Implementing Cisco Secure Access Solutions (SISAS)

 

QUESTION 61

Which two Cisco ISE administration options are available in the Default Posture Status setting? (Choose two.)

 

A.

Unknown

B.

Compliant

C.

FailOpen

D.

FailClose

E.

Noncompliant

Correct Answer: BE

 

 

QUESTION 62

Which authorization method is the Cisco best practice to allow endpoints access to the Apple App store or Google Play store with Cisco WLC software version 7.6 or newer?

 

A.

dACL

B.

DNS ACL

C.

DNS ACL defined in Cisco ISE

D.

redirect ACL

 

Correct Answer: B

 

 

QUESTION 63

Where is client traffic decrypted in a controller-based wireless network protected with WPA2 Security?

 

A.

Access Point

B.

Switch

C.

Wireless LAN Controller

D.

Authentication Server

 

Correct Answer: A

 

 

QUESTION 64

Which two switchport commands enable MAB and allow non-802.1X capable devices to immediately run through the MAB process? (Choose two.)

 

A.

authentication order mab dot1x

B.

authentication order dot1x mab

C.

no authentication timer

D.

dot1x timeout tx-period

E.

authentication open

F.

mab

 

Correct Answer: AF

 

 

QUESTION 65

Which two are valid ISE posture conditions? (Choose two.)

 

A.

Dictionary

B.

memberOf

C.

Profile status

D.

File

E.

Service

 

Correct Answer: DE

 

 

QUESTION 66

Which condition triggers wireless authentication?

 

A.

NAS-Port-Type is set to IEEE 802.11.

B.

Framed-Compression is set to None.

C.

Service-Type is set to Framed.

D.

Tunnel-Type is set to VLAN.

 

Correct Answer: A

 

 

QUESTION 67

Which ISE feature is used to facilitate a BYOD deployment?

 

A.

self-service personal device registration and onboarding

B.

Guest Service Sponsor Portal

C.

Local Web Auth

D.

Guest Identity Source Sequence

 

Correct Answer: A

 

 

QUESTION 68

Which effect does the ip http secure-server command have on a Cisco ISE?

 

A.

It enables the HTTP server for users to connect on the command line.

B.

It enables the HTTP server for users to connect by using web-based authentication.

C.

It enables the HTTPS server for users to connect by using web-based authentication.

D.

It enables the HTTPS server for users to connect on the command line.

 

Correct Answer: C

 

 

QUESTION 69

Cisco 802.1X phasing enables flexible deployments through the use of open, low-impact, and closed modes. What is a unique characteristic of the most secure mode?

 

A.

Granular ACLs applied prior to authentication

B.

Per user dACLs applied after successful authentication

C.

Only EAPoL traffic allowed prior to authentication

D.

Adjustable 802.1X timers to enable successful authentication

 

Correct Answer: C

 

 

QUESTION 70

What are two actions that can occur when an 802.1X-enabled port enters violation mode? (Choose two.)

 

A.

The port is error disabled.

B.

The port drops packets from any new device that sends traffic to the port.

C.

The port generates a port resistance error.

D.

The port attempts to repair the violation.

E.

The port is placed in quarantine state.

F.

The port is prevented from authenticating indefinitely.

 

Correct Answer: AB

 

Free VCE & PDF File for Cisco 300-208 Practice Test

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …