[Free] 2018(May) EnsurePass Testking Cisco 300-208 Dumps with VCE and PDF 121-130

Ensurepass.com : Ensure you pass the IT Exams
2018 May Cisco Official New Released 300-208
100% Free Download! 100% Pass Guaranteed!

Implementing Cisco Secure Access Solutions

Question No: 121

Which two EAP types require server side certificates? (Choose two.)

  1. EAP-TLS

  2. EAP-FAST/TLS

  3. EAP-MD5

  4. EAP-PEAP

  5. EAP-FAST/GTC

Answer: A,D

Question No: 122

Which command is useful when troubleshooting AAA Authentication between a Cisco router and the AAA server?

  1. test aaa-server test cisco cisco123 all new-code

  2. test aaa group7 tacacs auth cisco123 new-code

  3. test aaa group tacacs cisco cisco123 new-code

  4. test aaa-server tacacs group7 cisco cisco123 new-code

Answer: C

Question No: 123

Which statement about a distributed Cisco ISE deployment is true?

  1. It can support up to two monitoring Cisco ISE nodes for high availability.

  2. It can support up to three load-balanced Administration ISE nodes.

  3. Policy Service ISE nodes can be configured in a redundant failover configuration.

  4. The Active Directory servers of Cisco ISE can be configured in a load-balanced configuration.

Answer: A

Question No: 124 CORRECT TEXT

which command used to enable SGACL globally ?

Answer: cts role-based-enforcement

Question No: 125

Which RADIUS attribute can be used to dynamically assign the Inactivity active timer for MAB users from the Cisco ISE node?

  1. radius-server timeout

  2. idle-timeout attribute

  3. session-timeout attribute

  4. termination-action attribute

Answer: B

Explanation: Explanation/Reference: https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/identity-based- networking-services/

config_guide_c17-663759.html

When the inactivity timer is enabled, the switch monitors the activity from authenticated endpoints.

When the inactivity timer expires, the switch removes the authenticated session.

The inactivity timer for MAB can be statically configured on the switch port, or it can be dynamically assigned using the RADIUS Idle-Timeout attribute (Attribute 28).

Cisco recommends setting the timer using the RADIUS attribute because this approach lets gives you control over which endpoints are subject to this timer and the length of the timer for each class of endpoints.

For example, endpoints that are known to be quiet for long periods of time can be assigned a longer inactivity timer value than chatty endpoints.

Question No: 126

Scenario:

Currently, many users are expehecing problems using their AnyConnect NAM supplicant to login to the network. The rr desktop support staff have already examined and vehfed the AnyConnect NAM configuration is correct.

In this simulation, you are tasked to examine the various ISE GUI screens to determine the ISE current configurations to help isolate the problems. Based on the current ISE configurations, you will need to answer three multiple choice questions.

To access the ISE GUI, click on the ISE icon in the topology diagram to access the ISE GUI.

Not all the ISE GUI screen are operational in this simulation and some of the ISE GUI operations have been reduced in this simulation.

Not all the links on each of the ISE GUI screen works, if some of the links are not working on a screen, click Home to go back to the Home page first. From the Home page, you can access all the required screens.

To view some larger GUI screens, use the simulation window scroll bars. Some of the larger GUI screens only shows partially but will include all information required to complete this simulation.

Ensurepass 2018 PDF and VCE

Ensurepass 2018 PDF and VCE

Which two of the following statements are correct? (Choose two.)

  1. The ISE is not able to successfully connect to the hq-srv.secure-x. local AD server.

  2. The ISE internal endpoints database is used authenticate any users not in the Active Directory domain.

  3. The ISE internal user database has two accounts enabled: student and test that maps to the Employee user identity group.

  4. Guest_Portal_Sequence is a built-in identity source sequence.

Answer: B,D

Question No: 127

Which set of commands allows IPX inbound on all interfaces?

  1. ASA1(config)# access-list IPX-Allow ethertype permit ipxASA1(config)# access-group IPX-Allow in interface global

  2. ASA1(config)# access-list IPX-Allow ethertype permit ipxASA1(config)# access-group IPX-Allow in interface inside

  3. ASA1(config)# access-list IPX-Allow ethertype permit ipxASA1(config)# access-group IPX-Allow in interface outside

  4. ASA1(config)# access-list IPX-Allow ethertype permit ipxASA1(config)# access-group IPX-Allow out interface global

Answer: A

Question No: 128

Which two profile attributes can be collected by a Cisco Catalyst Switch that supports Device Sensor? (Choose two.)

  1. LLDP agent information

  2. user agent

  3. DHCP options

  4. open ports

  5. operating system

  6. trunk ports

Answer: A,C

Question No: 129

Which valid external identity source can be used with Cisco ISE?

  1. IPsec vpn authentication

  2. smart card

  3. local user name and password

  4. TACACS token

Answer: B

Question No: 130 CORRECT TEXT

The Secure-X company has started to tested the 802.1X authentication deployment using the Cisco Catalyst 3560-X layer 3 switch and the Cisco ISEvl2 appliance. Each employee desktop will be connected to the 802.1X enabled switch port and will use the Cisco AnyConnect NAM 802.1X supplicant to log in and connect to the network.

Your particular tasks in this simulation are to create a new identity source sequence named AD_internal which will first use the Microsoft Active Directory (AD1) then use the ISE Internal User database. Once the new identity source sequence has been configured, edit the existing DotlX authentication policy to use the new AD_internal identity source sequence.

The Microsoft Active Directory (AD1) identity store has already been successfully configured, you just need to reference it in your configuration.

Ensurepass 2018 PDF and VCE

In addition to the above, you are also tasked to edit the IT users authorization policy so IT users who successfully authenticated will get the permission of the existing IT_Corp authorization profile.

Perform this simulation by accessing the ISE GUI to perform the following tasks:

  • Create a new identity source sequence named AD_internal to first use the Microsoft Active Directory (AD1) then use the ISE Internal User database

  • Edit the existing Dot1X authentication policy to use the new AD_internal identity source sequence:

  • If authentication failed-reject the access request

  • If user is not found in AD-Drop the request without sending a response

  • If process failed-Drop the request without sending a response

  • Edit the IT users authorization policy so IT users who successfully authenticated will get the permission of the existing IT_Corp authorization profile.

  • To access the ISE GUI, click the ISE icon in the topology diagram. To verify your configurations, from the ISE GUI, you should also see the Authentication Succeeded event for the it1 user after you have successfully defined the DotlX authentication policy to use the Microsoft Active Directory first then use the ISE Internal User Database to authenticate the user. And in the Authentication Succeeded event, you should see the IT_Corp authorization profile being applied to the it1 user. If your configuration is not correct and ISE can#39;t authenticate the user against the Microsoft Active Directory, you should see the Authentication Failed event instead for the it1 user.

    Note: If you make a mistake in the Identity Source Sequence configuration, please delete the Identity Source Sequence then re-add a new one. The edit Identity Source Sequence function is not implemented in this simulation.

    Ensurepass 2018 PDF and VCE

    Ensurepass 2018 PDF and VCE

    Answer: Review the explanation for full configuration and solution.

    Explanation:

    Step 1: create a new identity source sequence named AD_internal which will first use the Microsoft Active Directory (AD1) then use the ISE Internal User database as shown below:

    Ensurepass 2018 PDF and VCE

    Step 2: Edit the existing Dot1x policy to use the newly created Identity Source:

    Ensurepass 2018 PDF and VCE

    Then hit Done and save.

    100% Ensurepass Free Download!
    Download Free Demo:300-208 Demo PDF
    100% Ensurepass Free Guaranteed!
    300-208 Dumps

    EnsurePass ExamCollection Testking
    Lowest Price Guarantee Yes No No
    Up-to-Dated Yes No No
    Real Questions Yes No No
    Explanation Yes No No
    PDF VCE Yes No No
    Free VCE Simulator Yes No No
    Instant Download Yes No No