2021/August New Braindump2go 2V0-62.21 Exam Dumps with PDF and VCE Free Updated Today! Following are some new 2V0-62.21 Real Exam Questions!
QUESTION 152
An organization wants to split their Cisco ISE deployment to separate the device administration functionalities from the mam deployment. For this to work, the administrator must deregister any nodes that will become a part of the new deployment, but the button for this option is grayed out. Which configuration is causing this behavior?
A. One of the nodes is an active PSN.
B. One of the nodes is the Primary PAN
C. All of the nodes participate in the PAN auto failover.
D. All of the nodes are actively being synched.
Answer: B
QUESTION 153
An organization is adding new profiling probes to the system to improve profiling on Oseo ISE. The probes must support a common network management protocol to receive information about the endpoints and the ports to which they are connected.
What must be configured on the network device to accomplish this goal?
A. ARP
B. SNMP
C. WCCP
D. ICMP
Answer: D
QUESTION 154
A network administrator is configuring a secondary cisco ISE node from the backup configuration of the primary cisco ISE node to create a high availability pair. The Cisco ISE CA certificates and keys must be manually backed up from the primary Cisco ISE and copied into the secondary Cisco ISE. Which command most be issued for this to work?
A. copy certificate Ise
B. application configure Ise
C. certificate configure Ise
D. Import certificate Ise
Answer: A
QUESTION 155
An employee logs on to the My Devices portal and marks a currently on-boarded device as `Lost’. Which option is correct?
A. Certificates provisioned to the device are not revoked
B. BYOD Registration status is updated to No
C. The device access has been denied
D. BYOD Registration status is updated to Unknown.
E. The device status is updated to Stolen
Answer: AE
QUESTION 156
An administrator connects an HP printer to a dot1x enable port, but the printer in not accessible. Which feature must the administrator enable to access the printer?
A. MAC authentication bypass
B. change of authorization
C. TACACS authentication
D. RADIUS authentication
Answer: A
QUESTION 157
A new employee just connected their workstation to a Cisco IP phone. The network administrator wants to ensure that the Cisco IP phone remains online when the user disconnects their Workstation from the corporate network. Which CoA configuration meets this requirement?
A. Port Bounce
B. Reauth
C. NoCoA
D. Disconnect
Answer: C
QUESTION 158
An administrator is configuring cisco ISE lo authenticate users logging into network devices using. Which action ensures the users are able to log into the network devices?
A. Enable the device administration service in the Administration persona
B. Enable the session services in the administration persona
C. Enable the service sessions in the PSN persona.
D. Enable the device administration service in the PSN persona.
Answer: A
QUESTION 159
A network administrator must use Cisco ISE to check whether endpoints have the correct version of antivirus installed. Which action must be taken to allow this capability?
A. Configure a native supplicant profile to be used for checking the antivirus version
B. Configure Cisco ISE to push the HostScan package to the endpoints to check for the antivirus version.
C. Create a Cisco AnyConnect Network Visibility Module configuration profile to send the antivirus information of the endpoints to Cisco ISE.
D. Create a Cisco AnyConnect configuration within Cisco ISE for the Compliance Module and associated configuration files
Answer: C
QUESTION 160
A network administrator must configura endpoints using an 802 1X authentication method with EAP identity certificates that are provided by the Cisco ISE. When the endpoint presents the identity certificate to Cisco ISE to validate the certificate, endpoints must be authorized to connect to the network. Which EAP type must be configured by the network administrator to complete this task?
A. EAP-PEAP-MSCHAPv2
B. EAP-TTLS
C. EAP-FAST
D. EAP-TLS
Answer: C
QUESTION 161
An engineer is creating a new TACACS* command set and cannot use any show commands after togging into the device with this command set authorization. Which configuration is causing this issue?
A. Question marks are not allowed as wildcards for command sets.
B. The command set is allowing all commands that are not in the command list
C. The wildcard command listed is in the wrong format
D. The command set is working like an ACL and denying every command.
Answer: A
QUESTION 162
An organization is migrating its current guest network to Cisco ISE and has 1000 guest users in the current database. There are no resources to enter this information into the Cisco ISE database manually. What must be done to accomplish this task effciently?
A. Use a CSV file to import the guest accounts
B. Use SOL to link me existing database to Ctsco ISE
C. Use a JSON fie to automate the migration of guest accounts
D. Use an XML file to change the existing format to match that of Cisco ISE
Answer: C
QUESTION 163
MacOS users are complaining about having to read through wordy instructions when remediating their workstations to gam access to the network. Which alternate method should be used to tell users how to remediate?
A. URL link
B. message text
C. executable
D. file distribution
Answer: A
QUESTION 164
Refer to the exhibit. Which component must be configured to apply the SGACL?
A. egress router
B. host
C. secure server
D. ingress router
Answer: A
QUESTION 165
What does a fully distributed Cisco ISE deployment include?
A. PAN and PSN on the same node while MnTs are on their own dedicated nodes.
B. PAN and MnT on the same node while PSNs are on their own dedicated nodes.
C. All Cisco ISE personas on their own dedicated nodes.
D. All Cisco ISE personas are sharing the same node.
Answer: B
QUESTION 166
A network engineer has been tasked with enabling a switch to support standard web authentication for Cisco ISE. This must include the ability to provision for URL redirection on authentication. Which two commands must be entered to meet this requirement? (Choose two)
A. Ip http secure-authentication
B. Ip http server
C. Ip http redirection
D. Ip http secure-server
E. Ip http authentication
Answer: DE
QUESTION 167
An engineer is configuring a dedicated SSID for onboarding devices.
Which SSID type accomplishes this configuration?
A. dual
B. hidden
C. broadcast
D. guest
Answer: D
QUESTION 168
An engineer is implementing network access control using Cisco ISE and needs to separate the traffic based on the network device ID and use the IOS device sensor capability.
Which probe must be used to accomplish this task?
A. HTTP probe
B. NetFlow probe
C. network scan probe
D. RADIUS probe
Answer: A
QUESTION 169
An administrator is trying to collect metadata information about the traffic going across the network to gam added visibility into the hosts. This Information will be used to create profiling policies for devices us mg Cisco ISE so that network access policies can be used.
What must be done to accomplish this task?
A. Configure the RADIUS profiling probe within Cisco ISE
B. Configure NetFlow to be sent to me Cisco ISE appliance.
C. Configure SNMP to be used with the Cisco ISE appliance
D. Configure the DHCP probe within Cisco ISE
Answer: B
QUESTION 170
A laptop was stolen and a network engineer added it to the block list endpoint identity group.
What must be done on a new Cisco ISE deployment to redirect the laptop and restrict access?
A. Select DenyAccess within the authorization policy.
B. Ensure that access to port 8443 is allowed within the ACL.
C. Ensure that access to port 8444 is allowed within the ACL.
D. Select DROP under If Auth fail within the authentication policy.
Answer: D
QUESTION 171
An administrator is migrating device administration access to Cisco ISE from the legacy TACACS+ solution that used only privilege 1 and 15 access levels. The organization requires more granular controls of the privileges and wants to customize access levels 2-5 to correspond with different roles and access needs. Besides defining a new shell profile in Cisco ISE.
What must be done to accomplish this configuration?
A. Enable the privilege levels in Cisco ISE
B. Enable the privilege levels in the IOS devices.
C. Define the command privileges for levels 2-5 in the IOS devices
D. Define the command privileges for levels 2-5 in Cisco ISE
Answer: C
QUESTION 172
An administrator is configuring RADIUS on a Cisco switch with a key set to Cisc403012128 but is receiving the error “Authentication failed: 22040 Wrong password or invalid shared secret.”.
What must be done to address this issue?
A. Add the network device as a NAD inside Cisco ISE using the existing key.
B. Configure the key on the Cisco ISE instead of the Cisco switch.
C. Use a key that is between eight and ten characters.
D. Validate that the key is correct on both the Cisco switch as well as Cisco ISE.
Answer: A
QUESTION 173
Drag and Drop Question
Drag the descriptions on the left onto the components of 802.1X on the right.
Answer:
Resources From:
1.2021 Latest Braindump2go 2V0-62.21 Exam Dumps (PDF & VCE) Free Share:
https://www.braindump2go.com/2v0-62-21.html
2.2021 Latest Braindump2go 2V0-62.21 PDF and 2V0-62.21 VCE Dumps Free Share:
https://drive.google.com/drive/folders/12MaFoR929Bpkhq13hFtTl-7GFnFO1awo?usp=sharing
3.2021 Free Braindump2go 2V0-62.21 Exam Questions Download:
https://www.braindump2go.com/free-online-pdf/2V0-62.21-PDF-Dumps(152-173).pdf
Free Resources from Braindump2go,We Devoted to Helping You 100% Pass All Exams!