Implementing Cisco Secure Access Solutions (SISAS)

 

QUESTION 111

Refer to the exhibit. The links outside the TrustSec area in the given SGA architecture are unprotected. On which two links does EAC take place? (Choose two.)

 

clip_image002

 

A.

between switch 2 and switch 3

B.

between switch 5 and host 2

C.

between host 1 and switch 1

D.

between the authentication server and switch 4

E.

< font style="font-size: 10pt" color="#000000">between switch 1 and switch 2

F.

between switch 1 and switch 5

 

Correct Answer: AB

 

 

QUESTION 112

When you select Centralized Web Auth in the ISE Authorization Profile, which two components host the web authentication portal? (Choose two.)

 

A.

ISE

B.

the WLC

C.

the access point

D.

the switch

E.

the endpoints

 

Correct Answer: BD

 

 

QUESTION 113

In Cisco ISE 1.3, which feature is available to a sponsor in a sponsor group?

 

A.

Help employees add and manage new devices by entering the MAC address for the device.

B.

Restrict sponsors from viewing guest passwords.

C.

Allow the user to download a native supplicant profile.

D.

Reinstate or delete devices that were registered previously.

 

Correct Answer: B

 

 

QUESTION 114

Which command enables static PAT for TCP port 25?

 

A.

nat (outside,inside) static 209.165.201.3 209.165.201.226 eq smtp

B.

nat static 209.165.201.3 eq smtp

C.

nat (inside,outside) static 209.165.201.3 service tcp smtp smtp

D.

static (inside,outside) 209.165.201.3 209.165.201.226 netmask 255.255.255.255

 

Correct Answer: C

 

 

QUESTION 115

Which mechanism does Cisco ISE use to force a device off the network if it is reported lost or stolen?

 

A.

CoA

B.

dynamic ACLs

C.

SGACL

D.

certificate revocation

 

Correct Answer: A

 

 

QUESTION 116

An organization has recently deployed ISE with Trustsec capable Cisco switches and would like to allow differentiated network access based on user groups. Which solution is most suitable for achieving these goals?

 

A.

Cyber Threat Defense for user group control by leveraging Netflow exported from the Cisco switches and identity information from ISE

B.

MACsec in Multiple-Host Mode in order to encrypt traffic at each hop of the network infrastructure

C.

Identity-based ACLs preconfigured on the Cisco switches with user identities provided by ISE

D.

Cisco Security Group Access Policies to control access based on SGTs assigned to different user groups

 

Correct Answer: D

 

 

QUESTION 117

Which option is one method for transporting security group tags throughout the network?

 

A.

by embedding the SGT in the IP header

B.

via Security Group Exchange Protocol

C.

by embedding the SGT in the 802.1Q header

D.

by enabling 802.1AE on every network device

 

Correct Answer: B

 

 

QUESTION 118

Which command configures console port authorization under line con 0?

 

A.

authorization default|WORD

B.

authorization exec line con 0|WORD

C.

authorization line con 0|WORD

D.

authorization exec default|WORD

 

Correct Answer: D

 

 

QUESTION 119

Which command is useful when troubleshooting AAA Authentication between a Cisco router and th
e AAA server?

 

A.

test aaa-server test cisco cisco123 all new-code

B.

test aaa group7 tacacs+ auth cisco123 new-code

C.

test aaa group tacacs+ cisco cisco123 new-code

D.

test aaa-server tacacs+ group7 cisco cisco123 new-code

 

Correct Answer: C

 

 

QUESTION 120

Which two options can a sponsor select to create bulk guest accounts from the sponsor portal? (Choose two.)

 

A.

Known

B.

Random

C.

Monthly

D.

Imported

E.

Daily

F.

Yearly

 

Correct Answer: BD

 

Free VCE & PDF File for Cisco 300-208 Practice Test

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …