When MAB is configured, how often are ports reauthenticated by default?
A.
every 60 seconds
B.
every 90 seconds
C.
every 120 seconds
D.
never
Get 50% Discount on All Your Purchases
at PrepAway.com - Latest Exam Questions
This is ONE TIME OFFER
50%
Answer: A
0
0
It’s D , you use MAB to bypass authentication, it’s used for printer,phones ect.
0
0
Enabling Reauthentication on a Port
By default, ports are not automatically reauthenticated. You can enable automatic reauthentication and
specify how often reauthentication attempts are made.
http://www9.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_aaa/configuration/15-s/sec-usr-aaa-15-s-book/sec-config-mab.pdf
0
0
.2.6.4 Reauthentication and Absolute Session Timeout
Reauthentication cannot be used to terminate MAB-authenticated endpoints. Absolute session timeout should be used only with caution.
The reauthentication timer for MAB is the same as for IEEE 802.1X. The timer can be statically configured on the switch port, or it can be dynamically assigned by sending the Session-Timeout attribute (Attribute 27) and the RADIUS Termination-Action attribute (Attribute 29) with a value of RADIUS-Request in the Access-Accept message from the RADIUS server.
0
0
2017/Aug New Updated 300-208 Exam Questions:
QUESTION 288
An engineer must ensure that all client operating systems have the AnyConnect Agent for an upcoming posture implementation.
Which two versions of OS does the AnyConnect posture agent support? (Choose two.)
A. Google Android
B. Ubuntu
C. Apple Mac OS X
D. Microsoft Windows
E. Red Hat Enterprise Linux
Answer: C
QUESTION 289
Which command would be used in order to maintain a single open connection between a network access device and a tacacs server?
A. tacacs-server host timeout
B. tacacs-server host single-connection
C. tacacs-server host
D. tacacs-server host single-connection
Answer: D
QUESTION 290
Refer to the exhibit. Which authentication method is being used?
A. PEAP-MSCHAP
B. EAP-GTC
C. EAP-TLS
D. PEAP-TLS
Answer: C
QUESTION 291
A security engineer has a new TrustSec project and must create a few static security group tag classifications as a proof of concept.
Which two classifications can the tags be mapped to? (Choose two.)
A. VLAN
B. user ID
C. interface
D. switch ID
E. MAC address
Answer: AC
QUESTION 293
Which CoA type does a Cisco ISE PSN send to a network access device when a NAG agent reports the OS patch status of a noncompliant endpoint?
A. CoA-Terminate
B. CoA-PortBounce
C. CoA-Reauth
D. CoA-Remediate
Answer: B
More new 300-208 exam questions:https://drive.google.com/folderview?id=0B272WrTALRHcbTlPUnl0Q1JTTjQ&usp=sharing
0
0
and i am also studying 2017 latest 300-208 PDF and VCE 300Q at the present, they cover most of new questions in their practice questions:https://www.braindump2go.com/300-208.html, anyone is also studying? I am also not sure about some answers…..
0
0
2018/January/6 new 300-208 Exam Questions:
QUESTION
Which functionality does the Cisco ISE self-provisioning flow provide?
A. It provides support for native supplicants, allowing users to connect devices directly to the network.
B. It provides the My Devices portal, allowing users to add devices to the network.
C. It provides support for users to install the Cisco NAC agent on enterprise devices.
D. It provides self-registration functionality to allow guest users to access the network.
Answer: A
QUESTION
During client provisioning on a Mac OS X system, the client system fails to renew its IP address. Which change can you make to the agent profile to correct the problem?
A. Enable the Agent IP Refresh feature.
B. Enable the Enable VLAN Detect Without UI feature.
C. Enable CRL checking.
D. Edit the Discovery Host parameter to use an IP address instead of an FQDN.
Answer: A
QUESTION
Where is dynamic SGT classification configured?
A. Cisco ISE
B. NAD
C. supplicant
D. RADIUS proxy
Answer: A
QUESTION
What is the function of the SGACL policy matrix on a Cisco TrustSec domain with SGT Assignment?
A. It determines which access policy to apply to the endpoint.
B. It determines which switches are trusted within the TrustSec domain.
C. It determines the path the SGT of the packet takes when entering the Cisco TrustSec domain.
D. It lists all servers that are permitted to participate in the TrustSec domain.
E. It lists all hosts that are permitted to participate in the TrustSec domain.
Answer: A
QUESTION
You are configuring SGA on a network device that is unable to perform SGT tagging. How can the device propagate SGT information?
A. The device can use SXP to pass IP-address-to-SGT mappings to a TrustSec-capable hardware peer.
B. The device can use SXP to pass MAC-address-to-STG mappings to a TrustSec-capable hardware peer.
C. The device can use SXP to pass MAC-address-to-IP mappings to a TrustSec-capable hardware peer.
D. The device can propagate SGT information in an encapsulated security payload.
E. The device can use a GRE tunnel to pass the SGT information to a TrustSec-capable hardware peer.
Answer: A
More: http://www.examcollections.info/?s=300-208
0
0