Ensurepass.com : Ensure you pass the IT Exams
2018 Mar Cisco Official New Released 300-208
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/300-208.html
Implementing Cisco Secure Access Solutions
Question No: 121
Which two EAP types require server side certificates? (Choose two.)
-
EAP-TLS
-
EAP-FAST/TLS
-
EAP-MD5
-
EAP-PEAP
-
EAP-FAST/GTC
Answer: A,D
Question No: 122
Which command is useful when troubleshooting AAA Authentication between a Cisco router and the AAA server?
-
test aaa-server test cisco cisco123 all new-code
-
test aaa group7 tacacs auth cisco123 new-code
-
test aaa group tacacs cisco cisco123 new-code
-
test aaa-server tacacs group7 cisco cisco123 new-code
Answer: C
Question No: 123
Which statement about a distributed Cisco ISE deployment is true?
-
It can support up to two monitoring Cisco ISE nodes for high availability.
-
It can support up to three load-balanced Administration ISE nodes.
-
Policy Service ISE nodes can be configured in a redundant failover configuration.
-
The Active Directory servers of Cisco ISE can be configured in a load-balanced configuration.
Answer: A
Question No: 124 CORRECT TEXT
which command used to enable SGACL globally ?
Answer: cts role-based-enforcement
Question No: 125
Which RADIUS attribute can be used to dynamically assign the Inactivity active timer for MAB users from the Cisco ISE node?
-
radius-server timeout
-
idle-timeout attribute
-
session-timeout attribute
-
termination-action attribute
Answer: B
Explanation: Explanation/Reference: https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/identity-based- networking-services/
config_guide_c17-663759.html
When the inactivity timer is enabled, the switch monitors the activity from authenticated endpoints.
When the inactivity timer expires, the switch removes the authenticated session.
The inactivity timer for MAB can be statically configured on the switch port, or it can be dynamically assigned using the RADIUS Idle-Timeout attribute (Attribute 28).
Cisco recommends setting the timer using the RADIUS attribute because this approach lets gives you control over which endpoints are subject to this timer and the length of the timer for each class of endpoints.
For example, endpoints that are known to be quiet for long periods of time can be assigned a longer inactivity timer value than chatty endpoints.
Question No: 126
Scenario:
Currently, many users are expehecing problems using their AnyConnect NAM supplicant to login to the network. The rr desktop support staff have already examined and vehfed the AnyConnect NAM configuration is correct.
In this simulation, you are tasked to examine the various ISE GUI screens to determine the ISE current configurations to help isolate the problems. Based on the current ISE configurations, you will need to answer three multiple choice questions.
To access the ISE GUI, click on the ISE icon in the topology diagram to access the ISE GUI.
Not all the ISE GUI screen are operational in this simulation and some of the ISE GUI operations have been reduced in this simulation.
Not all the links on each of the ISE GUI screen works, if some of the links are not working on a screen, click Home to go back to the Home page first. From the Home page, you can access all the required screens.
To view some larger GUI screens, use the simulation window scroll bars. Some of the larger GUI screens only shows partially but will include all information required to complete this simulation.
Which two of the following statements are correct? (Choose two.)
-
The ISE is not able to successfully connect to the hq-srv.secure-x. local AD server.
-
The ISE internal endpoints database is used authenticate any users not in the Active Directory domain.
-
The ISE internal user database has two accounts enabled: student and test that maps to the Employee user identity group.
-
Guest_Portal_Sequence is a built-in identity source sequence.
Answer: B,D
Question No: 127
Which set of commands allows IPX inbound on all interfaces?
-
ASA1(config)# access-list IPX-Allow ethertype permit ipxASA1(config)# access-group IPX-Allow in interface global
-
ASA1(config)# access-list IPX-Allow ethertype permit ipxASA1(config)# access-group IPX-Allow in interface inside
-
ASA1(config)# access-list IPX-Allow ethertype permit ipxASA1(config)# access-group IPX-Allow in interface outside
-
ASA1(config)# access-list IPX-Allow ethertype permit ipxASA1(config)# access-group IPX-Allow out interface global
Answer: A
Question No: 128
Which two profile attributes can be collected by a Cisco Catalyst Switch that supports Device Sensor? (Choose two.)
-
LLDP agent information
-
user agent
-
DHCP options
-
open ports
-
operating system
-
trunk ports
Answer: A,C
Question No: 129
Which valid external identity source can be used with Cisco ISE?
-
IPsec vpn authentication
-
smart card
-
local user name and password
-
TACACS token
Answer: B
Question No: 130 CORRECT TEXT
The Secure-X company has started to tested the 802.1X authentication deployment using the Cisco Catalyst 3560-X layer 3 switch and the Cisco ISEvl2 appliance. Each employee desktop will be connected to the 802.1X enabled switch port and will use the Cisco AnyConnect NAM 802.1X supplicant to log in and connect to the network.
Your particular tasks in this simulation are to create a new identity source sequence named AD_internal which will first use the Microsoft Active Directory (AD1) then use the ISE Internal User database. Once the new identity source sequence has been configured, edit the existing DotlX authentication policy to use the new AD_internal identity source sequence.
The Microsoft Active Directory (AD1) identity store has already been successfully configured, you just need to reference it in your configuration.
In addition to the above, you are also tasked to edit the IT users authorization policy so IT users who successfully authenticated will get the permission of the existing IT_Corp authorization profile.
Perform this simulation by accessing the ISE GUI to perform the following tasks:
Create a new identity source sequence named AD_internal to first use the Microsoft Active Directory (AD1) then use the ISE Internal User database
Edit the existing Dot1X authentication policy to use the new AD_internal identity source sequence:
If authentication failed-reject the access request
If user is not found in AD-Drop the request without sending a response
If process failed-Drop the request without sending a response
Edit the IT users authorization policy so IT users who successfully authenticated will get the permission of the existing IT_Corp authorization profile.
To access the ISE GUI, click the ISE icon in the topology diagram. To verify your configurations, from the ISE GUI, you should also see the Authentication Succeeded event for the it1 user after you have successfully defined the DotlX authentication policy to use the Microsoft Active Directory first then use the ISE Internal User Database to authenticate the user. And in the Authentication Succeeded event, you should see the IT_Corp authorization profile being applied to the it1 user. If your configuration is not correct and ISE can#39;t authenticate the user against the Microsoft Active Directory, you should see the Authentication Failed event instead for the it1 user.
Note: If you make a mistake in the Identity Source Sequence configuration, please delete the Identity Source Sequence then re-add a new one. The edit Identity Source Sequence function is not implemented in this simulation.
Answer: Review the explanation for full configuration and solution.
Explanation:
Step 1: create a new identity source sequence named AD_internal which will first use the Microsoft Active Directory (AD1) then use the ISE Internal User database as shown below:
Step 2: Edit the existing Dot1x policy to use the newly created Identity Source:
Then hit Done and save.
100% Ensurepass Free Download!
–Download Free Demo:300-208 Demo PDF
100% Ensurepass Free Guaranteed!
–300-208 Dumps
EnsurePass | ExamCollection | Testking | |
---|---|---|---|
Lowest Price Guarantee | Yes | No | No |
Up-to-Dated | Yes | No | No |
Real Questions | Yes | No | No |
Explanation | Yes | No | No |
PDF VCE | Yes | No | No |
Free VCE Simulator | Yes | No | No |
Instant Download | Yes | No | No |
100-105 Dumps VCE PDF
200-105 Dumps VCE PDF
300-101 Dumps VCE PDF
300-115 Dumps VCE PDF
300-135 Dumps VCE PDF
300-320 Dumps VCE PDF
400-101 Dumps VCE PDF
640-911 Dumps VCE PDF
640-916 Dumps VCE PDF
70-410 Dumps VCE PDF
70-411 Dumps VCE PDF
70-412 Dumps VCE PDF
70-413 Dumps VCE PDF
70-414 Dumps VCE PDF
70-417 Dumps VCE PDF
70-461 Dumps VCE PDF
70-462 Dumps VCE PDF
70-463 Dumps VCE PDF
70-464 Dumps VCE PDF
70-465 Dumps VCE PDF
70-480 Dumps VCE PDF
70-483 Dumps VCE PDF
70-486 Dumps VCE PDF
70-487 Dumps VCE PDF
220-901 Dumps VCE PDF
220-902 Dumps VCE PDF
N10-006 Dumps VCE PDF
SY0-401 Dumps VCE PDF