Q71. Which three are required steps to enable SXP on a Cisco ASA? (Choose three). 

A. configure AAA authentication 

B. configure password 

C. issue the aaa authorization command aaa-server group command 

D. configure a peer 

E. configure TACACS 

F. issue the cts sxp enable command 

Answer: B,D,F 


Q72. The NAC Agent v4.9.x uses which ports and protocols to communicate with an ISE Policy Service Node? 

A. tcp/8905, http/80, ftp/21 

B. tcp/8905, http/80, https/443 

C. udp/8905, telnet/23, https/443 

D. udp/8906, http/80, https/443 

Answer:


Q73. What is a feature of Cisco WLC and IPS synchronization? 

A. Cisco WLC populates the ACLs to prevent repeat intruder attacks. 

B. The IPS automatically send shuns to Cisco WLC for an active host block. 

C. Cisco WLC and IPS synchronization enables faster wireless access. 

D. IPS synchronization uses network access points to provide reliable monitoring. 

Answer:


Q74. What implementation must be added to the WLC to enable 802.1X and CoA for wireless endpoints? 

A. the ISE 

B. an ACL 

C. a router 

D. a policy server 

Answer:


Q75. Which two options are valid for configuring IEEE 802.1AE MACSec between switches in a TrustSec network? (Choose two.) 

A. manually on links between supported switches 

B. in the Cisco Identity Services Engine 

C. in the global configuration of a TrustSec non-seed switch 

D. dynamically on links between supported switches 

E. in the Cisco Secure Access Control System 

F. in the global configuration of a TrustSec seed switch 

Answer: A,D 


Q76. Which three pieces of information can be found in an authentication detail report? (Choose three.) 

A. DHCP vendor ID 

B. user agent string 

C. the authorization rule matched by the endpoint 

D. the EAP method the endpoint is using 

E. the RADIUS username being used 

F. failed posture requirement 

Answer: C,D,E 


Q77. Refer to the exhibit. 

The links outside the TrustSec area in the given SGA architecture are unprotected. On which two links does EAC take place? (Choose two.) 

A. between switch 2 and switch 3 

B. between switch 5 and host 2 

C. between host 1 and switch 1 

D. between the authentication server and switch 4 

E. between switch 1 and switch 2 

F. between switch 1 and switch 5 

Answer: A,B 


Q78. The corporate security policy requires multiple elements to be matched in an authorization policy. Which elements can be combined to meet the requirement? 

A. Device registration status and device activation status 

B. Network access device and time condition 

C. User credentials and server certificate 

D. Built-in profile and custom profile 

Answer:


Q79. Where must periodic re-authentication be configured to allow a client to come out of the quarantine state and become compliant? 

A. on the switch port 

B. on the router port 

C. on the supplicant 

D. on the controller 

Answer:


Q80. Refer to the exhibit. 

If the given configuration is applied to the object-group vpnservers, during which time period are external users able to connect? 

A. From Friday at 6:00 p.m. until Monday at 8:00 a.m. 

B. From Monday at 8:00 a.m. until Friday at 6:00 p.m. 

C. From Friday at 6:01 p.m. until Monday at 8:01 a.m. 

D. From Monday at 8:01 a.m. until Friday at 5:59 p.m. 

Answer: