which port and protocol to send discovery packets to an ISE Policy Service Node?

The NAC Agent uses which port and protocol to send discovery packets to an ISE Policy Service
Node?

The NAC Agent uses which port and protocol to send discovery packets to an ISE Policy Service
Node?

A.
tcp/8905

B.
udp/8905

C.
http/80

D.
https/443

Explanation:



Leave a Reply 4

Your email address will not be published. Required fields are marked *


grassman

grassman

The SWISS protocol is a stateless request response protocol that allows NAC Agents which are running on
managed clients to discover the Cisco ISE server, and retrieve configuration and operational information. The
NAC Agent connects to the Cisco ISE server by sending SWISS unicast discovery packets out on User
Datagram Protocol (UDP) port 8905 until a Cisco ISE node that assumes the Policy Service persona
sends a response to the client. The SWISS protocol uses TCP transport for all the messages and UDP
transport for periodical requests. The NAC Agent tunnels all the SWISS requests over HTTPS and pings
the Cisco ISE SWISS UDP server for changes to its authentication and posture state.

nageil

nageil

I think you need 300-208 real questions:
QUESTION 1
How frequently does the Profiled Endpoints dashlet refresh data?

A. every 30 seconds
B. every 60 seconds
C. every 2 minutes
D. every 5 minutes

Answer: B

QUESTION 2
Which command in the My Devices Portal can restore a previously lost device to the network?

A. Reset
B. Found
C. Reinstate
D. Request

Answer: C

QUESTION 3
What is the first step that occurs when provisioning a wired device in a BYOD scenario?

A. The smart hub detects that the physically connected endpoint requires configuration and must use
MAB to authenticate.
B. The URL redirects to the Cisco ISE Guest Provisioning portal.
C. Cisco ISE authenticates the user and deploys the SPW package.
D. The device user attempts to access a network URL.

Answer: A

QUESTION 4
Which three features should be enabled as best practices for MAB? (Choose three.)

A. MD5
B. IP source guard
C. DHCP snooping
D. storm control
E. DAI
F. URPF

Answer: BCE

QUESTION 5
When MAB is configured, how often are ports reauthenticated by default?

A. every 60 seconds
B. every 90 seconds
C. every 120 seconds
D. never

Answer: D

QUESTION 6
What is a required step when you deploy dynamic VLAN and ACL assignments?

A. Configure the VLAN assignment.
B. Configure the ACL assignment.
C. Configure Cisco IOS Software 802.1X authenticator authorization.
D. Configure the Cisco IOS Software switch for ACL assignment.

Answer: C

QUESTION 7
Which model does Cisco support in a RADIUS change of authorization implementation?

A. push
B. pull
C. policy
D. security

Answer: A

QUESTION 8
You are finding that the 802.1X-configured ports are going into the error-disable state. Which command will show you the reason why the port is in the error-disable state, and which command will automatically be re-enabled after a specific amount of time? (Choose two.)

A. show error-disable status
B. show error-disable recovery
C. show error-disable flap-status
D. error-disable recovery cause security-violation
E. error-disable recovery cause dot1x
F. error-disable recovery cause l2ptguard

Answer: BD

QUESTION 9
Which of these is a configurable Cisco IOS feature that triggers notifications if an attack attempts to exhaust critical router resources and if preventative controls have been bypassed or are not working correctly?

A. Control Plane Protection
B. Management Plane Protection
C. CPU and memory thresholding
D. SNMPv3

Answer: C

QUESTION 10
Which administrative role has permission to assign Security Group Access Control Lists?

A. System Admin
B. Network Device Admin
C. Policy Admin
D. Identity Admin

Answer: C
Free version that on my Google Drive: https://drive.google.com/drive/u/0/folders/0B3Syig5i8gpDMXlWOHdFVkZmREU