Download Implementing Cisco Secure Access Solutions (SISAS).prep4sure.300-208.2018-08-04.1e.186q.vcex

Download Exam

File Info

Exam Implementing Cisco Secure Access Solutions
Number 300-208
File Name Implementing Cisco Secure Access Solutions (SISAS).prep4sure.300-208.2018-08-04.1e.186q.vcex
Size 5.9 Mb
Posted August 04, 2018
Downloads 50

How to open VCEX & EXAM Files?

Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.

Download
ProfExam Simulator

Purchase
Coupon: EXAM_HUB

Discount: 20%

ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator
 
 


Demo Questions

Question 1
During client provisioning on a Mac OS X system, the client system fails to renew its IP address. Which change can you make to the agent profile to correct the problem?

  • A: Enable the Agent IP Refresh feature.
  • B: Enable the Enable VLAN Detect Without UI feature.
  • C: Enable CRL checking.
  • D: Edit the Discovery Host parameter to use an IP address instead of an FQDN.
Correct Answer: A



Question 2
Where is dynamic SGT classification configured?

  • A: Cisco ISE
  • B: NAD
  • C: supplicant
  • D: RADIUS proxy
Correct Answer: A



Question 3
What is the function of the SGACL policy matrix on a Cisco TrustSec domain with SGT Assignment?

  • A: It determines which access policy to apply to the endpoint.
  • B: It determines which switches are trusted within the TrustSec domain.
  • C: It determines the path the SGT of the packet takes when entering the Cisco TrustSec domain.
  • D: It lists all servers that are permitted to participate in the TrustSec domain.
  • E: It lists all hosts that are permitted to participate in the TrustSec domain.
Correct Answer: A



Question 4
You are configuring SGA on a network device that is unable to perform SGT tagging. How can the device propagate SGT information?

  • A: The device can use SXP to pass IP-address-to-SGT mappings to a TrustSec-capable hardware peer.
  • B: The device can use SXP to pass MAC-address-to-STG mappings to a TrustSec-capable hardware peer.
  • C: The device can use SXP to pass MAC-address-to-IP mappings to a TrustSec-capable hardware peer.
  • D: The device can propagate SGT information in an encapsulated security payload.
  • E: The device can use a GRE tunnel to pass the SGT information to a TrustSec-capable hardware peer.
Correct Answer: A



Question 5
Refer to the exhibit. 

 
  

The links outside the TrustSec area in the given SGA architecture are unprotected. On which two links does EAC take place? (Choose two.)

  • A: between switch 2 and switch 3
  • B: between switch 5 and host 2
  • C: between host 1 and switch 1
  • D: between the authentication server and switch 4
  • E: between switch 1 and switch 2
  • F: between switch 1 and switch 5
Correct Answer: AB



Question 6
Which three host modes support MACsec? (Choose three.)

  • A: multidomain authentication host mode
  • B: multihost mode
  • C: multi-MAC host mode
  • D: single-host mode
  • E: dual-host mode
  • F: multi-auth host mode
Correct Answer: ABD



Question 7
You are troubleshooting wired 802.1X authentications and see the following error: "Authentication failed: 22040 Wrong password or invalid shared secret." 
What should you inspect to determine the problem?

  • A: RADIUS shared secret
  • B: Active Directory shared secret
  • C: Identity source sequence
  • D: TACACS+ shared secret
  • E: Certificate authentication profile
Correct Answer: A



Question 8
Refer to the exhibit. 

 
 
 
You are troubleshooting RADIUS issues on the network and the debug radius command returns the given output. What is the most likely reason for the failure?

  • A: An invalid username or password was entered.
  • B: The RADIUS port is incorrect.
  • C: The NAD is untrusted by the RADIUS server.
  • D: The RADIUS server is unreachable.
  • E: RADIUS shared secret does not match
Correct Answer: A



Question 9
What are two possible reasons why a scheduled nightly backup of ISE to a FTP repository would fail? (Choose two.)

  • A: ISE attempted to write the backup to an invalid path on the FTP server.
  • B: The ISE and FTP server clocks are out of sync.
  • C: The username and password for the FTP server are invalid.
  • D: The server key is invalid or misconfigured.
  • E: TCP port 69 is disabled on the FTP server.
Correct Answer: AC



Question 10
Which two statements about MAB are true? (Choose two.)

  • A: It requires a preexisting database of the MAC addresses of permitted devices.
  • B: It is unable to control network access at the edge.
  • C: If MAB fails, the device is unable to fall back to another authentication method.
  • D: It is unable to link the IP and MAC addresses of a device.
  • E: It is unable to authenticate individual users.
Correct Answer: AE






CONNECT US


ProfExam
PROFEXAM WITH A 20% DISCOUNT

You can buy ProfExam with a 20% discount..

Get Now!


HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen



HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset