Implementing Cisco Secure Access Solutions (SISAS)

 

QUESTION 151

Which option restricts guests from connecting more than one device at a time?

 

A.

Guest Portal policy > Set Device registration portal limit

B.

Guest Portal Policy > Set Allow only one guest session per user

C.

My Devices Portal > Set Maximum number of devices to register

D.

Multi-Portal Policy > Guest users should be able to do device registration

 

Correct Answer: B

 

 

QUESTION 152

Which feature must you configure on a switch to allow it to redirect wired endpoints to Cisco ISE?

 

A.

the http secure-server command

B.

RADIUS Attribute 29

C.

the RADIUS VSA for accounting

D.

the RADIUS VSA for URL-REDIRECT

 

Correct Answer: A

 

 

QUESTION 153

What are the initial steps to configure an ACS as a TACACS server?

 

A.

1. Choose Network Devices and AAA Clients > Network Resources.2. Click Create.

B.

1. Choose Network Resources > Network Devices and AAA Clients.2. Click Create.

C.

1. Choose Network Resources > Network Devices and AAA Clients.2. Click Manage.

D.

1. Choose Network Devices and AAA Clients > Network Resources.2. Click Install.

 

Correct Answer: B

 

 

QUESTION 154

Which two EAP types require server side certificates? (Choose two.)

 


A.

EAP-TLS

B.

EAP-FAST/TLS

C.

EAP-MD5

D.

EAP-PEAP

E.

EAP-FAST/GTC

 

Correct Answer: AD

 

 

QUESTION 155

Which two Active Directory authentication methods are supported by Cisco ISE? (Choose two.)

 

A.

MS-CHAPv2

B.

PEAP

C.

PPTP

D.

EAP-PEAP

E.

PPP

 

Correct Answer: AB

 

 

QUESTION 156

Which three are required steps to enable SXP on a Cisco ASA? (Choose three).

 

A.

configure AAA authentication

B.

configure password

C.

issue the aaa authorization command aaa-server group command

D.

configure a peer

E.

configure TACACS

F.

issue the cts sxp enable command

 

Correct Answer: BDF

 

 

QUESTION 157

What is a required configuration step for an 802.1X capable switch to support dynamic VLAN and ACL assignments?

 

A.

Configure the VLAN assignment.

B.

Configure the ACL assignment.

C.

Configure 802.1X authenticator authorization.

D.

Configure port security on the switch port.

 

Correct Answer: C

 

 

 

 

 

 

QUESTION 158

A network administrator needs to implement a service that enables granular control of IOS commands that can be executed. Which AAA authentication method should be selected?

 

A.

TACACS+

B.

RADIUS

C.

Windows Active Directory

D.

Generic LDAP

 

Correct Answer: A

 

 

QUESTION 159

Which method does Cisco prefer to securely deploy guest wireless access in a BYOD implementation?

 

A.

deploying a dedicated Wireless LAN Controller in a DMZ

B.

configuring a guest SSID with WPA2 Enterprise authentication

C.

configuring guest wireless users to obtain DHCP centrally from the corporate DHCP server

D.

disabling guest SSID broadcasting

 

Correct Answer: A

 

 

QUESTION 160

Which two posture redirect ACLs and remediation DACLs must be pushed from Cisco ISE to a Cisco IOS switch if the endpoint must remediate itself? The ISE IP address is 10.201.228.76 and the IP address of the remediating server is 10.201.229.1. (Choose two.)

 

A.

ip access-l ex ACL-POSTURE-REDIRECT

deny udp any any eq domain

deny ip any host 10.201.228.76

permit tcp any any eq 80

permit tcp any any eq 443

B.

ip access-l ex ACL-POSTURE-REDIRECT

deny udp any any eq domain

deny ip any host 10.201.228.76

deny ip any host 10.201.229.1

permit tcp any any eq 80

permit tcp any any eq 443

C.

ip access-l ex ACL-POSTURE-REDIRECT

deny udp any any eq domain

permit ip any host
10.201.228.76

permit ip any host 10.201.229.1

deny ip any any

D.

POSTURE_REMEDIATION DACL

permit udp any any eq domain

permit tcp any host 10.201.228.76

permit tcp any any eq 80

permit tcp any any eq 443

E.

POSTURE_REMEDIATION DACL

permit udp any any eq domain

deny tcp any host 10.201.228.76

permit tcp any any eq 80

permit tcp any any eq 443

permit ip any host 10.210.229.1

F.

POSTURE_REMEDIATION DACL

permit udp any any eq domain

deny tcp any host 10.201.228.76

deny ip any host 10.210.229.1

permit tcp any any eq 80

permit tcp any any eq 443

 

Correct Answer: BD

 

Free VCE & PDF File for Cisco 300-208 Practice Test

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …