[Free] 2019(Nov) EnsurePass Cisco 300-208 Dumps with VCE and PDF 61-70

Get Full Version of the Exam
http://www.EnsurePass.com/300-208.html

Question No.61

Which two are best practices to implement profiling services in a distributed environment? (Choose two)

  1. use of device sensor feature

  2. configuration to send syslogs to the appropriate profiler node

  3. netflow probes enabled on central nodes

  4. node-specific probe configuration

  5. global enablement of the profiler service

Correct Answer: BD

Explanation:

https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_prof_pol.html#wp134

You can deploy the Cisco ISE profiler service either in a standalone environment (on a single node), or in a distributed environment (on multiple nodes). Depending on the type of your deployment and the license you have installed, the profiler service of Cisco ISE can run on a single node or on multiple nodes. You need to install either the base license to take advantage of the basic services or the advanced license to take advantage of all the services of Cisco ISE. The ISE distributed deployment includes support for the following:

image

The Deployment Nodes page supports the infrastructure for the distributed nodes in the distributed deployment.

image

A node specific configuration of probesThe Probe Config page allows you to configure the probe per node.

image

image

Global Implementation of the profiler Change of Authorization (CoA). Configuration to allow syslogs to be sent to the appropriate profiler node.

Question No.62

Where is dynamic SGT classification configured?

  1. Cisco ISE

  2. NAD

  3. supplicant

  4. RADIUS proxy

Correct Answer: A

Question No.63

Which EAP method uses a modified version of the MS-CHAP authentication protocol?

  1. EAP-POTP

  2. EAP-TLS

  3. LEAP

  4. EAP-MD5

Correct Answer: C

Question No.64

Which option is required for inline security group tag propagation?

  1. Cisco Secure Access Control System

  2. hardware support

  3. Security Group Tag Exchange Protocol (SXP) v4

  4. Cisco Identity Services Engine

Correct Answer: B

Question No.65

You are configuring SGA on a network device that is unable to perform SGT tagging. How can the device propagate SGT information?

  1. The device can use SXP to pass IP-address-to-SGT mappings to a TrustSec-capable hardware peer.

  2. The device can use SXP to pass MAC-address-to-STG mappings to a TrustSec-capable hardware peer.

  3. The device can use SXP to pass MAC-address-to-IP mappings to a TrustSec-capable hardware peer.

  4. The device can propagate SGT information in an encapsulated security payload.

  5. The device can use a GRE tunnel to pass the SGT information to a TrustSec-capable hardware peer.

Correct Answer: A

Question No.66

Which option describes the purpose of configuring Native Supplicant Profile on the Cisco ISE?

  1. It helps employees add and manage new devices by entering the MAC address for the device.

  2. It is used to register personal devices on the network.

  3. It enforces the use of MSCHAPv2 or EAP-TLS for 802.1X authentication.

  4. It provides posture assessments and remediation for devices that are attempting to gain access to the corporate network.

Correct Answer: C

Question No.67

A network administrator must enable which protocol extension to utilize EAP-Chaining?

  1. EAP-FAST

  2. EAP-TLS

  3. MSCHAPv2

  4. PEAP

Correct Answer: A

Question No.68

Which term describes a software application that seeks connectivity to the network via a network access device?

  1. authenticator

  2. server

  3. supplicant

  4. WLC

Correct Answer: C

Question No.69

Which feature must you configure on a switch to allow it to redirect wired endpoints to Cisco ISE?

  1. the http secure-server command

  2. RADIUS Attribute 29

  3. the RADIUS VSA for accounting

  4. the RADIUS VSA for URL-REDIRECT

Correct Answer: A

Question No.70

What steps must you perform to deploy a CA-signed identity certificate on an ISE device?

  1. 1. Download the CA server certificate and install it on ISE.

    1. Generate a signing request and save it as a file.

    2. Access the CA server and submit the CA request.

    3. Install the issued certificate on the ISE.

  2. 1. Download the CA server certificate and install it on ISE.

    1. Generate a signing request and save it as a file.

    2. Access the CA server and submit the CSR.

    3. Install the issued certificate on the CA server.

  3. 1. Generate a signing request and save it as a file.

    1. Download the CA server certificate and install it on ISE.

    2. Access the ISE server and submit the CA request.

    3. Install the issued certificate on the CA server.

  4. 1. Generate a signing request and save it as a file.

    1. Download the CA server certificate and install it on ISE.

    2. Access the CA server and submit the CSR.

    3. Install the issued certificate on the ISE.

Correct Answer: D

Get Full Version of the Exam
300-208 Dumps
300-208 VCE and PDF

Leave a Reply

Your email address will not be published. Required fields are marked *

Proudly powered by WordPress