Deck 24: Securing Email with Cisco Email Security Appliance (300-720 SESA)

A) VLAN
B) dynamic
C) QoS
D) SGACL
E) SXP

A) continue
B) pass
C) drop
D) reject

A) The Cisco ISE server queries the internal identity store.
B) The device queries the external identity store.
C) The device queries the Cisco ISE authorization server.
D) The device queries the internal identity store.
E) The Cisco ISE server queries the external identity store.

A) TCP port 8080 must be opened between Cisco ISE and the feed server.
B) Cisco ISE has access to an internal server to download feed update.
C) Cisco ISE has a base license.
D) Cisco ISE has Internet access to download feed update.

A) Enter the IP address of the device.
B) Enter the common name.
C) Choose the hashing method.
D) Locate the CSV file for the device MAC.
E) Select the certificate template.

A) Remove the Cisco ISE machine account from the domain.
B) Search Active Directory to see if a Cisco ISE machine account already exists.
C) Set attributes on the Cisco ISE machine account.
D) Create a Cisco ISE machine account in the domain if the machine account does not already exist.

A) show authentication sessions interface Gi1/0/x output
B) show authentication sessions
C) show authentication sessions output
D) show authentication sessions interface Gi 1/0/x

A) DHCP server
B) override Interface ACL
C) static IP tunneling
D) AAA override

A) by creating a node group
B) by deploying both primary and secondary node
C) by enabling VIP
D) by utilizing RADIUS server list on the NAD

A) by embedding the security group tag in the 802.1Q header
B) by the Security Group Tag Exchange Protocol
C) by enabling 802.1AE on every network device
D) by embedding the security group tag in the IP header

A) It enables the https server for users for web authentication.
B) It enables dot1x authentication on the switch.
C) It enables MAB authentication on the switch.
D) It enables the switch to redirect users for web authentication.

A) dot1x system-auth-control
B) dot1x pae authenticator
C) aaa server radius dynamic-author
D) authentication host-mode single-host

A) endpoint already profiled in ISE
B) WEBAUTH ACL for redirection
C) Captive Portal Bypass turned on
D) valid user account in Active Directory

A) policy service, gatekeeping, and monitoring
B) administration, monitoring, and gatekeeping
C) administration, policy service, and monitoring
D) administration, policy service, gatekeeping

A) DNS
B) DHCP
C) EAP
D) HTTP

A) session-timeout
B) termination-action
C) radius-server timeout
D) idle-timeout

A) active username limit
B) password expiration period
C) access code control
D) username expiration date
E) minimum password length

A) subscriber
B) primary
C) administration
D) publisher
E) policy service

A) Authentication is redirected to the internal identity source.
B) Authentication is granted.
C) Authentication fails.
D) Authentication is redirected to the external identity source.

A) Client Provisioning
B) Client Endpoint
C) Client Profiling
D) Client Guest

A) policy service
B) monitoring
C) primary policy administrator
D) pxGrid

A) HTTPS
B) HTTP
C) SSH
D) SMTP

A) block list
B) unknown
C) allow list
D) profiled
E) endpoint

A) Application Visibility and Control
B) Supplicant Provisioning Wizard
C) My Devices Portal
D) Network Access Control

A) An endpoint that is disconnected from the network is discovered.
B) Endpoints are created through device registration for the guests.
C) An endpoint profiling policy is changed for authorization policy.
D) An authenticated, wired EAP-capable endpoint is discovered.

A) DHCP
B) HTTP
C) NMAP
D) AD

A) SNMP
B) HTTP
C) RADIUS
D) DHCP
E) NetFlow

A) permit tcp any any eq
B) ip http port
C) aaa group server radius
D) aaa group server radius proxy

A) DHCP
B) DNS
C) NMAP
D) RADIUS

A) The SAN field is populated with the end user name.
B) The CN field is populated with the endpoint host name.
C) An endpoint certificate is mandatory for the Cisco ISE BYOD.
D) An Android endpoint uses EST, whereas other operating systems use SCEP for enrollment.

A) Redirect ACL
B) Connection Type
C) Operating System
D) Windows Settings
E) iOS Settings

A) profiling
B) central web authentication
C) MAB
D) posture

A) State attribute
B) Class attribute
C) Event
D) Cisco-av-pair

A) Client Provisioning
B) BYOD
C) Guest
D) Block list

A) PEAP
B) EAP-TLS
C) EAP-MD5
D) EAP-TTLS
E) LEAP

A) Microsoft App Store
B) Cisco App Store
C) Cisco ISE directly
D) Native OTA functionality

A) qualys
B) posture
C) personas
D) nexpose

A) the minimum number that a predefined condition provides
B) the maximum number that a predefined condition provides
C) the minimum number that a device certainty factor must reach to become a member of the profile
D) the maximum number that a device certainty factor must reach to become a member of the profile

A) addition of endpoint to My Devices Portal
B) endpoint marked as lost in My Devices Portal
C) updating of endpoint dACL
D) endpoint profile transition from Apple-device to Apple-iPhone
E) endpoint profile transition from Unknown to Windows10-Workstation

A) user-presented certificate and a certificate stored in Active Directory
B) MS-CHAPv2 provided machine credentials and credentials stored in Active Directory
C) user-presented password hash and a hash stored in Active Directory
D) subject alternative name and the common name

A) It separates authorization and authentication functions.
B) It combines authorization and authentication functions.
C) It uses UDP port 49.
D) It encrypts the password only.
E) It uses TCP port 49.

A) shared secret
B) profile
C) certificate
D) SNMP version

A) Cisco Secure Services Client and Cisco Access Control Server
B) Cisco AnyConnect NAM and Cisco Identity Service Engine
C) Cisco AnyConnect NAM and Cisco Access Control Server
D) Windows Native Supplicant and Cisco Identity Service Engine

A) TCP 8905
B) TCP 8909
C) TCP 443
D) UDP 1812

A) Known
B) Monthly
C) Daily
D) Imported
E) Random

A) new AD user 802.1X authentication
B) hotspot
C) posture
D) guest AUP
E) BYOD

A) Sponsor
B) Sponsored-Guest
C) Captive-Guest
D) My Devices

A) Keep track of guest user activities.
B) Create and manage guest user accounts.
C) Configure authorization settings for guest users.
D) Authenticate guest users to Cisco ISE.

A) endpoint
B) unknown
C) blacklist
D) profiled
E) whitelist

A) MAB and if user not found, continue
B) MAB and if authentication failed, continue
C) Dot1x and if authentication failed, continue
D) Dot1x and if user not found, continue

A) ASA
B) Firepower
C) Shell
D) WLC
E) IOS

A) The SAN field is populated with the end user name.
B) The CN field is populated with the endpoint host name.
C) An endpoint certificate is mandatory for the Cisco ISE BYOD.
D) An Android endpoint uses EST, whereas other operating systems use SCEP for enrollment.

A) Command Sets
B) Server Sequence
C) Device Administration License
D) External TACACS Servers
E) Device Admin Service

A) 19005
B) 443
C) 3799
D) 8080
E) 1700

A) The secondary node restarts.
B) The primary node restarts.
C) Both nodes restart.
D) The primary node becomes standalone.

A) TCP 80
B) TCP 8905
C) TCP 8443
D) TCP 8906
E) TCP 443

A) access-challenge
B) access-accept
C) access-request
D) access-reserved
E) access-response

A) blacklist
B) unknown
C) whitelist
D) profiled
E) endpoint

A) radius-server attribute 8 include-in-access-req
B) ip device tracking
C) dot1x system-auth-control
D) radius server vsa send authentication
E) aaa authorization auth-proxy default group radius

A) compliant
B) valid
C) unknown
D) known
E) invalid

A) Client Provisioning
B) BYOD
C) Guest
D) Blacklist

A) EAP server
B) authenticator
C) supplicant
D) client

A) Microsoft App Store
B) Cisco App Store
C) Cisco ISE directly
D) Native OTA functionality

A) Client Provisioning portal
B) remediation actions
C) updates
D) access policy
E) conditions