Implementing Cisco Secure Access Solutions (SISAS)

 

QUESTION 51

When RADIUS NAC and AAA Override are enabled for a WLC on a Cisco ISE, which two statements about RADIUS NAC are true? (Choose two.)

 

A.

It returns an access-accept and sends the redirection URL for all users.

B.

It establishes secure connectivity between the RADIUS server and the Cisco ISE.

C.

It allows the Cisco ISE to send a CoA request that indicates when the user is authenticated.

D.

It is used for posture assessment, so the Cisco ISE changes the user profile based on posture result.

E.

It allows multiple users to authenticate at the same time.

 

C
orrect Answer:
CD

 

 

QUESTION 52

Which two options are EAP methods supported by Cisco ISE? (Choose two.)

 

A.

EAP-FAST

B.

EAP-TLS

C.

EAP-MS-CHAPv2

D.

EAP-GTC

 

Correct Answer: AB

 

 

QUESTION 53

Which Cisco ISE 1.x protocol can be used to control admin access to network access devices?

 

A.

TACACS+

B.

RADIUS

C.

EAP

D.

Kerberos

 

Correct Answer: B

 

 

QUESTION 54

What is the purpose of the Cisco ISE Guest Service Sponsor Portal?

 

A.

It tracks and stores user activity while connected to the Cisco ISE.

B.

It securely authenticates guest users for the Cisco ISE Guest Service.

C.

It filters guest users from account holders to the Cisco ISE.

D.

It creates and manages Guest User accounts.

 

Correct Answer: D

 

 

QUESTION 55

Which option is the correct format of username in MAB authentication?

 

A.

host/LSB67.cisco.com

B.

chris@cisco.com

C.

10:41:7F:46:9F:89

D.

CISCO\chris

 

Correct Answer: C

 

 

QUESTION 56

What type of identity group is the Blacklist identity group?

 

A.

endpoint

B.

user

C.

blackhole

D.

quarantine

E.

denied systems

 

Correct Answer: A

 

 

QUESTION 57

Which setting provides the best security for a WLAN and authenticates users against a centralized directory store?

 

A.

WPA2 AES-CCMP and 801.X authentication

B.

WPA2 AES-CCMP and PSK authentication

C.

WPA2 TKIP and PSK authentication

D.

WPA2 TKIP and 802.1X authentication

 

Correct Answer: A

 

 

QUESTION 58

Which statement about Cisco ISE BYOD is true?

 

A.

Dual SSID allows EAP-TLS only when connecting to the secured SSID.

B.

Single SSID does not require endpoints to be registered.

C.

Dual SSID allows BYOD for guest users.

D.

Single SSID utilizes open SSID to accommodate different types of users.

E.

Single SSID allows PEAP-MSCHAPv2 for native supplicant provisioning.

 

Correct Answer: E

 

 

QUESTION 59

Refer to the exhibit. In a distributed deployment of Cisco ISE, which column in Figure 1 is used to fill in the Host Name field in Figure 2 to collect captures on Cisco ISE while authenticating the specific endpoint?

 

clip_image002

 < /p>

A.

Server

B.

Network Device

C.

Endpoint ID

D.

Identity

 

Correct Answer: A

 

 

QUESTION 60

Which RADIUS attribute is used primarily to differentiate an IEEE 802.1x request from a Cisco MAB request?

 

A.

RADIUS Attribute (5) NAS-Port

B.

RADIUS Attribute (6) Service-Type

C.

RADIUS Attribute (7) Framed-Protocol

D.

RADIUS Attribute (61) NAS-Port-Type

 

Correct Answer: B

 

Free VCE & PDF File for Cisco 300-208 Practice Test

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …