Today Big Q: cisco 300 208?

Proper study guides for Renovate Cisco Implementing Cisco Secure Access Solutions (SISAS) certified begins with Cisco ccnp security sisas 300 208 official cert guide pdf preparation products which designed to deliver the Printable 300 208 sisas questions by making you pass the ccnp security sisas 300 208 official cert guide pdf test at your first time. Try the free ccnp security sisas 300 208 official cert guide demo right now.

Q21. When RADIUS NAC and AAA Override are enabled for a WLC on a Cisco ISE, which two statements about RADIUS NAC are true? (Choose two.) 

A. It returns an access-accept and sends the redirection URL for all users. 

B. It establishes secure connectivity between the RADIUS server and the Cisco ISE. 

C. It allows the Cisco ISE to send a CoA request that indicates when the user is authenticated. 

D. It is used for posture assessment, so the Cisco ISE changes the user profile based on posture result. 

E. It allows multiple users to authenticate at the same time. 

Answer: C,D 

Q22. Where is client traffic decrypted in a controller-based wireless network protected with WPA2 Security? 

A. Access Point 

B. Switch 

C. Wireless LAN Controller 

D. Authentication Server 


Q23. Which two identity databases are supported when PEAP-MSCHAPv2 is used as EAP type? (Choose two.) 

A. Windows Active Directory 


C. RADIUS token server 

D. internal endpoint store 

E. internal user store 

F. certificate authentication profile 

G. RSA SecurID 

Answer: A,E 

Q24. Which statement about the Cisco ISE BYOD feature is true? 

A. Use of SCEP/CA is optional. 

B. BYOD works only on wireless access. 

C. Cisco ISE needs to integrate with MDM to support BYOD. 

D. Only mobile endpoints are supported. 


Q25. Which feature enables the Cisco ISE DHCP profiling capabilities to determine and enforce authorization policies on mobile devices? 

A. disabling the DHCP proxy option 

B. DHCP option 42 

C. DHCP snooping 

D. DHCP spoofing 


Q26. Changes were made to the ISE server while troubleshooting, and now all wireless certificate authentications are failing. Logs indicate an EAP failure. What are the two possible causes of the problem? (Choose two.) 

A. EAP-TLS is not checked in the Allowed Protocols list 

B. Client certificate is not included in the Trusted Certificate Store 

C. MS-CHAPv2-is not checked in the Allowed Protocols list 

D. Default rule denies all traffic 

E. Certificate authentication profile is not configured in the Identity Store 

Answer: A,E 

Q27. A network administrator needs to determine the ability of existing network devices to deliver key BYOD services. Which tool will complete a readiness assessment and outline hardware and software capable and incapable devices? 

A. Prime Infrastructure 

B. Network Control System 

C. Cisco Security Manager 

D. Identity Services Engine 


Q28. In this simulation, you are task to examine the various authentication events using the ISE GUI. For example, you should see events like Authentication succeeded. Authentication failed and etc... 

Which two statements are correct regarding the event that occurred at 2014-05-07 00:16:55.393? (Choose two.) 

A. The failure reason was user entered the wrong username. 

B. The supplicant used the PAP authentication method. 

C. The username entered was it1. 

D. The user was authenticated against the Active Directory then also against the ISE interal user database and both fails. 

E. The NAS switch port where the user connected to has a MAC address of 44:03:A7:62:41:7F 

F. The user is being authenticated using 802.1X. 

G. The user failed the MAB. 

H. The supplicant stopped responding to ISE which caused the failure. 

Answer: C,F 


Event Details: 

Screen Shot 2015-06-23 at 5.45.07 PM Screen Shot 2015-06-23 at 5.45.16 PM 

Q29. An administrator can leverage which attribute to assign privileges based on Microsoft Active Directory user groups? 

A. member of 

B. group 

C. class 

D. person 


Q30. Which error in a redirect ACL can cause the redirection of an endpoint to the provisioning portal to fail? 

A. The redirect ACL is blocking access to ports 80 and 443. 

B. The redirect ACL is applied to an incorrect SVI. 

C. The redirect ACL is blocking access to the client provisioning portal. 

D. The redirect ACL is blocking access to Cisco ISE port 8905.