Hello everyone

Good day.

I am looking to attempt CCNP Security ISE exam and there are few questions if you guys could answer those,

Which AAA method is mutually exclusive and can not be combined with a certificate to authenticate AnyConnect users on the ASA?

Q1

Which of the following describes Auth VLAN feature?

a. Only supported when ISE is L2 adjacent to endpoints

b. It does not require 802.1X or MAB

c. ISE is DHCP and DNS server for the subnet

d. Supports webauth but not posture

Q2

What are the product integration we use for protecting IOT via ISE PxGrid integration?

a. Stealth Watch

b. ASA

Q3

How does the SGT information carried within the SD-Acess Fabric?

a. Through Group poliy ID in VXLAN header

b. Through IP and MAC header

c. Through GRE header

Q4

Which statement is not true regarding Device Admin?

a. It allows to manage access to network resources

b. It can work with 2FA

c. It allows to manage access to Network device

Q5

Which of the following policy conditions are available for authentication policy (not authorization)? (choose 2)

a. EAP type

b. User AD group

c. User internal group

d. Wireless controller IP

e. Guest Flow

Q6

Which topic contains user information?

a. Session Directory

b. EndpointProtectionService

c. EndpointProfileMetadata

Q7

By which of the following ways can you install posture/compliance updates on ISE? (Choose 2)

a. During ISE initial setup wizard

b. On demand via the ISE posture work center UI

c. Automatically as specified in ISE posture Work center UI

d. On demand via the ISE patch UI

c. Manually by installing ISE patch

Q8

What hotspot portal setting introduced in ISE 2.1 allows an administrator to manage how a device session is controlled after the AUP is accepted?

a. SNMPQuery

b. COA type

c. Originating URL

Q9

How many profiles does Cisco provide overall?

a. 1000

b. 3000