Proper study guides for Most up-to-date Cisco Implementing Cisco Secure Access Solutions (SISAS) certified begins with Cisco ccnp security sisas 300 208 official cert guide preparation products which designed to deliver the Breathing 300 208 sisas questions by making you pass the ccnp security sisas 300 208 official cert guide test at your first time. Try the free ccnp security sisas 300 208 official cert guide demo right now.

Q91. Which two identity databases are supported when PEAP-MSCHAPv2 is used as EAP type? (Choose two.) 

A. Windows Active Directory 

B. LDAP 

C. RADIUS token server 

D. internal endpoint store 

E. internal user store 

F. certificate authentication profile 

G. RSA SecurID 

Answer: A,E 


Q92. What is the function of the SGACL policy matrix on a Cisco TrustSec domain with SGT Assignment? 

A. It determines which access policy to apply to the endpoint. 

B. It determines which switches are trusted within the TrustSec domain. 

C. It determines the path the SGT of the packet takes when entering the Cisco TrustSec domain. 

D. It lists all servers that are permitted to participate in the TrustSec domain. 

E. It lists all hosts that are permitted to participate in the TrustSec domain. 

Answer:


Q93. Refer to the exhibit. 

Which URL must you enter in the External Webauth URL field to configure Cisco ISE CWA correctly? 

A. https://ip_address:8443/guestportal/Login.action 

B. https://ip_address:443/guestportal/Welcome.html 

C. https://ip_address:443/guestportal/action=cpp 

D. https://ip_address:8905/guestportal/Sponsor.action 

Answer:


Q94. What type of identity group is the Blacklist identity group? 

A. endpoint 

B. user 

C. blackhole 

D. quarantine 

E. denied systems 

Answer:


Q95. You are configuring SGA on a network device that is unable to perform SGT tagging. How can the device propagate SGT information? 

A. The device can use SXP to pass IP-address-to-SGT mappings to a TrustSec-capable hardware peer. 

B. The device can use SXP to pass MAC-address-to-STG mappings to a TrustSec-capable hardware peer. 

C. The device can use SXP to pass MAC-address-to-IP mappings to a TrustSec-capable hardware peer. 

D. The device can propagate SGT information in an encapsulated security payload. 

E. The device can use a GRE tunnel to pass the SGT information to a TrustSec-capable hardware peer. 

Answer:


Q96. Security Group Access requires which three syslog messages to be sent to Cisco ISE? (Choose three.) 

A. IOS-7-PROXY_DROP 

B. AP-1-AUTH_PROXY_DOS_ATTACK 

C. MKA-2-MACDROP 

D. AUTHMGR-5-MACMOVE 

E. ASA-6-CONNECT_BUILT 

F. AP-1-AUTH_PROXY_FALLBACK_REQ 

Answer: B,D,F 


Q97. You are installing Cisco ISE on nodes that will be used in a distributed deployment. After the initial bootstrap process, what state will the Cisco ISE nodes be in? 

A. Remote 

B. Policy service 

C. Administration 

D. Standalone 

Answer:


Q98. Which network access device feature can you configure to gather raw endpoint data? 

A. Device Sensor 

B. Device Classifier 

C. Switched Port Analyzer 

D. Trust Anchor 

Answer:


Q99. In an 802.1X authorization process, a network access device provides which three functions? (Choose three.) 

A. Filters traffic prior to authentication 

B. Passes credentials to authentication server 

C. Enforces policy provided by authentication server 

D. Hosts a central web authentication page 

E. Confirms supplicant protocol compliance 

F. Validates authentication credentials 

Answer: A,B,C 


Q100. Which Cisco ISE feature can differentiate a corporate endpoint from a personal device? 

A. EAP chaining 

B. PAC files 

C. authenticated in-band provisioning 

D. machine authentication 

Answer: