[Free] 2019(Nov) EnsurePass Cisco 300-208 Dumps with VCE and PDF 121-130

Get Full Version of the Exam
http://www.EnsurePass.com/300-208.html

Question No.121

When RADIUS NAC and AAA Override are enabled for a WLC on a Cisco ISE, which two statements about RADIUS NAC are true? (Choose two.)

  1. It returns an access-accept and sends the redirection URL for all users.

  2. It establishes secure connectivity between the RADIUS server and the Cisco ISE.

  3. It allows the Cisco ISE to send a CoA request that indicates when the user is authenticated.

  4. It is used for posture assessment, so the Cisco ISE changes the user profile based on posture result.

  5. It allows multiple users to authenticate at the same time.

Correct Answer: CD

Question No.122

When you select Centralized Web Auth in the ISE Authorization Profile, which two components host the web authentication portal? (Choose two.)

  1. ISE

  2. the WLC

  3. the access point

  4. the switch

  5. the endpoints

Correct Answer: BD

Question No.123

What are two client-side requirements of the NAC Agent and NAC Web Agent installation? (Choose two.)

  1. Administrator workstation rights

  2. Active Directory Domain membership

  3. Allowing of web browser activex installation

  4. WSUS service running

Correct Answer: AC

Question No.124

What is a feature of Cisco WLC and IPS synchronization?

  1. Cisco WLC populates the ACLs to prevent repeat intruder attacks.

  2. The IPS automatically send shuns to Cisco WLC for an active host block.

  3. Cisco WLC and IPS synchronization enables faster wireless access.

  4. IPS synchronization uses network access points to provide reliable monitoring.

Correct Answer: B

Question No.125

During client provisioning on a Mac OS X system, the client system fails to renew its IP address. Which change can you make to the agent profile to correct the problem?

  1. Enable the Agent IP Refresh feature.

  2. Enable the Enable VLAN Detect Without UI feature.

  3. Enable CRL checking.

  4. Edit the Discovery Host parameter to use an IP address instead of an FQDN.

Correct Answer: A

Question No.126

Which command defines administrator CLI access in ACS5.x?

  1. Application reset-passwd acs username

  2. username username password password role admin

  3. username username password plain password role admin

  4. password-policy

Correct Answer: C

Question No.127

You are troubleshooting wired 802.1X authentications and see the following error: quot;Authentication failed: 22040 Wrong password or invalid shared secret.quot;

What should you inspect to determine the problem?

  1. RADIUS shared secret

  2. Active Directory shared secret

  3. Identity source sequence

  4. TACACS shared secret

  5. Certificate authentication profile

Correct Answer: A

Question No.128

An organization has recently deployed ISE with Trustsec capable Cisco switches and would like to allow differentiated network access based on user groups. Which solution is most suitable for achieving these goals?

  1. Cyber Threat Defense for user group control by leveraging Netflow exported from the Cisco switches and identity information from ISE

  2. MACsec in Multiple-Host Mode in order to encrypt traffic at each hop of the network infrastructure

  3. Identity-based ACLs preconfigured on the Cisco switches with user identities provided by ISE

  4. Cisco Security Group Access Policies to control access based on SGTs assigned to different user groups

Correct Answer: D

Question No.129

An organization has recently deployed ISE with the latest models of Cisco switches, and it plans to deploy Trustsec to secure its infrastructure. The company also wants to allow different network access policies for different user groups (e.g., administrators). Which solution is needed to achieve these goals?

  1. Cisco Security Group Access Policies in order to use SGACLs to control access based on SGTs assigned to different users

  2. MACsec in Multiple-Host Mode in order to open or close a port based on a single authentication

  3. Identity-based ACLs on the switches with user identities provided by ISE

  4. Cisco Threat Defense for user group control by leveraging Netflow exported from the switches and login information from ISE

Correct Answer: A

Question No.130

Which three posture states can be used for authorization rules? (Choose three.)

  1. unknown

  2. known

  3. noncompliant

  4. quarantined

  5. compliant

  6. no access

  7. limited

Correct Answer: ACE

>

Get Full Version of the Exam
300-208 Dumps
300-208 VCE and PDF

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.