QUESTION 251 A security administrator wants to profile endpoints and gain visibility into attempted authentications. Which 802.1x mode allows these actions? A. monitor mode B. high-security mode C. closed mode D. low-impact mode Answer: A QUESTION 252 Which three events immediately occur when a user clicks register on their device in a single- SSID BYOD onboarding registration process? (Choose three). A. CA certificate is sent to the device from Cisco ISE B. An endpoint is added to a Registered Devices identity group C. RADIUS access request is sent to Cisco ISE D. The profile service is sent to the device from Cisco ISE E. DACL is sent to the device from Cisco ISE F. BYOD registration flag is set by Cisco ISE Answer: ABF QUESTION 253 A company wants to allow employees to register and manage their own devices that do not support NSP. Which portals enable this? A. MDM portals B. Client provisioning portals C. My devices portals D. BYOD Portals Answer: C QUESTION 254 Which three options can be pushed from Cisco ISE server as part of a successful 802.1x authentication. (Choose three) A. authentication order B. posture status C. authentication priority D. vlan E. DACL F. reauthentication timer Answer: DEF QUESTION 255 With which two appliance-based products can Cisco Prime infrastructure integrate to perform centralized management? A. Cisco content security appliance B. Cisco email security appliance C. Cisco wireless location appliance D. Cisco Mobility Services Engine E. Cisco ISE Answer: DE QUESTION 256 A malicious user gained network access by spoofing printer connections that were authorized using MAB on four different switch ports at the same time. What two catalyst switch security features will prevent further violations? (Choose two) A. DHCP Snooping B. 802.1AE MacSec C. Port security D. IP Device tracking E. Dynamic ARP inspection F. Private VLANs Answer: AE QUESTION 257 Refer to exhibit, which statement about the authentication protocol used in the configuration is true? aaa new model tacacs-server host 126.96.36.199 single connection tacas-server key cisco123 A. Authentication request contains username, encrypted password, NAS IP address, and port. B. Authentication and authorization requests are sent in a single open connection between the network device and the TACACS+ server C. Authentication request contains username, password, NAS IP address and port. D. Authentication and authorization request packets are grouped together in a single packet. Answer: B QUESTION 258 Which option is the code field of n EAP packet? A. one byte and 1=request, 2=response 3=failure 4=success B. two byte and 1=request, 2=response, 3=success, 4=failure C. two byte and 1=request 2=response 3=failure 4=success D. one byte and 1=request 2=response 3=success 4=failure Answer: D Full Version: Dear visitor, you need to Register or Login to view links on Certify Chat.