three phases: classification, propagation and enforcement.
When users and devices connect to a network, the network assigns a specific security group. This process is called classification. Classification can be based on the results of the authentication
or by associating the SGT with an IP, VLAN, or port-profile (-> Answer 'security group tag ACL assigned to each port on a switch' and answer 'security group tag number assigned to each
user on a switch' are not correct as they say “assigned … on a switch” only. Answer 'security group tag ACL assigned to each router on a network' is not correct either as it says “assigned to each router”).