300-208 - Implementing Cisco Secure Access Solutions (SISAS)

Go back to Cisco

Example Questions

What steps must you perform to deploy a CA-signed identify certificate on an ISE device? A network administrator needs to implement a service that enables granular control of IOS commands that can be executed. Which AAA authentication method should be selected? What is the default topology type for a GET VPN? Which two GDOI encryption keys are used within a GET VPN network? (Choose two.) A network administrator needs to determine the ability of existing network devices to deliver key BYOD services. Which tool will complete a readiness assessment and outline hardware and software capable and incapable devices? An administrator can leverage which attribute to assign privileges based on Microsoft Active Directory user groups? Which statement is true when implementing a router with a dynamic public IP address in a crypto map based site-to-site VPN? A network administrator must enable which protocol to utilize EAP-Chaining? What are two benefits of DMVPN Phase 3? (Choose two.) Which two components are required to connect to a WLAN network that is secured by EAP-TLS authentication? (Choose two.) Which command configures console port authorization under line con 0? Which statement about system time and NTP server configuration with Cisco ISE is true? Which statement about Cisco Management Frame Protection is true? What is the purpose of the Cisco ISE Guest Service Sponsor Portal? Which effect does the ip http secure-server command have on a Cisco ISE? Which are two main use cases for Clientless SSL VPN? (Choose two.) Which IKEv2 feature minimizes the configuration of a FlexVPN on Cisco IOS devices? When RADIUS NAC and AAA Override are enabled for WLC on a Cisco ISE, which two statements about RADIUS NAC are true? (Choose two.) What is the first step that occurs when provisioning a wired device in a BYOD scenario? The NAC Agent v4.9.x uses which ports and protocols to communicate with an ISE Policy Service Node? Which EAP method uses a modified version of the MS-CHAP authentication protocol? In the command 'aaa authentication default group tacacs local', how is the word 'default' defined? In Cisco ISE, which two actions can be taken based on matching a profiler policy? (Choose two). When MAB is configured, how often are ports reauthenticated by default? The corporate security policy requires multiple elements to be matched in an authorization policy. Which elements can be combined to meet the requirement? What is a required configuration step for an 802.1X capable switch to support dynamic VLAN and ACL assignments? What is a feature of Cisco WLC and IPS synchronization? Which statement about Cisco ISE BYOD is true? Which command enables IOS SSL VPN Smart Tunnel support for PuTTY? To change the title panel on the logon page of the Cisco IOS WebVPN portal, which file must you configure? Which command in the My Devices Portal can restore a previously lost device to the network? Which RADIUS attribute is used primarily to differentiate an IEEE 802.1x request from a Cisco MAB request? Which statement describes a prerequisite for single-sign-on Netegrity Cookie Support in an IOC SSL VPN? A user is unable to establish an AnyConnect VPN connection to an ASA. When using the Real- Time Log viewer within ASDM to troubleshoot the issue, which two filter options would the administrator choose to show only syslog messages relevant to the VPN connection? (Choose two.) What are the initial steps to configure an ACS as a TACACS server? Which two Cisco Catalyst switch interface commands allow only a single voice device and a single data device to be connected to the IEEE 802.1X-enabled interface? (Choose two.) The NAC Agent uses which port and protocol to send discovery packets to an ISE Policy Service Node? What is a requirement for posture administration services in Cisco ISE? What implementation must be added to the WLC to enable 802.1X and CoA for wireless endpoints? Which term describes a software application that seeks connectivity to the network via a network access device? What user rights does an account need to join ISE to a Microsoft Active Directory domain? A network is configured to allow clientless access to resources inside the network. Which feature must be enabled and configured to allow SSH applications to respond on the specified port 8889? Where is split-tunneling defined for remote access clients on an ASA? What is the effect of the ip http secure-server command on a Cisco ISE? A network administrator must enable which protocol extension to utilize EAP-Chaining? Which command enables static PAT for TCP port 25? Which protocol sends authentication and accounting in different requests? In AAA, what function does authentication perform? Where is client traffic decrypted in a controller-based wireless network protected with WPA2 Security? Changes were made to the ISE server while troubleshooting, and now all wireless certificate authentications are failing. Logs indicate an EAP failure. What is the most likely cause of the problem?

Study Guides