Scenario:
Currently, many users are expehecing problems using their AnyConnect NAM supplicant tologin to the network. The rr desktop support staff have already examined and vehfed the
AnyConnect NAM configuration is correct.
In this simulation, you are tasked to examine the various ISE GUI screens to determine the ISE
current configurations to help isolate the problems. Based on the current ISE configurations,
you will need to answer three multiple choice questions.
To access the ISE GUI, click on the ISE icon in the topology diagram to access the ISE GUI.
Not all the ISE GUI screen are operational in this simulation and some of the ISE GUI operations
have been reduced in this simulation.
Not all the links on each of the ISE GUI screen works, if some of the links are not working on a
screen, click Home to go back to the Home page first. From the Home page, you can access all
the required screens.
To view some larger GUI screens, use the simulation window scroll bars. Some of the larger GUI
screens only shows partially but will include all information required to complete this
simulation.
Which two of the following statements are correct? (Choose two.)
A.
The ISE is not able to successfully connect to the hq-srv.secure-x. local AD server.
B.
The ISE internal endpoints database is used authenticate any users not in the Active
Directory domain.
C.
The ISE internal user database has two accounts enabled: student and test that maps to the
Employee user identity group.
D.
Guest_Portal_Sequence is a built-in identity source sequence.
[Update]
New 300-208 Exam Questions and Answers Updated Recently (4/Jan/2017):
NEW QUESTION 251
A security administrator wants to profile endpoints and gain visibility into attempted authentications. Which 802.1x mode allows these actions?
A. monitor mode
B. high-security mode
C. closed mode
D. low-impact mode
Answer: A
NEW QUESTION 252
Which three events immediately occur when a user clicks register on their device in a single- SSID BYOD onboarding registration process? (Choose three).
A. CA certificate is sent to the device from Cisco ISE
B. An endpoint is added to a Registered Devices identity group
C. RADIUS access request is sent to Cisco ISE
D. The profile service is sent to the device from Cisco ISE
E. DACL is sent to the device from Cisco ISE
F. BYOD registration flag is set by Cisco ISE
Answer: ABF
NEW QUESTION 253
A company wants to allow employees to register and manage their own devices that do not support NSP. Which portals enable this?
A. MDM portals
B. Client provisioning portals
C. My devices portals
D. BYOD Portals
Answer: C
NEW QUESTION 254
Which three options can be pushed from Cisco ISE server as part of a successful 802.1x authentication. (Choose three)
A. authentication order
B. posture status
C. authentication priority
D. vlan
E. DACL
F. reauthentication timer
Answer: DEF
NEW QUESTION 255
With which two appliance-based products can Cisco Prime infrastructure integrate to perform centralized management?
A. Cisco content security appliance
B. Cisco email security appliance
C. Cisco wireless location appliance
D. Cisco Mobility Services Engine
E. Cisco ISE
Answer: DE
NEW QUESTION 256
A malicious user gained network access by spoofing printer connections that were authorized using MAB on four different switch ports at the same time. What two catalyst switch security features will prevent further violations? (Choose two)
A. DHCP Snooping
B. 802.1AE MacSec
C. Port security
D. IP Device tracking
E. Dynamic ARP inspection
F. Private VLANs
Answer: AE
NEW QUESTION 257
Refer to exhibit, which statement about the authentication protocol used in the configuration is true?
aaa new model
tacacs-server host 1.1.1.1 single connection
tacas-server key cisco123
A. Authentication request contains username, encrypted password, NAS IP address, and port.
B. Authentication and authorization requests are sent in a single open connection between the network device and the TACACS+ server.
C. Authentication request contains username, password, NAS IP address and port.
D. Authentication and authorization request packets are grouped together in a single packet.
Answer: B
NEW QUESTION 258
Which option is the code field of n EAP packet?
A. one byte and 1=request, 2=response 3=failure 4=success
B. two byte and 1=request, 2=response, 3=success, 4=failure
C. two byte and 1=request 2=response 3=failure 4=success
D. one byte and 1=request 2=response 3=success 4=failure
Answer: D
NEW QUESTION 259
……
P.S. These New 300-208 Exam Questions Were Just Updated From The Real 300-208 Exam, You Can Get The Newest 300-208 Dumps In PDF And VCE From — http://www.passleader.com/300-208.html (275q VCE and PDF)
Good Luck!
BTW, that new 275Q 300-208 Dumps are Available on Google Drive for Free:
https://drive.google.com/open?id=0B-ob6L_QjGLpfkFleG9jUGxxS3kwS0VwcllTWmlxdTlBZUd5cnBkaG5DSE5FbU5yOEpYQzQ
Best Regards!
Fail today , is so many new questions 🙁
[Update]
New 300-208 Exam Questions Updated Recently (1/Mar/2017):
NEW QUESTION 288
An engineer must ensure that all client operating systems have the AnyConnect Agent for an upcoming posture implementation. Which two versions of OS does the AnyConnect posture agent support? (Choose two.)
A. Google Android
B. Ubuntu
C. Apple Mac OS X
D. Microsoft Windows
E. Red Hat Enterprise Linux
Answer: C
NEW QUESTION 289
Which command would be used in order to maintain a single open connection between a network access device and a tacacs server?
A. tacacs-server host timeout
B. tacacs-server host single-connection
C. tacacs-server host
D. tacacs-server host single-connection
Answer: D
NEW QUESTION 290
Refer to the exhibit. Which authentication method is being used?
Evaluating Identity Policy
15006 Matched Default Rule
15013 Selected Identity Store – LDAP_TESTE
22043 Current Identity Store does not support the authentication method; Skipping it
A. PEAP-MSCHAP
B. EAP-GTC
C. EAP-TLS
D. PEAP-TLS
Answer: C
NEW QUESTION 291
A security engineer has a new TrustSec project and must create a few static security group tag classifications as a proof of concept. Which two classifications can the tags be mapped to? (Choose two.)
A. VLAN
B. user ID
C. interface
D. switch ID
E. MAC address
Answer: AC
NEW QUESTION 292
……
NEW QUESTION 293
Which CoA type does a Cisco ISE PSN send to a network access device when a NAG agent reports the OS patch status of a noncompliant endpoint?
A. CoA-Terminate
B. CoA-PortBounce
C. CoA-Reauth
D. CoA-Remediate
Answer: B
NEW QUESTION 294
……
P.S. You Can Get The Newest 300-208 Dumps In PDF And VCE From — http://www.passleader.com/300-208.html (300q VCE and PDF)
Besides, part of that new 300Q 300-208 Dumps are available here:
https://1drv.ms/f/s!Aq3EkOX-B1yegR-ZeeCwg90H7vjB
Best Regards!