Ensurepass.com : Ensure you pass the IT Exams
2018 Aug Cisco Official New Released 300-208
100% Free Download! 100% Pass Guaranteed!
Implementing Cisco Secure Access Solutions
Question No: 81
You discover that the Cisco ISE is failing to connect to the Active Directory server. Which option is a possible cause of the problem?
-
NTP server time synchronization is configured incorrectly.
-
There is a certificate mismatch between Cisco ISE and Active Directory.
-
NAT statements required for Active Directory are configured incorrectly.
-
The RADIUS authentication ports are being blocked by the firewall.
Answer: A
Question No: 82
In a multi-node ISE deployment, backups are not working on the MnT node. Which ISE CLI option would help mitigate this issue?
-
repository
-
ftp-url
-
application-bundle
-
collector
Answer: A
Question No: 83
Which Cisco ISE feature can differentiate a corporate endpoint from a personal device?
-
EAP chaining
-
PAC files
-
authenticated in-band provisioning
-
machine authentication
Answer: A
Question No: 84
Where is dynamic SGT classification configured?
-
Cisco ISE
-
NAD
-
supplicant
-
RADIUS proxy
Answer: A
Question No: 85
Which debug command on a Cisco WLC shows the reason that a client session was
terminated?
-
debug dot11 state enable
-
debug dot1x packet enable
-
debug client mac addr
-
debug dtls event enable
-
debug ap enable cisco ap
Answer: C
Question No: 86
In AAA, what function does authentication perform?
-
It identifies the actions that the user can perform on the device.
-
It identifies the user who is trying to access a device.
-
It identifies the actions that a user has previously taken.
-
It identifies what the user can access.
Answer: B
Question No: 87
A security administrator wants to profile endpoints and gain visibility into attempted authentications. Which 802.1x mode allows these actions?
-
monitor mode
-
high-security mode
-
closed mode
-
low-impact mode
Answer: A
Explanation: Monitor ModeMonitor Mode is a process, not just a command on a switch. The process is to enable authentication (with authentication open), see exactly which devices fail and which ones succeed, and correct the failed authentications before they cause any problems.
Question No: 88
Which three algorithms should be avoided due to security concerns? (Choose three.)
-
DES for encryption
-
SHA-1 for hashing
-
1024-bit RSA
-
AES GCM mode for encryption
-
HMAC-SHA-1
-
256-bit Elliptic Curve Diffie-Hellman
-
2048-bit Diffie-Hellman
Answer: A,B,C
Question No: 89
Which advanced option within a WLAN must be enabled to trigger central web authentication for wireless users?
-
AAA override
-
Static IP tunnelling
-
Diagnostic channel
-
DHCP server Answer A
Question No: 90
Which network component would issue the CoA?
-
switch
-
endpoint
-
Admin Node
-
Policy Service Node
Answer: D
100% Ensurepass Free Download!
–300-208 PDF
100% Ensurepass Free Guaranteed!
–300-208 Dumps
| EnsurePass | ExamCollection | Testking | |
|---|---|---|---|
| Lowest Price Guarantee | Yes | No | No |
| Up-to-Dated | Yes | No | No |
| Real Questions | Yes | No | No |
| Explanation | Yes | No | No |
| PDF VCE | Yes | No | No |
| Free VCE Simulator | Yes | No | No |
| Instant Download | Yes | No | No |