Which port does cisco ISE use for native supplicant provisioning of a windows computer?

A. TCP/UDP 8905

B. TCP 8443

C. TCP/UDP 8909

D. TCP 443

An administrator is adding a switch to the network that is running cisco ISE and is only for IP phones. the phones do not have the ability to authenticate via 802.1x. Which command is needed on each switch port for authentication?

A. dot1x system-auth-control

B. enable bypass-mac

C. enable network-authentication

D. mab

An engineer is starting to implement a wired 802.1X project throughout the campus. The task is for failed authentication to be logged to Cisco ISE and also have a minimal impact on the users. Which command must the engineer configure?

A. monitor-mode enabled

B. authentication host-mode multi-auth

C. authentication open

D. pae dot1x enabled

An engineer must develop a policy that utilizes AD group membership on Cisco ISE. Which type of policy element must the engineer configure to create an AD group within a policy?

A. conditions

B. results

C. dictionaries

D. smart conditions

An engineer is configuring a guest password policy and needs to ensure that the password complexity requirements are set to mitigate brute force attacks. Which two requirement complete this policy? (Choose two)

A. minimum password length

B. active username limit

C. access code control

D. gpassword expiration period

E. username expiration date

A company is attempting to improve their BYOD policies and restrict access based on certain criteria

The company's subnets are organized by building. Which attribute should be used in order to gain access based on location?

A. static group assignment

B. IP address

C. device registration status

D. MAC address

A new employee just connected their workstation to a Cisco IP phone. The network administrator wants to ensure that the Cisco IP phone remains online when the user disconnects their Workstation from the corporate network Which CoA configuration meets this requirement?

A. Port Bounce

B. Reauth

C. NoCoA

D. Disconnect

An organization has a fully distributed Cisco ISE deployment. When implementing probes, an administrator must scan for unknown endpoints to learn the IP-to-MAC address bindings The scan is complete on one PSN, but the information is not available on the others.

What must be done to make the information available?

A. Cisco ISE must be configured to learn the IP-MAC binding of unknown endpoints via RADIUS authentication, not via scanning.

B. Cisco ISE must learn the IP-MAC binding of unknown endpoints via DHCP profiling, not via scanning.

C. Scanning must be initiated from the MnT node to centrally gather the information.

D. Scanning must be initiated from the PSN that last authenticated the endpoint.

An administrator is configuring a switch port for use with 802.1X.

What must be done so that the port will allow voice and multiple data endpoints?

A. Connect a hub to the switch port to allow multiple devices access after authentication.

B. Configure the port with the authentication host-mode multi-auth command.

C. Connect the data devices to the port, then attach the phone behind them.

D. Use the command authentication host-mode multi-domain on the port.

An administrator is troubleshooting an endpoint that is supposed to bypass 802.1X and use MAB. The endpoint is bypassing 802.1X and successfully getting network access using MAB, however the endpoint cannot communicate because it cannot obtain an IP address.

What is the problem?

A. The endpoint is using the wrong protocol to authenticate with Cisco ISE.

B. The 802.1X timeout period is too long.

C. The DHCP probe for Cisco ISE is not working as expected.

D. An ACL on the port is blocking HTTP traffic.