The NAC Agent uses which port and protocol to send discovery packets to an ISE Policy Service
Node?
A.
tcp/8905
B.
udp/8905
C.
http/80
D.
https/443
Get 50% Discount on All Your Purchases
at PrepAway.com - Latest Exam Questions
This is ONE TIME OFFER
50%
2018/Jan/6 New 300-208 Exam Questions Updated!
QUESTION 157
Which mechanism does Cisco ISE use to force a device off the network if it is reported lost or stolen?
A. CoA
B. dynamic ACLs
C. SGACL
D. certificate revocation
Answer: A
QUESTION 158
You discover that the Cisco ISE is failing to connect to the Active Directory server. Which option is a possible cause of the problem?
A. NTP server time synchronization is configured incorrectly.
B. There is a certificate mismatch between Cisco ISE and Active Directory.
C. NAT statements required for Active Directory are configured incorrectly.
D. The RADIUS authentication ports are being blocked by the firewall.
Answer: A
QUESTION 159
Which type of remediation does Windows Server Update Services provide?
A. automatic remediation
B. administrator-initiated remediation
C. redirect remediation
D. central Web auth remediation
Answer: A
QUESTION 160
Which three remediation actions are supported by the Web Agent for Windows? (Choose three.)
A. Automatic Remediation
B. Message text
C. URL Link
D. File Distribution
E. AV definition update
F. Launch Program
Answer: BCD
QUESTION 161
What endpoint operating system provides native support for the SPW?
A. Apple iOS
B. Android OS
C. Windows 8
D. Mac OS X
Answer: A
QUESTION 162
Which condition triggers wireless authentication?
A. NAS-Port-Type is set to IEEE 802.11.
B. Framed-Compression is set to None.
C. Service-Type is set to Framed.
D. Tunnel-Type is set to VLAN.
Answer: A
QUESTION 163
Which feature enables the Cisco ISE DHCP profiling capabilities to determine and enforce authorization policies on mobile devices?
A. disabling the DHCP proxy option
B. DHCP option 42
C. DHCP snooping
D. DHCP spoofing
Answer: A
QUESTION 164
With which two appliance-based products can Cisco Prime Infrastructure integrate to perform centralized management? (Choose two.)
A. Cisco Managed Services Engine
B. Cisco Email Security Appliance
C. Cisco Wireless Location Appliance
D. Cisco Content Security Appliance
E. Cisco ISE
Answer: AE
QUESTION 165
Which two options are EAP methods supported by Cisco ISE? (Choose two.)
A. EAP-FAST
B. EAP-TLS
C. EAP-MS-CHAPv2
D. EAP-GTC
Answer: AB
QUESTION 166
You configured wired 802.1X with EAP-TLS on Windows machines. The ISE authentication detail report shows “EAP-TLS failed SSL/TLS handshake because of an unknown CA in the client certificates chain.” What is the most likely cause of this error?
A. The ISE certificate store is missing a CA certificate.
B. The Wireless LAN Controller is missing a CA certificate.
C. The switch is missing a CA certificate.
D. The Windows Active Directory server is missing a CA certificate.
Answer: A
QUESTION 167
What type of identity group is the Blacklist identity group?
A. endpoint
B. user
C. blackhole
D. quarantine
E. denied systems
Answer: A
0
0
And you can download 2018 Latest Cisco 300-208 Exam Dumps with PDF and VCE 320Q&As Version: https://www.braindump2go.com/300-208.html
0
0