Free Dumps questions and answers for CCNP Security SISAS latest exam 300-208

Feedback

Home

General Knowledge
General Aptitude
General English
Networking
Interview Questions
- .NET
- Java
- ASP.NET
- C++
- Perl
- Python
- Ruby and Rails
- Struts
- Core Java
- Hibernate
- DB2
- MS SQL Server
- MySQL
- Oracle
- SQL
- DBMS
- Data Warehousing
- Data structures and Algorithms
- CCNA
- CCNP Routing
- CCNP Switching
- Internetworking
- Border Gateway Protocol
- MCSE
- Exchange Server
- Windows Server 2008
- DNS & Active Directory
- Firewall Questions
- Unix
- Linux Server Administrator
- Linux System Administrator
- Linux File Manipulation
Database

Home
Networking
CCNP Security 300-208

76.

What is the process of onboarding as it relates to BYOD?

A.
It’s a form of torture used in military interrogations.
B.
It prepares an endpoint for network access with supplicant configuration, and possibly even certificate provisioning.
C.
It’s the process in which an IT department will prestage an endpoint for corporate use before issuing the endpoint to the end user.
D.
It prepares an endpoint for network access by preconfiguring an installation package that the end user runs with administrator privilege to configure the endpoint.

Answer & Explanation
Report

Answer : [B]
Explanation :

One of the business issues with a BYOD model is walking an end user through the process of configuring his network supplicant to meet corporate policies. Onboarding is used to help an end user perform those actions himself, without requiring interaction from the IT department.

Report

Name

77.

With a single-SSID model for BYOD onboarding, how does the supplicant begin using its new certificate-based credentials?

A.
The endpoint will continue to use the initial credentials until the next reauthentication interval.
B.
ISE will send a CoA-DM, causing a new authentication.
C.
ISE will send a CoA-Reauth, causing a new authentication.
D.
The endpoint will continue to use the initial credentials until the endpoint is deassociated from the network and reassociates.

Answer & Explanation
Report

Answer : [C]
Explanation :

To maintain a seamless experience for the end user, a CoA-Reauth message is used. This keeps the endpoint connected to the network and simply causes the supplicant to send credentials again. At this point, it will be using the new certificate-based credentials to authenticate. The end user is completely unaware of the actions. A CoA-DM (disconnect message) would drop the endpoint from the network and be a poor user experience. Waiting for a reauth interval or a disconnect/reconnect to the network would not be an optimal user experience either.

Report

Name

78.

With dual-SSID onboarding, what stops a guest user from receiving a certificate and a supplicant profile?

A.
It is hard-coded in ISE to not permit a guest user to enter the provisioning flow.
B.
It’s a configurable option, so nothing prevents guests from receiving the certificate and supplicant profile.
C.
It’s a configurable option based on the authorization result given to the user.
D.
It’s a configurable option in the client provisioning policies to permit guests to enter the provisioning flow.

Answer & Explanation
Report

Answer : [A]
Explanation :

The software is hard-coded to deny guest users from entering the flow. There is no configuration possible to allow guest users to enter the provisioning process through the dual- SSID onboarding flows.

Report

Name

79.

The same ACL can be used for all endpoints to be onboarded. However, the security of the ACL needs to be relaxed for Androids. What is that reason?

A.
Google just feels that it is so special, so Androids require special access to keep up.
B.
Androids require access to the local app store in ISE.
C.
Because Android is inherently an insecure operating system, it therefore needs a less secure ACL.
D.
Androids require access to their app store to download and execute Cisco’s Network Setup Assistant APP.

Answer & Explanation
Report

Answer : [D]
Explanation :

While both C and D could be viewed as correct answers, only D is technically accurate.

Report

Name

80.

What are an ISE admin’s options for dealing with endpoints that are not supported by the BYOD onboarding process?

A.
Cisco ISE will reject an authentication from any endpoint that cannot go through the onboarding process.
B.
The admin has configurable choices to deny access to any nonconfigured endpoint that reaches the supplicant provisioning flow or to leave it in the current authorization state.
C.
Cisco ISE will automatically permit access to any device that can’t be onboarded.
D.
After the BYOD onboarding flow is enabled, every device must be onboarded. There are custom templates to be able to push profiles to any device that is not natively supported.

Answer & Explanation
Report

Answer : [B]
Explanation :

ISE will authenticate any endpoint that has been configured to authenticate to the network, regardless of the onboarding status. The policy can be configured to send an access-reject or to leave the user in the redirected state to receive a message explaining that she must configure her device on her own or call her IT department for assistance.

Report

Name

Pages
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

Sitemap