Ensurepass

QUESTION 1

You enabled the guest session limit feature on the Cisco ISE. However, end users report that the same guest can log in from multiple devices simultaneously. Which configuration is missing on the network access device?

 

A.

RADIUS authentication

B.

RADIUS accounting

C.

DHCP required

D.

AAA override

 

Correct Answer: B

 

 

QUESTION 2

You are
installing Cisco ISE on nodes that will be used in a distributed deployment. After the initial bootstrap process, what state will the Cisco ISE nodes be in?

 

A.

Remote

B.

Policy service

C.

Administration

D.

Standalone

 

Correct Answer: D

 

 

QUESTION 3

When you configure an endpoint profiling policy rule, which option describes the purpose of the minimum certainty factor?

 

A.

It is compared to the total certainty metric of an individual endpoint to determine whether the endpoint can be trusted.

B.

It is compared to the assigned certainty value of an individual endpoint in a device database to determine whether the endpoint can be trusted.

C.

It is used to compare the policy condition to other active policies.

D.

It is used to determine the likelihood that an endpoint is an active, trusted device on the network.

 

Correct Answer: A

 

 

QUESTION 4

Which term describes a software application that seeks connectivity to the network via a network access device?

 

A.

authenticator

B.

server

C.

supplicant

D.

WLC

 

Correct Answer: C

 

 

 

 

 

QUESTION 5

What is another term for 802.11i wireless network security?

 

A.

802.1x

B.

WEP

C.

TKIP

D.

WPA

E.

WPA2

 

Correct Answer: E

 

 

QUESTION 6

Which model does Cisco support in a RADIUS change of authorization implementation?

 

A.

push

B.

pull

C.

policy

D.

security

 

Correct Answer: A

 

 

QUESTION 7

Which devices support download of environmental data and IP from Cisco ISE to SGT bindings in their SGFW implementation?

 

A.

Cisco ASA devices

B.

Cisco ISR G2 and later devices with ZBFW

C.

Cisco ISR G3 devices with ZBFW

D.

Cisco ASR devices with ZBFW

 

Correct Answer: A

 

 

QUESTION 8

Which command can check a AAA server authentication for server group Group1, user cisco, and password cisco555 on a Cisco ASA device?

 

A.

ASA# test aaa-server authentication Group1 username cisco password cisco555

B.

ASA# test aaa-server authentication group Group1 username cisco password cisco555

C.

ASA# aaa-server authorization Group1 username cisco password cisco555

D.

ASA# aaa-server authentication Group1 roger cisco555

 

Correct Answer: A

 

 

QUESTION 9

Which two Active Directory authentication methods are supported by Cisco ISE? (Choose two.)

 

A.

MS-CHAPv2

B.

PEAP

C.

PPTP

D.

EAP-PEAP

E.

PPP

 

Correct Answer: AB

 

 

QUESTION 10

Which identity store option allows you to modify the directory services that run on TCP/IP?

 

A.

Lightweight Directory Access Protocol

B.

RSA SecurID server

C.

RADIUS

D.

Active Directory

 

Correct Answer: A

 

Free VCE & PDF File for Cisco 300-208 Practice Test

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …