300-208 - Implementing Cisco Secure Access Solutions (SISAS)
Go back to Cisco
What steps must you perform to deploy a CA-signed identify certificate on an ISE device?
1. Generate a signing request and save it as a file. 2. Download the CA server certificate. 3. Access the CA server and submit the ISE request. 4. Install the issued certificate on the ISE.
A network administrator needs to implement a service that enables granular control of IOS commands that can be executed. Which AAA authentication method should be selected?
What is the default topology type for a GET VPN?
Which two GDOI encryption keys are used within a GET VPN network? (Choose two.)
key encryption key
traffic encryption key
A network administrator needs to determine the ability of existing network devices to deliver key BYOD services. Which tool will complete a readiness assessment and outline hardware and software capable and incapable devices?
An administrator can leverage which attribute to assign privileges based on Microsoft Active Directory user groups?
Which statement is true when implementing a router with a dynamic public IP address in a crypto map based site-to-site VPN?
The tunnel establishment will fail if the router is configured as a responder only.
A network administrator must enable which protocol to utilize EAP-Chaining?
What are two benefits of DMVPN Phase 3? (Choose two.)
Administrators can use summarization of routing protocol updates from hub to spokes.
It introduces hierarchical DMVPN deployments.
Which two components are required to connect to a WLAN network that is secured by EAP-TLS authentication? (Choose two.)
Which command configures console port authorization under line con 0?
authorization exec default|WORD
Which statement about system time and NTP server configuration with Cisco ISE is true?
The system time and NTP server settings must be configured individually on each ISE node.
Which statement about Cisco Management Frame Protection is true?
It protects against frame and device spoofing.
What is the purpose of the Cisco ISE Guest Service Sponsor Portal?
It creates and manages Guest User accounts.
Which effect does the ip http secure-server command have on a Cisco ISE?
It enables the HTTPS server for users to connect by using web-based authentication.
Which are two main use cases for Clientless SSL VPN? (Choose two.)
In kiosks that are part of a shared environment
When the users do not have admin rights to install a new VPN client
Which IKEv2 feature minimizes the configuration of a FlexVPN on Cisco IOS devices?
IKEv2 Smart Defaults
When RADIUS NAC and AAA Override are enabled for WLC on a Cisco ISE, which two statements about RADIUS NAC are true? (Choose two.)
It allows the ISE to send a CoA request that indicates when the user is authenticated.
It is used for posture assessment, so the ISE changes the user profile based on posture result.
What is the first step that occurs when provisioning a wired device in a BYOD scenario?
The smart hub detects that the physically connected endpoint requires configuration and must use MAB to authenticate.
The NAC Agent v4.9.x uses which ports and protocols to communicate with an ISE Policy Service Node?
tcp/8905, http/80, https/443
Which EAP method uses a modified version of the MS-CHAP authentication protocol?
In the command 'aaa authentication default group tacacs local', how is the word 'default' defined?
In Cisco ISE, which two actions can be taken based on matching a profiler policy? (Choose two).
network scan (NMAP)
When MAB is configured, how often are ports reauthenticated by default?
The corporate security policy requires multiple elements to be matched in an authorization policy. Which elements can be combined to meet the requirement?
Network access device and time condition
What is a required configuration step for an 802.1X capable switch to support dynamic VLAN and ACL assignments?
Configure 802.1X authenticator authorization.
What is a feature of Cisco WLC and IPS synchronization?
The IPS automatically send shuns to Cisco WLC for an active host block.
Which statement about Cisco ISE BYOD is true?
Single SSID allows PEAP-MSCHAPv2 for native supplicant provisioning.
Which command enables IOS SSL VPN Smart Tunnel support for PuTTY?
appl ssh putty.exe windows
To change the title panel on the logon page of the Cisco IOS WebVPN portal, which file must you configure?
Cisco IOS WebVPN customization template
Which command in the My Devices Portal can restore a previously lost device to the network?
Which RADIUS attribute is used primarily to differentiate an IEEE 802.1x request from a Cisco MAB request?
RADIUS Attribute (6) Service-Type
Which statement describes a prerequisite for single-sign-on Netegrity Cookie Support in an IOC SSL VPN?
A Cisco plug-in must be installed on a SiteMinder server.
A user is unable to establish an AnyConnect VPN connection to an ASA. When using the Real- Time Log viewer within ASDM to troubleshoot the issue, which two filter options would the administrator choose to show only syslog messages relevant to the VPN connection? (Choose two.)
Client's public IP address
What are the initial steps to configure an ACS as a TACACS server?
1. Choose Network Resources > Network Devices and AAA Clients. 2. Click Create.
Which two Cisco Catalyst switch interface commands allow only a single voice device and a single data device to be connected to the IEEE 802.1X-enabled interface? (Choose two.)
authentication host-mode single-host
authentication host-mode multi-domain
The NAC Agent uses which port and protocol to send discovery packets to an ISE Policy Service Node?
What is a requirement for posture administration services in Cisco ISE?
the advanced license package must be installed
What implementation must be added to the WLC to enable 802.1X and CoA for wireless endpoints?
Which term describes a software application that seeks connectivity to the network via a network access device?
What user rights does an account need to join ISE to a Microsoft Active Directory domain?
Create and Delete Computer Objects
A network is configured to allow clientless access to resources inside the network. Which feature must be enabled and configured to allow SSH applications to respond on the specified port 8889?
Where is split-tunneling defined for remote access clients on an ASA?
What is the effect of the ip http secure-server command on a Cisco ISE?
It enables the HTTPS server for users to connect using Web-based authentication.
A network administrator must enable which protocol extension to utilize EAP-Chaining?
Which command enables static PAT for TCP port 25?
nat (inside,outside) static 22.214.171.124 service tcp smtp smtp
Which protocol sends authentication and accounting in different requests?
In AAA, what function does authentication perform?
It identifies the user who is trying to access a device.
Where is client traffic decrypted in a controller-based wireless network protected with WPA2 Security?
Changes were made to the ISE server while troubleshooting, and now all wireless certificate authentications are failing. Logs indicate an EAP failure. What is the most likely cause of the problem?
EAP-TLS is not checked in the Allowed Protocols list