2017 CCNP Security SISAS 300-208 latest multiple choice questions and answers. Page 9 -- Infibee

Feedback

Home

General Knowledge
General Aptitude
General English
Networking
Interview Questions
- .NET
- Java
- ASP.NET
- C++
- Perl
- Python
- Ruby and Rails
- Struts
- Core Java
- Hibernate
- DB2
- MS SQL Server
- MySQL
- Oracle
- SQL
- DBMS
- Data Warehousing
- Data structures and Algorithms
- CCNA
- CCNP Routing
- CCNP Switching
- Internetworking
- Border Gateway Protocol
- MCSE
- Exchange Server
- Windows Server 2008
- DNS & Active Directory
- Firewall Questions
- Unix
- Linux Server Administrator
- Linux System Administrator
- Linux File Manipulation
Database

Home
Networking
CCNP Security 300-208

41.

Which of the following is required to perform MAB from a Cisco network device?

A.
The RADIUS packet must have the service-type set to login and the calledstation- id populated with the MAC address of the endpoint.
B.
The RADIUS packet must have the service-type set to Call-Check and the calling-station-id populated with the MAC address of the endpoint.
C.
The RADIUS packet must have the service-type set to Call-Check and the calledstation- id populated with the MAC address of the endpoint
D.
The RADIUS packet must have the service-type set to login and the callingstation- id populated with the MAC address of the endpoint

Answer & Explanation
Report

Answer : [B]
Explanation :

The RADIUS packet must have the service-type set to Call-Check. The servicetype dictates the method of authentication. The calling-station-id field must be populated with the MAC address of the endpoint.

Report

Name

42.

Which EAP type is capable of performing EAP chaining?

A.
PEAP
B.
EAP-FAST
C.
EAP-TLS
D.
EAP-MD5

Answer & Explanation
Report

Answer : [B]
Explanation :

Only EAP-FAST and TEAP (RFC 7170) have EAP chaining capabilities

Report

Name

43.

Which of the following choices are purposes of an authentication policy?

A.
To permit or deny access to the network based on the incoming authentication request
B.
To apply access control filters, such as dACL or security group tags (SGTs), to the network device to limit traffic
C.
To drop requests using an incorrect authentication method, route authentication requests to the correct identity store, validate the identity, and “pass” successful authentications over to the authorization policy
D.
To terminate encrypted tunnels for purposes of remote access into the network

Answer & Explanation
Report

Answer : [C]
Explanation :

An authentication policy is meant to drop traffic that isn’t allowed, meaning it is using an authentication protocol that is not configured, it will route authentication requests to the correct identity store to validate the identity, and “pass” successful authentications over to the authorization policy.

Report

Name

44.

True or False? You must select Detect PAP as Host Lookup to enable MAB requests for Cisco nNetwork devices.

A.
True
B.
False

Answer & Explanation
Report

Answer : [B]
Explanation :

Only the Process Host Lookup check box must be select in the Allowed Protocols for Cisco MAB to work. Detecting another protocol as Host Lookup is only for non-Cisco network devices.

Report

Name

45.

True or False? Policy conditions from attribute dictionaries can be saved as conditions inline while building authentication policies.

A.
True
B.
False

Answer & Explanation
Report

Answer : [A]
Explanation :

Reusable conditions can be built on-the-fly while building the authentication policy, and they are saved as dictionary objects.

Report

Name

Pages
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

Sitemap