CCNP Security FAQ: Implement Wired and Wireless Authentication Figure: Flexible authentication. Q1. When configuring a Cisco switch for 802.1X, at which level of the configuration do the 802.1X-related commands exist? a. Global configuration only. b. Interface configuration only. c. Both at global configuration level as well as per interface. d. Enabling … [Read more...]
CCNP Security FAQ: EAP Over LAN
CCNP Security FAQ: EAP Over LAN (Also Known As 802.1X) Figure: Components of 802.1X. Q1. Which of the following is true? a. The authenticator decides whether the supplicant is allowed on the network. b. The EAP communication occurs between the supplicant and the authentication server. c. The supplicant uses RADIUS to communicate the user’s identity to the … [Read more...]
CCNP Security FAQ: Fundamentals of AAA
CCNP Security FAQ: Fundamentals of AAA Figure: Device administration. Q1. Which of the following best describes the difference between authentication and authorization? a. There is no difference between authentication and authorization. b. Authorization determines what a user may do, whereas an authentication determines what devices the user can interact with. c. … [Read more...]
CCNP Security FAQ: Profiling
CCNP Security FAQ: Profiling Q1. True or False? The profiling service is enabled by default on ISE policy service nodes. a. True b. False Answer: A. Profiler is enabled by default on all policy service nodes and standalone nodes. However, not a single probe is enabled by default in ISE 1.2. Q2. Name three ways in which an endpoint profile can be used in an authorization … [Read more...]
CCNP Security FAQ: Deploying Guest Services
CCNP Security FAQ: Deploying Guest Services. Figure: WebAuth process flow. Q1. ISE Guest Services use which of the following approaches to authenticate a user? a. Badge b. WebAuth c. TACACS+ d. SSH Answer: B. When a guest connects to the network, they are given a web-redirect authorization policy. This web redirect will intercept any attempts to browse the Internet, … [Read more...]
CCNP Security FAQ: Web Authentication
CCNP Security FAQ: Web Authentication Figure: Web authentication. Q1. Before a Cisco switch will generate a self-signed certificate, which configuration is required? a. The internal CA must be enabled. b. An IPv6 address. c. A Cisco switch cannot generate a self-signed certificate. d. A domain name. Answer: D. The Cisco switch will need the https server enabled to … [Read more...]
CCNP Security FAQ: Authorization Policies
CCNP Security FAQ: Authorization Policies Figure: Default authorization policy Q1. What is an authorization profile? a. An authorization profile is a rule in the policy table that is formatted like “IF condition THEN result.” b. An authorization profile is created to determine which identity store to validate the credentials with. c. An authorization profile is a … [Read more...]
CCNP Security FAQ: Authentication Policies
CCNP Security FAQ: Authentication Policies Figure: Default authentication policy. Q1. Which of the following is required to perform MAB from a Cisco network device? a. The RADIUS packet must have the service-type set to login and the calledstation-id populated with the MAC address of the endpoint. b. The RADIUS packet must have the service-type set to Call-Check and the … [Read more...]
CCNP Security FAQ: Initial Configuration of Cisco ISE
CCNP Security FAQ: Initial Configuration of Cisco ISE Q1. Which rights and permissions are required for the account used to join Cisco ISE to the Active Directory domain? a. Search Active Directory, Remove workstation from domain, Change passwords b. Write to Active Directory, Add workstation to organizational unit, Read properties of computer objects c. Search Active … [Read more...]
CCNP Security FAQ: A Guided Tour of the Cisco ISE Graphical User Interface
CCNP Security FAQ: A Guided Tour of the Cisco ISE Graphical User Interface Figure: Initial ISE administrative GUI login. Q1. Which is true of the Cisco ISE GUI? a. Requires a separate application to access it b. Uses a “standard,” Adobe Flash-capable web-browser c. Does not exist—ISE is only configurable via command-line interface (CLI) d. Requires Cisco Network … [Read more...]