Ensurepass

Implementing Cisco Secure Access Solutions (SISAS)

 

QUESTION 101

Which two types of client provisioning resources are used for BYOD implementations? (Choose two.)

 

A.

user agent

B.

Cisco NAC agent

C.

native supplicant profiles

D.

device sensor

E.

software provisioning wizards

 

Correct Answer: CE

 

 

QUESTION 102

Which operating system type needs access to the Internet to download the application that is required for BYOD on-boarding?

 

A.

iOS

B.

OSX

C.

Android

D.

Windows

 

Correct Answer: C

 

QUESTION 103

Which three st
atements describe differences between TACACS+ and RADIUS? (Choose three.)

 

A.

RADIUS encrypts the entire packet, while TACACS+ encrypts only the password.

B.

TACACS+ encrypts the entire packet, while RADIUS encrypts only the password.

C.

RADIUS uses TCP, while TACACS+ uses UDP.

D.

TACACS+ uses TCP, while RADIUS uses UDP.

E.

RADIUS uses ports 1812 and 1813, while TACACS+ uses port 49.

F.

TACACS+ uses ports 1812 and 1813, while RADIUS uses port 49

 

Correct Answer: BDE

 

 

QUESTION 104

Refer to the exhibit. Which two things must be verified if authentication is failing with this error message? (Choose two.)

 

clip_image002

 

A.

Cisco ISE EAP identity certificate is valid.

B.

CA cert chain of Cisco ISE EAP certificate is installed on the trusted certs store of the client machine.

C.

CA cert chain of the client certificate is installed on Cisco ISE.

D.

Cisco ISE HTTPS/admin certificate is valid.

E.

Cisco ISE server certificate is installed on the client.

 

Correct Answer: AB

 

 

QUESTION 105

Which three pieces of information can be found in an authentication detail report? (Choose three.)

 

A.

DHCP vendor ID

B.

user agent string

C.

the authorization rule matched by the endpoint

D.

the EAP method the endpoint is using

E.

the RADIUS username being used

F.

failed posture requirement

 

Correct Answer: CDE

 

 

QUESTION 106

Which profiling capability allows you to gather and forward network packets to an analyzer?

 

A.

collector

B.

spanner

C.

retriever

D.

aggregator

Correct Answer: A

 

 

QUESTION 107

Which two statements about Cisco NAC Agents that are installed on clients that interact with the Cisco ISE profiler are true? (Choose two.)

 

A.

They send endpoint data to AAA servers.

B.

They collect endpoint attributes.

C.

They interact with the posture service to enforce endpoint security policies.

D.

They block access from the network through noncompliant endpoints.

E.

They store endpoints in the Cisco ISE with their profiles.

F.

They evaluate clients against posture policies, to enforce requirements.

 

Correct Answer: CF

 

 

QUESTION 108

After an endpoint has completed authentication with MAB, a security violation is triggered because a different MAC address was detected. Which host mode must be active on the port?

 

A.

single-host mode

B.

multidomain authentication host mode

C.

multiauthentication host mode

D.

multihost mode

 

Correct Answer: A

 

 

QUESTION 109

Which two options are valid for configuring IEEE 802.1AE MACSec between switches in a TrustSec network? (Choose two.)

 

A.

manually on links between supported switches

B.

in the Cisco Identity Services Engine

C.

in the global configuration of a TrustSec non-seed switch

D.

dynamically on links between supported switches

E.

in the Cisco Secure Access Control System

F.

in the global configuration of a TrustSec seed switch

 

Correct Answer: AD

 

 

QUESTION 110

By default, how many days does Cisco ISE wait before it purges the expired guest accounts?

 

A.

1

B.

10

C.

15

D.

20

 

Correct Answer: C

 

Free VCE & PDF File for Cisco 300-208 Practice Test

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …