PrepAway - Latest Free Exam Questions & Answers

3 Comments on “which attribute to assign privileges based on Microsoft Active Directory user groups?

  1. Bald says:

    New 300-208 Questions and Answers (Updated on September/4/2017), and New 300-208 PDF and VCE Dumps: https://www.braindump2go.com/300-208.html (300Q&As Version), covers all new questions here in step with the cisco official test center! Share some new questions:

    QUESTION
    An engineer must ensure that all client operating systems have the AnyConnect Agent for an upcoming posture implementation.
    Which two versions of OS does the AnyConnect posture agent support? (Choose two.)

    A. Google Android
    B. Ubuntu
    C. Apple Mac OS X
    D. Microsoft Windows
    E. Red Hat Enterprise Linux

    Answer: C

    QUESTION
    Which command would be used in order to maintain a single open connection between a network access device and a tacacs server?

    A. tacacs-server host timeout
    B. tacacs-server host single-connection
    C. tacacs-server host
    D. tacacs-server host single-connection

    Answer: D

    QUESTION
    Refer to the exhibit. Which authentication method is being used?

    A. PEAP-MSCHAP
    B. EAP-GTC
    C. EAP-TLS
    D. PEAP-TLS

    Answer: C

    QUESTION
    A security engineer has a new TrustSec project and must create a few static security group tag classifications as a proof of concept.
    Which two classifications can the tags be mapped to? (Choose two.)

    A. VLAN
    B. user ID
    C. interface
    D. switch ID
    E. MAC address

    Answer: AC

    QUESTION
    Which CoA type does a Cisco ISE PSN send to a network access device when a NAG agent reports the OS patch status of a noncompliant endpoint?

    A. CoA-Terminate
    B. CoA-PortBounce
    C. CoA-Reauth
    D. CoA-Remediate

    Answer: B




    0



    0
  2. Pance says:

    2018 January New Updated 300-208 Exam Questions:

    QUESTION
    Which three host modes support MACsec? (Choose three.)

    A. multidomain authentication host mode
    B. multihost mode
    C. multi-MAC host mode
    D. single-host mode
    E. dual-host mode
    F. multi-auth host mode

    Answer: ABD

    QUESTION
    You are troubleshooting wired 802.1X authentications and see the following error: “Authentication failed: 22040 Wrong password or invalid shared secret.” What should you inspect to determine the problem?

    A. RADIUS shared secret
    B. Active Directory shared secret
    C. Identity source sequence
    D. TACACS+ shared secret
    E. Certificate authentication profile

    Answer: A

    QUESTION
    Refer to the exhibit. You are troubleshooting RADIUS issues on the network and the debug radius command returns the given output. What is the most likely reason for the failure?

    A. An invalid username or password was entered.
    B. The RADIUS port is incorrect.
    C. The NAD is untrusted by the RADIUS server.
    D. The RADIUS server is unreachable.
    E. RADIUS shared secret does not match

    Answer: A

    QUESTION
    Which devices support download of environmental data and IP from Cisco ISE to SGT bindings in their SGFW implementation?

    A. Cisco ASA devices
    B. Cisco ISR G2 and later devices with ZBFW
    C. Cisco ISR G3 devices with ZBFW
    D. Cisco ASR devices with ZBFW

    Answer: A

    QUESTION
    In Cisco ISE 1.3, where is BYOD enabled with dual-SSID onboarding?

    A. client provisioning policy
    B. client provisioning resources
    C. BYOD portal
    D. guest portal

    Answer: D

    QUESTION
    Which description of the purpose of the Continue option in an authentication policy rule is true?

    A. It allows Cisco ISE to check the list of rules in an authentication policy until there is a match.
    B. It sends an authentication to the next subrule within the same authentication rule.
    C. It allows Cisco ISE to proceed to the authorization policy regardless of authentication pass/fail.
    D. It sends an authentication to the selected identity store.
    E. It causes Cisco ISE to ignore the NAD because NAD will treat the Cisco ISE server as dead.

    Answer: C

    QUESTION
    How many days does Cisco ISE wait before it purges a session from the active session list if no RADIUS Accounting STOP message is received?

    A. 1
    B. 5
    C. 10
    D. 15

    Answer: B

    QUESTION
    A user configured a Cisco Identity Service Engine and switch to work with downloadable access list for wired dot1x users, though it is failing to work. Which command must be added to address the issue?

    A. ip dhcp snooping
    B. ip device tracking
    C. dot1x pae authenticator
    D. aaa authentication dot1x default group radius

    Answer: B

    QUESTION
    Refer to the exhibit. In a distributed deployment of Cisco ISE, which column in Figure 1 is used to fill in the Host Name field in Figure 2 to collect captures on Cisco ISE while authenticating the specific endpoint?

    A. Server
    B. Network Device
    C. Endpoint ID
    D. Identity

    Answer: A

    QUESTION
    Which ISE feature is used to facilitate a BYOD deployment?

    A. self-service personal device registration and onboarding
    B. Guest Service Sponsor Portal
    C. Local Web Auth
    D. Guest Identity Source Sequence

    Answer: A

    More: http://www.examcollections.info/?s=300-208




    0



    0

Leave a Reply