Ensurepass

Implementing Cisco Secure Access Solutions (SISAS)

 

QUESTION 161

Which protocol sends authentication and accounting in different requests?

 

A.

RADIUS

B.

TACACS+

C.

EAP-Chaining

D.

PEAP

E.

EAP-TLS

 

Correct Answer: B

 

 

QUESTION 162

Which two EAP types require server side certificates? (Choose two.)

 

A.

EAP-TLS

B.

PEAP

C.

EAP-MD5

D.

LEAP

E.

EAP-FAST

F.

MSCHAPv2

 

Correct Answer: AB

 

 

QUESTION 163

Which two profile attributes can be collected by a Cisco Catalyst Switch that supports Device Sensor? (Choose two.)

 

A.

LLDP agent information

B.

user agent

C.

DHCP options

D.

open ports

E.

operating system

F.

trunk ports

 

Correct Answer: AC

 

 

 

 

 

QUESTION 164

Which profiling probe collects the user-agent string?

 

A.

NetFlow

B.

DHCP

C.

Network Scan

D.

HTTP

 

Correct Answer: D

 

 

QUESTION 165

In a split ACS deployment with primary and secondary servers, which three statements about AAA load handling are true? (Choose three.)

 

A.

During normal operations, each server processes the full workload of both servers.

B.

If a AAA connectivity problem occurs, the servers split the full load of authentication requests.

C.

If a AAA connectivity problem occurs, each server processes the full workload of both servers.

D.

During normal operations, the servers split the full load of authentication requests.

E.

During normal operations, each server is used for specific operations, such as device administration and network admission.

F.

The primary servers are used to distribute policy information to other servers in the enterprise.

 

Correct Answer: CDE

 

 

QUESTION 166

Which statement about the Cisco ISE BYOD feature is true?

 

A.

Use of SCEP/CA is optional.

B.

BYOD works only on wireless access.

C.

Cisco ISE needs to integrate with MDM to support BYOD.

D.

Only mobile endpoints are supported.

 

Correct Answer: A

 

 

QUESTION 167

Where is dynamic SGT classification configured?

 

A.

Cisco ISE

B.

NAD

C.

supplicant

D.

RADIUS proxy

 

Correct Answer: A

 

 

QUESTION 168

Which EAP method uses a modified version of the MS-CHAP authentication protocol?

 

A.

EAP-POTP

B.

EAP-TLS

C.

LEAP

D.

EAP-MD5

 

Correct Answer: C

 

 

QUESTION 169

The NAC Agent v4.9.x uses which ports and protocols to communicate with an ISE Policy Service Node?

 

A.

tcp/8905, http/80, ftp/21

B.

tcp/8905, http/80, https/443

C.

udp/8905, telnet/23, https/443

D.

udp/8906, http/80, https/443

 

Correct Answer: B

 

 

QUESTION 170

What is the function of the SGACL policy matrix on a Cisco TrustSec domain with SGT Assignment?

 

A.

It determines which access policy to apply to the endpoint.

B.

It determines which switches are trusted within the TrustSec domain.

C.

It determines the path the SGT of the packet takes when entering the Cisco TrustSec domain.

D.

It lists all servers that are permitted to participate in the TrustSec domain.

E.

It lists all hosts that are permitted to participate in the TrustSec domain.

 

Correct Answer: A

 

Free VCE & PDF File for Cisco 300-208 Practice Test

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …