Refer to the exhibit.
Which three statements about the given configuration are true? (Choose three.)
A.
TACACS+ authentication configuration is complete.
B.
TACACS+ authentication configuration is incomplete.
C.
TACACS+ server hosts are configured correctly.
D.
TACACS+ server hosts are misconfigured.E. The TACACS+ server key is encrypted.
F.
The TACACS+ server key is unencrypted.
2018 More new 300-208 Exam Questions and Answers:
QUESTION 175
Changes were made to the ISE server while troubleshooting, and now all wireless certificate authentications are failing. Logs indicate an EAP failure.
What are the two possible causes of the problem? (Choose two.)
A. EAP-TLS is not checked in the Allowed Protocols list
B. Client certificate is not included in the Trusted Certificate Store
C. MS-CHAPv2-is not checked in the Allowed Protocols list
D. Default rule denies all traffic
E. Certificate authentication profile is not configured in the Identity Store
Answer: AE
QUESTION 176
Which action must an administrator take after joining a Cisco ISE deployment to an Active Directory domain?
A. Choose an Active Directory user.
B. Configure the management IP address.
C. Configure replication.
D. Choose an Active Directory group.
Answer: D
QUESTION 177
Which feature of Cisco ASA allows VPN users to be postured against Cisco ISE without requiring an inline posture node?
A. RADIUS Change of Authorization
B. device tracking
C. DHCP snooping
D. VLAN hopping
Answer: A
QUESTION 178
After an endpoint has completed authentication with MAB, a security violation is triggered because a different MAC address was detected. Which host mode must be active on the port?
A. single-host mode
B. multidomain authentication host mode
C. multiauthentication host mode
D. multihost mode
Answer: A
QUESTION 179
Refer to the exhibit. You are configuring permissions for a new Cisco ISE standard authorization profile. If you configure the Tunnel-Private-Group-ID attribute as shown, what does the value 123 represent?
A. the VLAN ID
B. the VRF ID
C. the tunnel ID
D. the group ID
Answer: A
QUESTION 180
Where would a Cisco ISE administrator define a named ACL to use in an authorization policy?
A. In the conditions of an authorization rule.
B. In the attributes of an authorization rule.
C. In the permissions of an authorization rule.
D. In an authorization profile associated with an authorization rule.
Answer: D
QUESTION 181
Refer to the exhibit. Which URL must you enter in the External Webauth URL field to configure Cisco ISE CWA correctly?
A. https://ip_address:8443/guestportal/Login.action
B. https://ip_address:443/guestportal/Welcome.html
C. https://ip_address:443/guestportal/action=cpp
D. https://ip_address:8905/guestportal/Sponsor.action
Answer: A
QUESTION 182
When you configure an endpoint profiling policy rule, which option describes the purpose of the minimum certainty factor?
A. It is compared to the total certainty metric of an individual endpoint to determine whether the endpoint can be trusted.
B. It is compared to the assigned certainty value of an individual endpoint in a device database to determine whether the endpoint can be trusted.
C. It is used to compare the policy condition to other active policies.
D. It is used to determine the likelihood that an endpoint is an active, trusted device on the network.
Answer: A
QUESTION 183
You have configured a Cisco ISE 1.2 deployment for self-registration of guest users. What two options can you select from to determine when the account duration timer begins? (Choose two.)
A. CreateTime
B. FirstLogin
C. BeginLogin
D. StartTime
Answer: AB
QUESTION 184
Which error in a redirect ACL can cause the redirection of an endpoint to the provisioning portal to fail?
A. The redirect ACL is blocking access to ports 80 and 443.
B. The redirect ACL is applied to an incorrect SVI.
C. The redirect ACL is blocking access to the client provisioning portal.
D. The redirect ACL is blocking access to Cisco ISE port 8905.
Answer: A
QUESTION 185
Where must periodic re-authentication be configured to allow a client to come out of the quarantine state and become compliant?
A. on the switch port
B. on the router port
C. on the supplicant
D. on the controller
Answer: A
0
0
More new 300-208 Questions can be freely viewed at: https://drive.google.com/drive/folders/0B75b5xYLjSSNdm14RFVqa0Q1YUU?usp=sharing
0
0
More:
QUESTION 175
Changes were made to the ISE server while troubleshooting, and now all wireless certificate authentications are failing. Logs indicate an EAP failure.
What are the two possible causes of the problem? (Choose two.)
A. EAP-TLS is not checked in the Allowed Protocols list
B. Client certificate is not included in the Trusted Certificate Store
C. MS-CHAPv2-is not checked in the Allowed Protocols list
D. Default rule denies all traffic
E. Certificate authentication profile is not configured in the Identity Store
Answer: AE
QUESTION 176
Which action must an administrator take after joining a Cisco ISE deployment to an Active Directory domain?
A. Choose an Active Directory user.
B. Configure the management IP address.
C. Configure replication.
D. Choose an Active Directory group.
Answer: D
QUESTION 177
Which feature of Cisco ASA allows VPN users to be postured against Cisco ISE without requiring an inline posture node?
A. RADIUS Change of Authorization
B. device tracking
C. DHCP snooping
D. VLAN hopping
Answer: A
QUESTION 178
After an endpoint has completed authentication with MAB, a security violation is triggered because a different MAC address was detected. Which host mode must be active on the port?
A. single-host mode
B. multidomain authentication host mode
C. multiauthentication host mode
D. multihost mode
Answer: A
QUESTION 179
Refer to the exhibit. You are configuring permissions for a new Cisco ISE standard authorization profile. If you configure the Tunnel-Private-Group-ID attribute as shown, what does the value 123 represent?
A. the VLAN ID
B. the VRF ID
C. the tunnel ID
D. the group ID
Answer: A
QUESTION 180
Where would a Cisco ISE administrator define a named ACL to use in an authorization policy?
A. In the conditions of an authorization rule.
B. In the attributes of an authorization rule.
C. In the permissions of an authorization rule.
D. In an authorization profile associated with an authorization rule.
Answer: D
QUESTION 182
When you configure an endpoint profiling policy rule, which option describes the purpose of the minimum certainty factor?
A. It is compared to the total certainty metric of an individual endpoint to determine whether the endpoint can be trusted.
B. It is compared to the assigned certainty value of an individual endpoint in a device database to determine whether the endpoint can be trusted.
C. It is used to compare the policy condition to other active policies.
D. It is used to determine the likelihood that an endpoint is an active, trusted device on the network.
Answer: A
QUESTION 183
You have configured a Cisco ISE 1.2 deployment for self-registration of guest users. What two options can you select from to determine when the account duration timer begins? (Choose two.)
A. CreateTime
B. FirstLogin
C. BeginLogin
D. StartTime
Answer: AB
QUESTION 184
Which error in a redirect ACL can cause the redirection of an endpoint to the provisioning portal to fail?
A. The redirect ACL is blocking access to ports 80 and 443.
B. The redirect ACL is applied to an incorrect SVI.
C. The redirect ACL is blocking access to the client provisioning portal.
D. The redirect ACL is blocking access to Cisco ISE port 8905.
Answer: A
QUESTION 185
Where must periodic re-authentication be configured to allow a client to come out of the quarantine state and become compliant?
A. on the switch port
B. on the router port
C. on the supplicant
D. on the controller
Answer: A
0
0