[Free] 2017(Nov) Dumps4cert Testinsides Cisco 300-208 Dumps with VCE and PDF Download 141-150

Dumps4cert 2017 Nov Cisco Official New Released 300-208
100% Free Download! 100% Pass Guaranteed!
http://www.Dumps4cert.com/300-208.html

Implementing Cisco Secure Access Solutions

Question No: 141

What are two client-side requirements of the NAC Agent and NAC Web Agent installation? (Choose two.)

  1. Administrator workstation rights

  2. Active Directory Domain membership

  3. Allowing of web browser activex installation

  4. WSUS service running

Answer: A,C

Question No: 142

Which action must an administrator take after joining a Cisco ISE deployment to an Active Directory domain?

  1. Choose an Active Directory user.

  2. Configure the management IP address.

  3. Configure replication.

  4. Choose an Active Directory group.

Answer: D

Question No: 143

Which Cisco ISE feature can differentiate a corporate endpoint from a personal device?

  1. EAP chaining

  2. PAC files

  3. authenticated in-band provisioning

  4. machine authentication

Answer: A

Question No: 144

What endpoint operating system provides native support for the SPW?

  1. Apple iOS

  2. Android OS

  3. Windows 8

  4. Mac OS X

Answer: A

Question No: 145

You are configuring SGA on a network device that is unable to perform SGT tagging. How can the device propagate SGT information?

  1. The device can use SXP to pass IP-address-to-SGT mappings to a TrustSec-capable hardware peer.

  2. The device can use SXP to pass MAC-address-to-STG mappings to a TrustSec-capable hardware peer.

  3. The device can use SXP to pass MAC-address-to-IP mappings to a TrustSec-capable hardware peer.

  4. The device can propagate SGT information in an encapsulated security payload.

  5. The device can use a GRE tunnel to pass the SGT information to a TrustSec-capable

hardware peer.

Answer: A

Question No: 146

Changes were made to the ISE server while troubleshooting, and now all wireless certificate authentications are failing. Logs indicate an EAP failure. What is the most likely cause of the problem?

  1. EAP-TLS is not checked in the Allowed Protocols list

  2. Certificate authentication profile is not configured in the Identity Store

  3. MS-CHAPv2-is not checked in the Allowed Protocols list

  4. Default rule denies all traffic

  5. Client root certificate is not included in the Certificate Store

Answer: A

Question No: 147

Which RADIUS attribute can be used to dynamically assign the Inactivity active timer for MAB users from the Cisco ISE node?

  1. radius-server timeout

  2. idle-timeout attribute

  3. session-timeout attribute

  4. termination-action attribute

Answer: B

Explanation: Explanation/Reference: https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/identity-based- networking-services/

config_guide_c17-663759.html

When the inactivity timer is enabled, the switch monitors the activity from authenticated endpoints.

When the inactivity timer expires, the switch removes the authenticated session.

The inactivity timer for MAB can be statically configured on the switch port, or it can be dynamically assigned using the RADIUS Idle-Timeout attribute (Attribute 28).

Cisco recommends setting the timer using the RADIUS attribute because this approach lets gives you control over which endpoints are subject to this timer and the length of the timer for each class of endpoints.

For example, endpoints that are known to be quiet for long periods of time can be assigned a longer inactivity timer value than chatty endpoints.

Question No: 148

During BYOD flow, where does a Microsoft Windows 8.1 PC download the Network Setup Assistant from?

  1. from Cisco App Store

  2. from Cisco ISE directly

  3. from Microsoft App Store

  4. It uses the native OTA functionality.

Answer: B

Question No: 149

Which EAP method uses a modified version of the MS-CHAP authentication protocol?

  1. EAP-POTP

  2. EAP-TLS

  3. LEAP

  4. EAP-MD5

Answer: C

Question No: 150

Which two identity store options allow you to authorize based on group membership? (Choose two).

  1. Lightweight Directory Access Protocol

  2. RSA SecurID server

  3. RADIUS

  4. Active Directory

Answer: A,D

100% Free Download!
Download Free Demo:300-208 Demo PDF
100% Pass Guaranteed!
Download 2017 Dumps4cert 300-208 Full Exam PDF and VCE

Dumps4cert ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Dumps4cert IT Certification PDF and VCE