Get Full Version of the Exam
http://www.EnsurePass.com/300-208.html
Question No.121
When RADIUS NAC and AAA Override are enabled for a WLC on a Cisco ISE, which two statements about RADIUS NAC are true? (Choose two.)
-
It returns an access-accept and sends the redirection URL for all users.
-
It establishes secure connectivity between the RADIUS server and the Cisco ISE.
-
It allows the Cisco ISE to send a CoA request that indicates when the user is authenticated.
-
It is used for posture assessment, so the Cisco ISE changes the user profile based on posture result.
-
It allows multiple users to authenticate at the same time.
Correct Answer: CD
Question No.122
When you select Centralized Web Auth in the ISE Authorization Profile, which two components host the web authentication portal? (Choose two.)
-
ISE
-
the WLC
-
the access point
-
the switch
-
the endpoints
Correct Answer: BD
Question No.123
What are two client-side requirements of the NAC Agent and NAC Web Agent installation? (Choose two.)
-
Administrator workstation rights
-
Active Directory Domain membership
-
Allowing of web browser activex installation
-
WSUS service running
Correct Answer: AC
Question No.124
What is a feature of Cisco WLC and IPS synchronization?
-
Cisco WLC populates the ACLs to prevent repeat intruder attacks.
-
The IPS automatically send shuns to Cisco WLC for an active host block.
-
Cisco WLC and IPS synchronization enables faster wireless access.
-
IPS synchronization uses network access points to provide reliable monitoring.
Correct Answer: B
Question No.125
During client provisioning on a Mac OS X system, the client system fails to renew its IP address. Which change can you make to the agent profile to correct the problem?
-
Enable the Agent IP Refresh feature.
-
Enable the Enable VLAN Detect Without UI feature.
-
Enable CRL checking.
-
Edit the Discovery Host parameter to use an IP address instead of an FQDN.
Correct Answer: A
Question No.126
Which command defines administrator CLI access in ACS5.x?
-
Application reset-passwd acs username
-
username username password password role admin
-
username username password plain password role admin
-
password-policy
Correct Answer: C
Question No.127
You are troubleshooting wired 802.1X authentications and see the following error: quot;Authentication failed: 22040 Wrong password or invalid shared secret.quot;
What should you inspect to determine the problem?
-
RADIUS shared secret
-
Active Directory shared secret
-
Identity source sequence
-
TACACS shared secret
-
Certificate authentication profile
Correct Answer: A
Question No.128
An organization has recently deployed ISE with Trustsec capable Cisco switches and would like to allow differentiated network access based on user groups. Which solution is most suitable for achieving these goals?
-
Cyber Threat Defense for user group control by leveraging Netflow exported from the Cisco switches and identity information from ISE
-
MACsec in Multiple-Host Mode in order to encrypt traffic at each hop of the network infrastructure
-
Identity-based ACLs preconfigured on the Cisco switches with user identities provided by ISE
-
Cisco Security Group Access Policies to control access based on SGTs assigned to different user groups
Correct Answer: D
Question No.129
An organization has recently deployed ISE with the latest models of Cisco switches, and it plans to deploy Trustsec to secure its infrastructure. The company also wants to allow different network access policies for different user groups (e.g., administrators). Which solution is needed to achieve these goals?
-
Cisco Security Group Access Policies in order to use SGACLs to control access based on SGTs assigned to different users
-
MACsec in Multiple-Host Mode in order to open or close a port based on a single authentication
-
Identity-based ACLs on the switches with user identities provided by ISE
-
Cisco Threat Defense for user group control by leveraging Netflow exported from the switches and login information from ISE
Correct Answer: A
Question No.130
Which three posture states can be used for authorization rules? (Choose three.)
-
unknown
-
known
-
noncompliant
-
quarantined
-
compliant
-
no access
-
limited