Download New Updated (Spring 2015) Cisco 300-208 Actual Tests 71-80

By | April 22, 2015

Ensurepass

 

QUESTION 71

The NAC Agent v4.9.x uses which ports and protocols to communicate with an ISE Policy Service Node?

 

A.

tcp/8905, http/80, ftp/21

B.

tcp/8905, http/80, https/443

C.

udp/8905, telnet/23, https/443

D.

udp/8906, http/80, https/443

 

Correct Answer: B

 

 

QUESTION 72

Which two are valid ISE posture conditions? (Choose two.)

 

A.

Dictionary

B.

memberOf

C.

Profile status

D.

File

E.

Service

 

Correct Answer: DE

 

 

QUESTION 73

A network engineer is configuring HTTP based CWA on a switch. Which three configuration elements are required? (Choose three.)

 

A.

HTTP server enabled

B.

Radius authentication on the port with MAB

C.

Redirect access-list

D.

Redirect-URL

E.

HTTP secure server enabled

F.

Radius authentication on the port with 802.1x

G.

Pre-auth port based access-list

 

Correct Answer: ABC

 

 

 

 

 

QUESTION 74

Which three statements describe differences between TACACS+ and RADIUS? (Choose three.)

 

A.

RADIUS encrypts the entire packet, while TACACS+ encrypts only the password.

B.

TACACS+ encrypts the entire packet, while RADIUS encrypts only the password.

C.

RADIUS uses TCP, while TACACS+ uses UDP.

D.

TACACS+ uses TCP, while RADIUS uses UDP.

E.

RADIUS uses ports 1812 and 1813, while TACACS+ uses port 49.

F.

TACACS+ uses ports 1812 and 1813, while RADIUS uses port 49

 

Correct Answer: BDE

 

 

QUESTION 75

Which two identity store options allow you to authorize based on group membership? (Choose two).

 

A.

Lightweight Directory Access Protocol

B.

RSA SecurID server

C.

RADIUS

D.

Active Directory

 

Correct Answer: AD

 

 

QUESTION 76

What attribute could be obtained from the SNMP query probe?

 

A.

FQDN

B.

CDP

C.

DHCP class identifier

D.

User agent

 

Correct Answer: B

 

 

QUESTION 77

What is a required configuration step for an 802.1X capable switch to support dynamic VLAN and ACL assignments?

 

A.

Configure the VLAN assignment.

B.

Configure the ACL assignment.

C.

Configure 802.1X authenticator authorization.

D.

Configure port security on the switch port.

 

Correct Answer: C

 

 

QUESTION 78

Which network component would issue the CoA?

 

A.

switch

B.

endpoint

C.

Admin Node

D.

Policy Service Node

 

Correct Answer: D

 

 

QUESTION 79

What steps must you perform to deploy a CA-signed identity certificate on an ISE device?

 

A.

1. Download the CA server certificate and install it on ISE.

2. Generate a signing request and save it as a file.

3. Access the CA server and submit the CA request.

4. Install the issued certificate on the ISE.

B.

1. Download the CA server certificate and install it on ISE.

2. Generate a signing request and save it as a file.

3. Access the CA server and submit the CSR.

4. Install the issued certificate on the CA server.

C.

1. Generate a signing request and save it as a file.

2. Download the CA server certificate and install it on ISE.

3. Access the ISE server and submit the CA request.

4.Install the issued certificate on the CA server.

D.

1. Generate a signing request and save it as a file.

2. Download the CA server certificate and install it on ISE.

3. Access the CA server and submit the CSR.

4. Install the issued certificate on the ISE.

 

Correct Answer: D

 

 

QUESTION 80

An organization has recently deployed ISE with Trustsec capable Cisco switches and would like to allow differentiated network access based on user groups. Which solution is most suitable for achieving these goals?

 

A.

Cyber Threat Defense for user group control by leveraging Netflow exported from the Cisco switches and identity information from ISE

B.

MACsec in Multiple-Host Mode in order to encrypt traffic at each hop of the network infrastructure

C.

Identity-based ACLs preconfigured on the Cisco switches with user identities provided by ISE

D.

Cisco Security Group Access Policies to control access based on SGTs assigned to different user groups

 

Correct Answer: D

 

Free VCE & PDF File for Cisco 300-208 Real Exam

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …