EnsurePass
2018 Mar Cisco Official New Released 300-208
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/300-208.html

Implementing Cisco Secure Access Solutions

Question No: 41

What EAP method supports mutual certificate-based authentication?

  1. EAP-TTLS

  2. EAP-MSCHAP

  3. EAP-TLS

  4. EAP-MD5

Answer: C

Question No: 42

Scenario:

Currently, many users are expehecing problems using their AnyConnect NAM supplicant to login to the network. The rr desktop support staff have already examined and vehfed the

AnyConnect NAM configuration is correct.

In this simulation, you are tasked to examine the various ISE GUI screens to determine the ISE current configurations to help isolate the problems. Based on the current ISE configurations, you will need to answer three multiple choice questions.

To access the ISE GUI, click on the ISE icon in the topology diagram to access the ISE GUI.

Not all the ISE GUI screen are operational in this simulation and some of the ISE GUI operations have been reduced in this simulation.

Not all the links on each of the ISE GUI screen works, if some of the links are not working on a screen, click Home to go back to the Home page first. From the Home page, you can access all the required screens.

To view some larger GUI screens, use the simulation window scroll bars. Some of the larger GUI screens only shows partially but will include all information required to complete this simulation.

Ensurepass 2018 PDF and VCE

Ensurepass 2018 PDF and VCE

Determine which can be two reasons why many users like the Sales and fT users are not able to authenticate and access the network using their AnyConnect NAM client with EAP- FAST.(Choose two.)

  1. The DotlX authentication policy is not allowing the EAP-FAST protocol.

  2. The rr_Corp authorization profile has the wrong Access Type configured.

  3. The authorization profile used for the Sales users is misconfigured.

  4. The order for the MAB authentication policy and the DotlX authentication policy should be reversed.

  5. Many of the fT Sales and fT user machines are not passing the ISE posture accessment.

  6. he PERMrr_ALL_TRAFFIC DACL is missing the permit ip any any statement it the end.

  7. The Employee_FullAccess_DACL DACL is missing the permit ip any any statement in the end.

Answer: A,D

Question No: 43

You are configuring SGA on a network device that is unable to perform SGT tagging. How can the device propagate SGT information?

  1. The device can use SXP to pass IP-address-to-SGT mappings to a TrustSec-capable hardware peer.

  2. The device can use SXP to pass MAC-address-to-STG mappings to a TrustSec-capable hardware peer.

  3. The device can use SXP to pass MAC-address-to-IP mappings to a TrustSec-capable hardware peer.

  4. The device can propagate SGT information in an encapsulated security payload.

  5. The device can use a GRE tunnel to pass the SGT information to a TrustSec-capable hardware peer.

Answer: A

Question No: 44

Which EAP method uses a modified version of the MS-CHAP authentication protocol?

  1. EAP-POTP

  2. EAP-TLS

  3. LEAP

  4. EAP-MD5

Answer: C

Question No: 45

Refer to the exhibit.

Ensurepass 2018 PDF and VCE

In a distributed deployment of Cisco ISE, which column in Figure 1 is used to fill in the Host Name field in Figure 2 to collect captures on Cisco ISE while authenticating the specific endpoint?

  1. Server

  2. Network Device

  3. Endpoint ID

  4. Identity

Answer: A

Question No: 46

You are troubleshooting wired 802.1X authentications and see the following error: quot;Authentication failed: 22040 Wrong password or invalid shared secret.quot; What should you inspect to determine the problem?

  1. RADIUS shared secret

  2. Active Directory shared secret

  3. Identity source sequence

  4. TACACS shared secret

  5. Certificate authentication profile

Answer: A

Question No: 47

Which two statements about administrative access to the Cisco Secure ACS SE are true? (Choose two.)

  1. The Cisco Secure ACS SE supports command-line connections through a serial-port connection.

  2. For GUI access, an administrative GUI user must be created by using the add-guiadmin command.

  3. The Cisco Secure ACS SE supports command-line connections through an Ethernet interface.

  4. An ACL-based policy must be configured to allow administrative-user access.

  5. GUI access to the Cisco Secure ASC SE is not supported.

Answer: B,D

Question No: 48

Which two options must be used on Cisco ISE to enable the TACACS feature? (Choose two.)

  1. TACACS External Servers

  2. TACACS Authentication Settings

  3. TACACS Server Sequence

  4. Enable Device Admin Service

  5. TACACS Command Sets

  6. TACACS Profiles

  7. Device Administration License

Answer: D,G

Question No: 49

Which two EAP types require server side certificates? (Choose two.)

  1. EAP-TLS

  2. PEAP

  3. EAP-MD5

  4. LEAP

  5. EAP-FAST

  6. MSCHAPv2

Answer: A,B

Question No: 50

In a Cisco ISE deployment, which traffic is permitted by the default dynamic ACL?

  1. all IP traffic

  2. management traffic only

  3. TCP traffic only

  4. UDP traffic only

Answer: A

100% Free Download!
Download Free Demo:300-208 Demo PDF
100% Pass Guaranteed!
Download 2018 EnsurePass 300-208 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2018 EnsurePass IT Certification PDF and VCE