Implementing Cisco Secure Access Solutions (SISAS)

 

QUESTION 91

Which 802.1X command ignores Access-Reject during EAP authentication?

 

A.

dot1x pae authenticator

B.

switchport mode access

C.

authentication port-control auto

D.

authentication open

E.

authentication host-mode multi-domain

 

Correct Answer: D

 

 

QUESTION 92

What implementation must be added to the WLC to enable 802.1X and CoA for wireless endpoints?

 

A.

the ISE

B.

an ACL

C.

a router

D.

a policy server

 

Correct Answer: A

 

 

QUESTION 93

What is a requirement for posture administration services in Cisco ISE?

 

A.

at least one Cisco router to store Cisco ISE profiling policies

B.

Cisco NAC Agents that communicate with the Cisco ISE server

C.

an ACL that points traffic to the Cisco ISE deployment

D.

the advanced license package must be installed

 

Correct Answer: D

 

 

QUESTION 94

Refer to the exhibit. If a user with privilege 15 is matching this command set on Cisco ISE 2.0, which three commands can the user execute? (Choose three.)

 

clip_image002

 

A.

configure terminal

B.

show run

C.

show clock

D.

ping 10.10.100.1

E.

exit

F.

show ip interface brief

 

Correct Answer: BCF

 

 

QUESTION 95

What is the function of the SGACL policy matrix on a Cisco TrustSec domain with SGT Assignment?

 

A.

It determines which access policy to apply to the endpoint.

B.

It determines which switches are trusted within the TrustSec domain.

C.

It determines the path the SGT of the packet takes when entering the Cisco TrustSec domain.

D.

It lists all servers that are permitted to participate in the TrustSec domain.

E.

It lists all hosts that are permitted to participate in the TrustSec domain.

 

Correct Answer: A

 

 

QUESTION 96

Which two identity databases are supported when PEAP-MSCHAPv2 is used as EAP type? (Choose two.)

 

A.

Windows Active Directory

B.

LDAP

C.

RADIUS token server

D.

internal endpoint store

E.

internal user store

F.

certificate authentication profile

G.

RSA SecurID

 

Correct Answer: AE

 

 

QUESTION 97

In the command ‘aaa authentication default group tacacs local’, how is the word ‘default’ defined?

 

A.

Command set

B.

Group name

C.

Method list

D.

Login type

 

Correct Answer: C

 

 

QUESTION 98

The NAC Agent uses which port and protocol to send discovery packets to an ISE Policy Service Node?

 

A.

tcp/8905

B.

udp/8905

C.

http/80

D.

https/443

Correct Answer: B

 

 

QUESTION 99

Which feature of Cisco ASA allows VPN users to be postured against Cisco ISE without requiring an inline posture node?

 

A.

RADIUS Change of Authorization

B.

device tracking

C.

DHCP snooping

D.

VLAN hopping

 

Correct Answer: A

 

 

QUESTION 100

Which two options must be used on Cisco ISE to enable the TACACS+ feature? (Choose two.)

 

A.

TACACS External Servers

B.

TACACS+ Authentication Settings

C.

TACACS Server Sequence

D.

Enable Device Admin Service

E.

TACACS Command Sets

F.

TACACS Profiles

G.

Device Administration License

 

Correct Answer: DG

 

Free VCE & PDF File for Cisco 300-208 Practice Test

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …