Cisco
300-208
Implementing Cisco Secure Access Solutions (SISAS)
Question: 1
|
A network administrator needs to implement a service that
enables granular control of IOS commands that can be executed. Which AAA
authentication method should be selected?
A. TACACS+
B. RADIUS
C. Windows Active Directory
D. Generic LDAP
Answer: A
|
Question: 2
|
An administrator can leverage which attribute to assign
privileges based on Microsoft Active Directory user groups?
A. member of
B. group
C. class
D. person
Answer: A
|
Question: 3
|
Cisco 802.1X phasing enables flexible deployments through
the use of open, low-impact, and closed modes. What is a unique characteristic
of the most secure mode?
A. Granular ACLs applied prior to authentication
B. Per user dACLs applied after successful authentication
C. Only EAPoL traffic allowed prior to authentication
D. Adjustable 802.1X timers to enable successful
authentication
Answer: C
|
Question: 4
|
A network administrator must enable which protocol
extension to utilize EAP-Chaining?
A. EAP-FAST
B. EAP-TLS
C. MSCHAPv2
D. PEAP
Answer: A
|
Question: 5
|
In the command 'aaa authentication default group tacacs
local', how is the word 'default' defined?
A. Command set
B. Group name
C. Method list
D. Login type
Answer: C
|
Question: 6
|
Changes were made to the ISE server while
troubleshooting, and now all wireless certificate authentications are failing.
Logs indicate an EAP failure. What is the most likely cause of the
problem?
A. EAP-TLS is not checked in the Allowed Protocols list
B. Certificate authentication profile is not configured
in the Identity Store
C. MS-CHAPv2-is not checked in the Allowed Protocols list
D. Default rule denies all traffic
E. Client root certificate is not included in the
Certificate Store
Answer: A
|
Question: 7
|
The NAC Agent uses which port and protocol to send
discovery packets to an ISE Policy Service Node?
A. tcp/8905
B. udp/8905
C. http/80
D. https/443
Answer: B
|
Question: 8
|
Which two conditions are valid when configuring ISE for
posturing? (Choose two.)
A. Dictionary
B. member Of
C. Profile status
D. File
E. Service
Answer: D,E
|
Question: 9
|
device (config) #aaa new-model device (config)
#tacacs-server host 209.165.200.226 device (config) #tacacs-server
host209.165.200.227 device (config) #tacacs-server key 0 $$5@#$%!!1 Which three
statements about the given configuration are true? (Choose three.)
A. TACACS+ authentication configuration is complete.
B. TACACS+ authentication configuration is incomplete.
C. TACACS+ server hosts are configured correctly.
D. TACACS+ server hosts are misconfigured.
E. The TACACS+ server key is encrypted.
F. The TACACS+ server key is unencrypted.
Answer: B,C,F
|
Question: 10
|
In AAA, what function does authentication perform?
A. It identifies the actions that the user can perform on
the device.
B. It identifies the user who is trying to access a
device.
C. It identifies the actions that a user has previously
taken.
D. It identifies what the user can access.
Answer: B
|
No comments:
Post a Comment