Implementing Cisco Secure Access Solutions (SISAS)

 

QUESTION 131

An administrator can leverage which attribute to assign privileges based on Microsoft Active Directory user groups?

 

A.

member of

B.

group

C.

class

D.

person

 

Correct Answer: A

 

 

QUESTION 132

Which two authentication stores are supported to design a wire
less network using PEAP EAP-MSCHAPv2 as the authentication method? (Choose two.)

 

A.

Microsoft Active Directory

B.

ACS

C.

LDAP

D.

RSA Secure-ID

E.

Certificate Server

 

Correct Answer: AB

 

 

QUESTION 13
3

Which three statements about the Cisco wireless IPS solution are true? (Choose three.)

 

A.

It enables stations to remain in power-save mode, except at specified intervals to receive data from the access point.

B.

It detects spoofed MAC addresses.

C.

It identifies potential RF jamming attacks.

D.

It protects against frame and device spoofing.

E.

It allows the WLC to failover because of congestion.

 

Correct Answer: BCD

 

 

 

 

QUESTION 134

A network engineer is configuring HTTP based CWA on a switch. Which three configuration elements are required? (Choose three.)

 

A.

HTTP server enabled

B.

Radius authentication on the port with MAB

C.

Redirect access-list

D.

Redirect-URL

E.

HTTP secure server enabled

F.

Radius authentication on the port with 802.1x

G.

Pre-auth port based access-list

 

Correct Answer: ABC

 

 

QUESTION 135

Which three algorithms should be avoided due to security concerns? (Choose three.)

 

A.

DES for encryption

B.

SHA-1 for hashing

C.

1024-bit RSA

D.

AES GCM mode for encryption

E.

HMAC-SHA-1

F.

256-bit Elliptic Curve Diffie-Hellman

G.

2048-bit Diffie-Hellman

 

Correct Answer: ABC

 

 

QUESTION 136

Which two fields are characteristics of IEEE 802.1AE frame? (Choose two.)

 

A.

destination MAC address

B.

source MAC address

C.

802.1AE header in EtherType

D.

security group tag in EtherType

E.

integrity check value

F.

CRC/FCS

 

Correct Answer: CE

 

 

QUESTION 137

In an 802.1X authorization process, a network access device provides which three functions? (Choose three.)

 

A.

Filters traffic prior to authentication

B.

Passes credentials to authentication server

C.

Enforces policy provided by authentication server

D.

Hosts a central web authentication page

E.

Confirms supplicant protocol compliance

F.

Validates authentication credentials

 

Correct Answer: ABC

 

 

QUESTION 138

Which attribute is needed for Cisco ISE to profile a device with HTTP probe?

 

A.

user-agent

B.

OUI

C.

host-name

D.

cdp-cache-platform

E.

dhcp-class-identifier

F.

sysDescr

 

Correct Answer: A

 

 

QUESTION 139

In the command ‘aaa authentication default group tacacs local’, how is the word ‘default’ defined?

 

A.

Command set

B.

Group name

C.

Method list

D.

Login type

 

Correct Answer: C

 

 

QUESTION 140

What three changes require restarting the application service on an ISE node? (Choose three.)

 

A.

Registering a node.

B.

Changing the primary node to standalone.

C.

Promoting the administration node.

D.

Installing the root CA certificate.

E.

Changing the guest portal default port settings.

F.

Adding a network access device.

 

Correct Answer: ABC

 

Free VCE & PDF File for Cisco 300-208 Practice Test

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …