Implementing Cisco Secure Access Solutions v13.0 (300-208)

Page:    1 / 18   
Total 269 questions

Which port does Cisco ISE use for native supplicant provisioning of a Windows machine?

  • A. TCP 8443
  • B. TCP/UDP 8905
  • C. TCP/UDP 8909
  • D. TCP 443


Answer : C

Explanation:
8909 : web, cisco nac agent, supplicant provisioning wizard installation
8905 : Cisco NAC agent update

A user is on a wired connection and the posture status is noncompliant.
Which state will their EPS session be placed in?

  • A. disconnected
  • B. limited
  • C. no access
  • D. quarantined


Answer : D

What is a required step when you deploy dynamic VLAN and ACL assignments?

  • A. Configure the VLAN assignment.
  • B. Configure the ACL assignment.
  • C. Configure Cisco IOS Software 802.1X authenticator authorization.
  • D. Configure the Cisco IOS Software switch for ACL assignment.


Answer : C

Which setting provides the best security for a WLAN and authenticates users against a centralized directory store?

  • A. WPA2 AES-CCMP and 801.X authentication
  • B. WPA2 AES-CCMP and PSK authentication
  • C. WPA2 TKIP and PSK authentication
  • D. WPA2 TKIP and 802.1X authentication


Answer : A

Which two components are required to connect to a WLAN network that is secured by
EAP-TLS authentication? (Choose two.)

  • A. Kerberos authentication server
  • B. AAA/RADIUS server
  • C. PSKs
  • D. CA server


Answer : B,D

Which CoA type does a Cisco ISE PSN send to a network access device when a NAG agent reports the OS patch status of a noncompliant endpoint?

  • A. CoA-Terminate
  • B. CoA-PortBounce
  • C. CoA-Reauth
  • D. CoA-Remediate


Answer : C

Explanation: If an endpoint is marked noncompliant during that download, a CoA is sent and the device is forced to reauthenticate, providing a different result (such as quarantine).

Which two options must be used on Cisco ISE to enable the TACACS+ feature? (Choose two.)

  • A. TACACS External Servers
  • B. TACACS+ Authentication Settings
  • C. TACACS Server Sequence
  • D. Enable Device Admin Service
  • E. TACACS Command Sets
  • F. TACACS Profiles
  • G. Device Administration License


Answer : D,G

In Cisco ISE 1.3 and above, which two operations are allowed on Endpoint Certificates pages for issued endpoint certificates on the admin portal? (Choose two.)

  • A. unrevoke
  • B. delete
  • C. view
  • D. export
  • E. revoke


Answer : C,E

Which three features should be enabled as best practices for MAB? (Choose three.)

  • A. MD5
  • B. IP source guard
  • C. DHCP snooping
  • D. storm control
  • E. DAI
  • F. URPF


Answer : B,C,E

What is the effect of the ip http secure-server command on a Cisco ISE?

  • A. It enables the HTTP server for users to connect on the command line.
  • B. It enables the HTTP server for users to connect using Web-based authentication.
  • C. It enables the HTTPS server for users to connect using Web-based authentication.
  • D. It enables the HTTPS server for users to connect on the command line.


Answer : C

What is the default posture status for non-agent capable devices, such as Linux and iDevices?

  • A. Unknown
  • B. Validated
  • C. Default
  • D. Compliant


Answer : D

What is the first step that occurs when provisioning a wired device in a BYOD scenario?

  • A. The smart hub detects that the physically connected endpoint requires configuration and must use MAB to authenticate.
  • B. The URL redirects to the Cisco ISE Guest Provisioning portal.
  • C. Cisco ISE authenticates the user and deploys the SPW package.
  • D. The device user attempts to access a network URL.


Answer : A

Which configuration must you perform on a switch to deploy Cisco ISE in low-impact mode?

  • A. Configure an ingress port ACL on the switchport.
  • B. Configure DHCP snooping globally.
  • C. Configure IP-device tracking.
  • D. Configure BPDU filtering.


Answer : A

What three changes require restarting the application service on an ISE node? (Choose three.)

  • A. Registering a node.
  • B. Changing the primary node to standalone.
  • C. Promoting the administration node.
  • D. Installing the root CA certificate.
  • E. Changing the guest portal default port settings.
  • F. Adding a network access device.


Answer : A,B,C

In a basic ACS deployment consisting of two servers, for which three tasks is the primary server responsible? (Choose three.)

  • A. configuration
  • B. authentication
  • C. sensing
  • D. policy requirements
  • E. monitoring
  • F. repudiation


Answer : A,B,D

Page:    1 / 18   
Total 269 questions