Ensurepass

Implementing Cisco Secure Access Solutions (SISAS)

 

QUESTION 141

Which feature enables the Cisco ISE DHCP profiling capabilities to determine and enforce authorization policies on mobile devices?

 

A.

disabling the DHCP proxy option

B.

DHCP option 42

C.

DHCP snooping

D.

DHCP spoofing

 

Correct Answer: A

 

 

 

QUESTION 14
2

Which three posture states can be used for authorization rules? (Choose three.)

 

A.

unknown

B.

known

C.

noncompliant

D.

quarantined

E.

compliant

F.

no access

G.

limited

 

Correct Answer: ACE

 

 

QUESTION 143

A user is on a wired connection and the posture status is noncompliant. Which state will their EPS session be placed in?

 

A.

disconnected

B.

limited

C.

no access

D.

quarantined

 

Correct Answer: D

 

 

QUESTION 144

Which five portals are provided by PSN? (Choose five.)

 

A.

guest

B.

sponsor

C.

my devices

D.

blacklist

E.

client provisioning

F.

admin

G.

monitoring and troubleshooting

 

Correct Answer: ABCDE

 

 

QUESTION 145

Which two profile attributes can be collected by a Cisco Wireless LAN Controller that supports Device Sensor? (Choose two.)

 

A.

LLDP agent information

B.

user agent

C.

DHCP options

D.

open ports

E.

CDP agent information

F.

FQDN

 

Correct Answer: BC

 

QUESTION 146

An organization has recently deployed ISE with the latest models of Cisco switches, and it plans to deploy Trustsec to secure its infrastructure. The company also wants to allow different network access policies for different user groups (e.g., administrators). Which solution is needed to achieve these goals?

 

A.

Cisco Security Group Access Policies in order to use SGACLs to control access based on SGTs assigned to different users

B.

MACsec in Multiple-Host Mode in order to open or close a port based on a single authentication

C.

Identity-based ACLs on the switches with user identities provided by ISE

D.

Cisco Threat Defense for user group control by leveraging Netflow exported from the switches and login information from ISE

 

Correct Answer: A

 

 

QUESTION 147

Refer to the exhibit. You are configuring permissions for a new Cisco ISE standard authorization profile. If you configure the Tunnel-Private-Group-ID attribute as shown, what does the value 123 represent?

 

clip_image002

 

A.

the VLAN ID

B.

the VRF ID

C.

the tunnel ID

D.

the group ID

 

Correct Answer: A

 

 

QUESTION 148

Wireless client supplicants attempting to authenticate to a wireless network are generating excessive log messages. Which three WLC authentication settings should be disabled? (Choose three.)

 

A.

RADIUS Server Timeout

B.

RADIUS Aggressive-Failover

C.

Idle Timer

D.

Session Timeout

E.

Client Exclusion

F.

Roaming

 

Correct Answer: BCD

 

 

QUESTION 149

Changes were made to the ISE server while troubleshooting, and now all wireless certificate authentications are failing. Logs indicate an EAP failure. What is the most likely cause of the problem?

 

A.

EAP-TLS is not checked in the Allowed Protocols list

B.

Certificate authentication profile is not configured in the Identity Store

C.

MS-CHAPv2-is not checked in the Allowed Protocols list

D.

Default rule denies all traffic

E.

Client root certificate is not included in the Certificate Store

 

Correct Answer: A

 

 

QUESTION 150

What
is the first step that occurs when provisioning a wired device in a BYOD scenario?

 

A.

The smart hub detects that the physically connected endpoint requires configuration and must use MAB to authenticate.

B.

The URL redirects to the Cisco ISE Guest Provisioning portal.

C.

Cisco ISE authenticates the user and deploys the SPW package.

D.

The device user attempts to access a network URL.

 

Correct Answer: A

 

Free VCE & PDF File for Cisco 300-208 Practice Test

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …