Ensurepass

Implementing Cisco Secure Access Solutions (SISAS)

 

QUESTION 121

A network administrator must enable which protocol to utilize EAP-Chaining?

 

A.

EAP-FAST

B.

EAP-TLS

C.

MSCHAPv2

D.

PEAP

 

Correct Answer: A

 

 

QUESTION 122

During client provisioning on a Mac OS X system, the client system fails to renew its IP address. Wh
ich change can you make to the agent profile to correct the problem?

 

A.

Enable the Agent IP Refresh feature.

B.

Enable the Enable VLAN Detect Without UI feature.

C.

Enable CRL checking.

D.

Edit the Discovery Host parameter to use an IP address instead of an FQDN.

 

Correct Answer: A

 

 

QUESTION 123

You are troubleshooting wired 802.1X authentications and see the following error:

 

“Authentication failed: 22040 Wrong password or invalid shared secret.”

 

What should you inspect to determine the problem?

 

A.

RADIUS shared secret

B.

Active Directory shared secret

C.

Identity source sequence

D.

TACACS+ shared secret

E.

Certificate authentication profile

 

Correct Answer: A

 

 

QUESTION 124

Which functionality does the Cisco ISE self-provisioning flow provide?

 

A.

It provides support for native supplicants, allowing users to connect devices directly to the network.

B.

It provides the My Devices portal, allowing users to add devices to the network.

C.

It provides support for users to install the Cisco NAC agent on enterprise devices.

D.

It provides self-registration functionality to allow guest users to access the network.

 

Correct Answer: A

 

 

QUESTION 125

Where would a Cisco ISE administrator define a named ACL to use in an authorization policy?

 

A.

In the conditions of an authorization rule.

B.

In the attributes of an authorization rule.

C.

In the permissions of an authorization rule.

D.

In an authorization profile associated with an authorization rule.

Correct Answer: D

 

 

QUESTION 126

Which components must be selected for a client provisioning policy to do a Posture check on the Cisco ISE?

 

A.

Configuration Wizard, Wizard Profile

B.

Remediation Actions, Posture Requirements

C.

Operating System, Posture Requirements

D.

Agent, Profile, Compliance Module

 

Correct Answer: D

 

 

QUESTION 127

How many bits are in a security group tag?

 

A.

64

B.

8

C.

16

D.

32

 

Correct Answer: C

 

 

QUESTION 128

Which three features should be enabled as best practices for MAB? (Choose three.)

 

A.

MD5

B.

IP source guard

C.

DHCP snooping

D.

storm control

E.

DAI

F.

URPF

 

Correct Answer: BCE

 

 

QUESTION 129

Changes were made to the ISE server while troubleshooting, and now all wireless certificate authentications are failing. Logs indicate an EAP failure. What are the two possible causes of the problem? (Choose two.)

 

A.

EAP-TLS is not checked in the Allowed Protocols list

B.

Client certificate is not included in the Trusted Certificate Store

C.

MS-CHAPv2-is not checked in the Allowed Protocols list

D.

Default rule denies all traffic

E.

Certificate authentication profile is not configured in the Identity Store

 

Correct Answer: AE

 

 

QUESTION 130

When RADIUS NAC and AAA Override are enabled for WLC on a Cisco ISE, which two statements about RADIUS NAC are true? (Choose two.)

 

A.

It will return an access-accept and send the redirection URL for all users.

B.

It establishes secure connectivity between the RADIUS server and the ISE.

C.

It allows the ISE to send a CoA request that indicates when the user is authenticated.

D.

It is used for posture assessment, so the ISE changes the user profile based on posture result.

E.

It allows multiple users to authenticate at the same time.

 

Correct Answer: CD

 

Free VCE & PDF File for Cisco 300-208 Practice Test

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …