Ensurepass

Implementing Cisco Secure Access Solutions (SISAS)

 

QUESTION 41

Which error in a redirect ACL can cause the redirection of an endpoint to the provisioning portal to fail?

 

A.

The redirect ACL is blocking access to ports 80 and 443.

B.

The redirect ACL is applied to an incorrect SVI.

C.

The redirect ACL is blocking access to the client provisioning portal.

D.

The redirect ACL is blocking access to Cisco ISE port 8905.

 

Correct Answer: A

 

 

 

QUESTION 42

Which statement about Cisco Management Frame Protection is true?

 

A.

It enables stations to remain in power-save mode, except at specified intervals to receive data from the access point.

B.

It detects spoofed MAC addresses.

C.

It identifies potential RF jamming attacks.

D.

It protects against frame and device spoofing.

 

Correct Answer: D

 

 

QUESTION 43

Which two identity store options allow you to authorize based on group membership? (Choose two).

 

A.

Lightweight Directory Access Protocol

B.

RSA SecurID server

C.

RADIUS

D.

Active Directory

 

Correct Answer: AD

 

 

QUESTION 44

A user configured a Cisco Identity Service Engine and switch to work with downloadable access list for wired dot1x users, though it is failing to work. Which command must be added to address the issue?

 

A.

ip dhcp snooping

B.

ip device tracking

C.

dot1x pae authenticator

D.

aaa authentication dot1x default group radius

 

Correct Answer: B

 

 

QUESTION 45

A network administrator needs to determine the ability of existing network devices to deliver key BYOD services. Which tool will complete a readiness assessment and outline hardware and software capable and incapable devices?

 

A.

Prime Infrastructure

B.

Network Control System

C.

Cisco Security Manager

D.

Identity Services Engine

 

Correct Answer: A

 

 

QUESTION 46

Which statement about IOS accounting is true?

 

A.

A named list of AAA methods must be defined.

B.

A named list of accounting methods must be defined.

C.

Authorization must be configured before accounting.

D.

A named list of tracking methods must be defined.

 

Correct Answer: C

 

 

QUESTION 47

What are the initial steps must you perform to add the ISE to the WLC?

 

A.

1. With a Web browser, establish an HTTP connection to the WLC pod.

2. Navigate to Administration > Authentication > New.

3. Enter server values to begin the configuration.

B.

1. With a Web browser, establish an FTP connection to the WLC pod.

2. Navigate to Security > Administration > New.

3. Add additional security features for FTP authentication.

C.

1. With a Web browser, establish an HTTP connection to the WLC pod.

2. Navigate to Authentication > New.

3. Enter ACLs and Authentication methods to begin the configuration.

D.

1. With a Web browser connect, establish an HTTPS connection to the WLC pod.

2. Navigate to Security > Authentication > New.

3. Enter server values to begin the configuration.

 

Correct Answer: D

 

 

QUESTION 48

Which two Cisco Catalyst switch interface commands allow only a single voice device and a single data device to be connected to the IEEE 802.1X-enabled interface? (Choose two.)

 

A.

authentication host-mode single-host

B.

authentication host-mode multi-domain

C.

authentication host-mode multi-host

D.

authentication host-mode multi-auth

 

Correct Answer: AB

 

 

QUESTION 49

Certain endpoints are missing DHCP profiling data. Which option describes what can be used to determine if DHCP requests from clients are reaching Cisco ISE?

 

A.

output of show interface gigabitEthernet 0 from the CLI

B.

output of debug logging all 7 from the CLI

C.

output of show logging application profiler.log from the CLI

D.

the TCP dump diagnostic tool through the GUI

E.

the posture troubleshooting diagnostic tool through the GUI

 

Correct Answer: D

 

 

QUESTION 50

In a multi-node ISE deployment, backups are not working on the MnT node. Which ISE CLI option would help mitigate this issue?

 

A.

repository

B.

ftp-url

C.

application-bundle

D.

collector

 

Correct Answer: A

 

Free VCE & PDF File for Cisco 300-208 Practice Test

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …