With which two appliance-based products can Cisco Prime Infrastructure integrate to perform
centralized management? (Choose two.)

Which two options are EAP methods supported by Cisco ISE? (Choose two.)

You configured wired 802.1X with EAP-TLS on Windows machines. The ISE authentication detail
report shows “EAP-TLS failed SSL/TLS handshake because of an unknown CA in the client
certificates chain.” What is the most likely cause of this error?

What type of identity group is the Blacklist identity group?

Which feature must you configure on a switch to allow it to redirect wired endpoints to Cisco
ISE?

SIMULATION
The Secure-X company has recently successfully tested the 802.1X authentication deployment
using the Cisco Catalyst switch and the Cisco ISEv1.2 appliance. Currently, each employee
desktop is connected to an 802.1X enabled switch port and is able to use the Cisco AnyConnect
NAM 802.1Xsupplicantto log in and connect to the network.
Currently, a new testing requirement is to add a network printer to the Fa0/19 switch port and
have it connect to the network. The network printer does not support 802.1X supplicant. The
Fa0/19 switch port is now configured to use 802.1X authentication only.
To support this network printer, the Fa0/19 switch port configuration needs to be edited to
enable the network printer to authenticate using its MAC address. The network printer should
also be on VLAN 9.
Another network security engineer responsible for managing the Cisco ISE has already perconfigured all the requirements on the Cisco ISE, including adding the network printer MAC
address to the Cisco ISE endpoint database and etc…
Yourtask in the simulation is to access the Cisco Catalyst Switch console then use the CLI to:
• Enable only the Cisco Catalyst Switch Fa0/19 switch port to authenticate the network printer
using its MAC address and:
• Ensure that MAC address authentication processing is not delayed until 802.1Xfails
• Ensure that even if MAC address authentication passes, the switch will still perform 802.1X
authentication if requested by a 802.1X supplicant
• Use the required show command to verify the MAC address authentication on the Fa0/19 is
successful
The switch enable password is Cisco
For the purpose of the simulation, to test the network printer, assume the network printer will
be unplugged then plugged back into the Fa0/19 switch port after you have finished the
required configurations on the Fa0/19 switch port.
Note: For this simulation, you will not need and do not have access to the ISE GUI To access the
switch CLI, click the Switch icon in the topology diagram

SIMULATION
The Secure-X company has started to tested the 802.1X authentication deployment using the
Cisco Catalyst 3560-X layer 3 switch and the Cisco ISEvl2 appliance. Each employee desktop will
be connected to the 802.1X enabled switch port and will use the Cisco AnyConnect NAM
802.1X supplicant to log in and connect to the network.
Your particular tasks in this simulation are to create a new identity source sequence named
AD_internal which will first use the Microsoft Active Directory (AD1) then use the ISE Internal
User database. Once the new identity source sequence has been configured, edit the existing
DotlX authentication policy to use the new AD_internal identity source sequence.
The Microsoft Active Directory (AD1) identity store has already been successfully configured,
you just need to reference it in your configuration.

In addition to the above, you are also tasked to edit the IT users authorization policy so IT users
who successfully authenticated will get the permission of the existing IT_Corp authorization
profile.
Perform this simulation by accessing the ISE GUI to perform the following tasks:
• Create a new identity source sequence named AD_internal to first use the Microsoft Active
Directory (AD1) then use the ISE Internal User database
• Edit the existing Dot1X authentication policy to use the new AD_internal identity source
sequence:
• If authentication failed-reject the access request
• If user is not found in AD-Drop the request without sending a response
• If process failed-Drop the request without sending a response
• Edit the IT users authorization policy so IT users who successfully authenticated will get the
permission of the existing IT_Corp authorization profile.
To access the ISE GUI, click the ISE icon in the topology diagram. To verify your configurations,
from the ISE GUI, you should also see the Authentication Succeeded event for the it1 user after
you have successfully defined the DotlX authentication policy to use the Microsoft Active
Directory first then use the ISE Internal User Database to authenticate the user. And in the
Authentication Succeeded event, you should see the IT_Corp authorization profile being
applied to the it1 user. If your configuration is not correct and ISE can’t authenticate the user
against the Microsoft Active Directory, you should see the Authentication Failed event instead
for the it1 user.
Note: If you make a mistake in the Identity Source Sequence configuration, please delete the
Identity Source Sequence then re-add a new one. The edit Identity Source Sequence function is
not implemented in this simulation.

In this simulation, you are task to examine the various authentication events using the ISE GUI.
For example, you should see events like Authentication succeeded. Authentication failed and
etc…

Which four statements are correct regarding the event that occurred at 2014-05-07
00:19:07.004? (Choose four.)

In this simulation, you are task to examine the various authentication events using the ISE GUI.
For example, you should see events like Authentication succeeded. Authentication failed and
etc…

Which three statements are correct regarding the events with the 20 repeat count that
occurred at 2014-05-07 00:22:48.748? (Choose three.)

In this simulation, you are task to examine the various authentication events using the ISE GUI.
For example, you should see events like Authentication succeeded. Authentication failed and
etc…

Which two statements are correct regarding the event that occurred at 2014-05-07
00:22:48.175? (Choose two.)