CCNP Security FAQ: Deploying Guest Services.
Figure: WebAuth process flow.
Q1. ISE Guest Services use which of the following approaches to authenticate a user?
a. Badge
b. WebAuth
c. TACACS+
d. SSH
Q2. The sponsor and guest portals can run on which of the following ISE personas?
a. Admin
b. MnT
c. PSN
d. a and b
e. a and c
f. b and c
Q3. True or False: A network administrator can customize the guest portals to run on any port greater than 1024.
a. True
b. False
Q4. Which default sponsor groups are available on ISE? (Select three.)
a. SponsorAllAccounts
b. SponsorADAccounts
c. SponsorAdministrator
d. SponsorGroupGrpAccounts
e. SponsorAllUsers
f. SponsorGroupOwnAccounts
Q5. When using Active Directory group membership as authentication and authorization for sponsors, which of the following must occur?
a. ISE must be associated to the domain.
b. The sponsor must create all guest accounts on the Active Directory Server.
c. The Active Directory identity store must be part of the identity source sequence for the sponsor portal.
d. a and b.
e. b and c.
f. a and c.
Q6. Under the Operations tab of the portal configuration page, which of the following items can be configured?
a. Guest Device Registration
b. Allow or Require Guest to change password
c. Guest Self-Service
d. Acceptable Use Policy frequency
e. All of the above
Q7. What are the three configurable options for a sponsor group?
a. Authorization Levels, Guest Roles, Time Profiles
b. Access-List, VLAN, Security Group Tag
c. Switch, Router, Firewall
d. Centralized WebAuth, Network Supplicant Provisioning, Device Registration Webpage
Q8. Which of the following are options for provisioning guest accounts on Cisco ISE?
a. Guest, Contractor, Consultant
b. OneDay, OneWeek, OneMonth
c. Individual, Import, Random
d. Full, Basic, InternetOnly
Q9. Which security policy must be enabled on the Guest WLAN/SSID to facilitate WebAuth on a Cisco WLC?
a. WPA2 with 802.1X Key Management
b. WPA2 with 802.1X and CCKM Key Management
c. MAC Filtering and RADIUS NAC
d. Open
Q10. To verify a guest user’s access policy on a Cisco switch, you should run which of the following commands?
a. show crypto ipsec sa
b. show aaa authorization <username> details
c. show authorization level guest interface <if_name>
d. show authentication sessions interface <if_name> details