Diag3 Flashcards

1
Q
  1. Mab_CP is not able to reach allowed network resources.

Incorrect network device group configuration
Radius packet from SW2 has been sourced from an incorrect interface
authorization policy needs to be corrected on ISE for the MAB session
Authentication policy needs to be corrected on ISE for the MAB session
There is an issue with aaa login authentication method configuration on the switch
authorization condition needs to be corrected on ISE for the MAB session.
ISE has the incorrect key for the network device
SW2 port is incorrectly configured for MAB.

A

Incorrect user group configuration on ISE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
  1. Employee profile has no network connectivity.

Authentication condition needs to be corrected on ISE for the Dot1x session.
The ISE has incorrect netework device address.
Authoriztion condition needs to be corrected on ISE for the Dot1x session authentication.
SW1 is point to incorrect ISE server for Dot1x session authentication.
Incorrect use group configuration on ISE
Issue with aaa network authorization method configuration on SW1.
SW1 port is incorrectly configured for Dot1x
Authorization policy needs to be corrected on ISE for the Dot1x session.

A

Incorrect network device group configuration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
  1. Contractor Profile has issue connecting to the network

ISE unable to communicate with active Directory.
Incorrect network device Group configuration.
Issue with AD group mapping on ISE.
There is an issue with CoA configuration on ISE.
There is an issue with CoA configuration on SW2.
SW2 port is incorrectly configured for MAB authentication.
Radius packet has been sourced from an incorrect interface on SW2.
Issue with MAB authorization result configuration on ISE.

A

Incorrect network device group configuration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
  1. Site-To-Site IPSec VPN failure using FTDs.

FMC 5.2 does not support poit-to-point VPn tunnel.
FTD2 VPN policy is incorrect.
Issue with FTDs network zones configuration
R4 is missing static routes for VPN tunnel establishment.
FTD1 policy is not consistent with the topology.
FTD2 interfaces configuration is not consisitent with the topology.
Issue with FMC licensing.
FTP1 outside object are incorrectly configuration.

A

FTD2 interface configuration is not consistent with topology

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
  1. FMC not able to see the scanned events from end host protected by FireAMP connector.

Incorrect Export Group Mappping on the Cloud for FMC.
DNS is incorrectly configurated fro the cloud “Defense Center Link” resolution.
FMC should be mannually configuration fro time and NTP should be used.
Proable issue with sliding windows time range fro AMP events analysis on FMC
Cloud and FMC should not be done lookup using the same DNS.
Cloud has an incorrect next-hop.
Time Synchronization isssue with the NTP server on Cloud.
Cloud is disabled under FMC AMP management
FMC 6.2 is pointint to the incorrect DNS.

A

Cloud has an incorrect nest-hop

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
  1. Unable to add a device into Cisco DNA Center (DNAC) for network.

Incorrect Protocol used on DNAC to communicatte with SW1_v
RO community string mismatch when adding device to DNAC.
Incorrect enable password used when adding device to DNAC.
write community string missing when adding device to DNAC.
Incorrect VTY password entered when adding device to DNAC.
SW1_v interface to reach DNAC is down.
SW1_v should disable NTP
SW1_v not setup for RO community string.
SNMP version mismatch between DNAC and SW1_v.
VTY line missing authentication method.

A

Incorrect VTY password entered when adding devices to DNAC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
  1. python script is failing to retrieve network device list from Cisco DNA Center (DNAC) inventory.
    script has incorrect DNAC address.
    Management PC cannot reach DNAC
    DNAC is blocking HTTPS access.
    script is not referencing IP address of network devices.
    sctipt is calling incorrect API to retrieve device list from DNAC
    Script has incorrect DNAC login usename
    Script has incorrect DNAC login password
    Script is not configured to use service ticket for DNAC login password.
    Script is not configured to use HTTPS for DNAC access.
    DNAC does not support Python.
A

Script has incorrect DNAC login username

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
  1. Central “webAuth” is broken for the guest account.

OSE CoA authorization rule is incorrectly configured.
SW2 is not able to communicate with ISE.
Incorrect ACL is pushed for the MAB authorization profile
Switch redirect ACL is incorrectly configured.
Issue with CoA configuration on SW2.
CWA authentication rule is pointing to incorrect database.
MAB is disabled on SW2 authentication port.
Issue with CWA policy set condition on ISE.
CWA authentication rules is incorrectly configured.
SW2 belongs to incorrect device group in ISE.

A

Incorrect ACL is pushed for the MAB authorization profile.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
  1. Anyconnect ISE posture implementation is broken.

Incorrect Redict ACL configured on ASA1.
Incorrect Provisioning portal URL.
HTTP server not eabled on ASA1.
HTTPs server not eabled on ASA1.
Posture profile missing on ASA1.
Redirect ACL not properly configured in posture authorization profile.
Incorrect translation for ISE on ASA1.
No inside route on ASA1 for ISE.
Incorrect Posture policy set configuration.
Posture profile has an incorrect ISE pointer.
Issue with network device configuration on ISE.

A

Incorrect Posture policy set configuration.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

10.Device profiling is not working to deny autorization of certain category of rogue MAC address.

authorization rule is incorrectly configured.
Matching identity group should be disabled for profile.
authentication rule is incorrectly configured.
Profile is disabled
Issue with network device configuration on SWitch.
Access Policy is incorrectly configured.
profile policy rule is incorrrectly configured.
Issue with authentication port configuration on SW2
Logical profile incorrectly configured.
Issue with network device configuration on ISE.
Issue with profile rule certainly tractor configuration.
Profiler policy is disabled.

A

Profiler policy is disabled.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly