26 February, 2020

[Feb-2020-16] Down To Date 300-208 Resource

Certleader 300-208 Questions are updated and all 300-208 answers are verified by experts. Once you have completely prepared with our 300-208 exam prep kits you will be ready for the real 300-208 exam without a problem. We have Down to date Cisco 300-208 dumps study guide. PASSED 300-208 First attempt! Here What I Did.

Free demo questions for Cisco 300-208 Exam Dumps Below:

Page: 1 / 34

Total 417 questions Full Exam Access

Question 1

- (Exam Topic 1)
Refer to the exhibit.
300-208 dumps exhibit

If the host sends a packet across the Cisco TrustSec domain, where is the SGACL enforced?

At the egress router

Dynamically at the host

After the packet enters the Cisco TrustSec domain

At the ingress router.

Question 2

- (Exam Topic 3)
How does the device sensor send information to a RADIUS server?

Accounting

Authorization

Analyzer

Collector

Question 3

- (Exam Topic 1)
Which characteristic of static SGT classification is true?

uses MAB

maps a tag to an IP address

maps a tag to a MAC address

uses web authentication

Question 4

- (Exam Topic 1)
Which two components are required for creating native supplicant profile? (Choose two.)

Operating System

Connection type wired/wireless

Ios Sutten

BYOD

Question 5

- (Exam Topic 1)
What is the purpose of the Cisco ISE Guest Service Sponsor Portal?

It tracks and stores user activity while connected to the Cisco ISE.

It securely authenticates guest users for the Cisco ISE Guest Service.

It filters guest users from account holders to the Cisco ISE.

It creates and manages Guest User accounts.

Question 6

- (Exam Topic 1)
Which two are technologies that secure the control plane of the Cisco router? (Choose two.)

Cisco IOS Flexible Packet Matching

uRPF

routing protocol authentication

CPPr

BPDU protection

role-based access control

Question 7

- (Exam Topic 2)
Which action must an administrator take after joining a Cisco ISE deployment to an Active Directory domain?

Choose an Active Directory user.

Configure the management IP address.

Configure replication.

Choose an Active Directory group.

Question 8

- (Exam Topic 2)
You enabled the guest session limit feature on the Cisco ISE. However, end users report that the same guest can log in from multiple devices simultaneously.
Which configuration is missing on the network access device?

RADIUS authentication

RADIUS accounting

DHCP required

AAA override

Question 9

- (Exam Topic 1)
Which ISE deployment mode is similar to the industry standard 802 1X behavior?

policy mode

monitor mode

closed mode

low-impact mode

Question 10

- (Exam Topic 1)
Refer to the exhibit.
300-208 dumps exhibit

Which ISE flow mode does this diagram represent?

closed mode

low-impact mode

application mode

monitor mode

Question 11

- (Exam Topic 1)
Which identity store option allows you to modify the directory services that run on TCP/IP?

Lightweight Directory Access Protocol

RSA SecurID server

RADIUS

Active Directory

Question 12

- (Exam Topic 2)
Refer to the exhibit.
300-208 dumps exhibit

If the user matches the given TACACS+ profile on Cisco ISE, which command can the user enter from shell prompt on a Cisco switch?

enable

enable 10

show run

configure terminal

Question 13

- (Exam Topic 3)
Where is dynamic SGT classification configured?

Cisco ISE

NAD

supplicant

RADIUS proxy

Question 14

- (Exam Topic 1)
You must recover a wireless client from quarantine. You disconnect the client from the network. Which action do you take next?

Reboot the client machine after the idle timeout period expires.

Start a manual reassessment

Reconnect to the network after the idle timeout period expires.

Turn off the MIC of the client

Question 15

- (Exam Topic 1)
Which characteristic of an 3GT enforcement policy is true?

An SGFW has an implicit permit at the beginning.

An SGFW has an implicit deny at the end.

An SGACL has an implicit deny at the end.

An SGACL has an explicit deny at the beginning.

Question 16

- (Exam Topic 2)
What is the function of the SGACL policy matrix on a Cisco TrustSec domain with SGT Assignment?

It determines which access policy to apply to the endpoint.

It determines which switches are trusted within the TrustSec domain.

It determines the path the SGT of the packet takes when entering the Cisco TrustSec domain.

It lists all servers that are permitted to participate in the TrustSec domain.

It lists all hosts that are permitted to participate in the TrustSec domain.

Question 17

- (Exam Topic 3)
During BYOD flow, where does a Microsoft Windows 8.1 PC download the Network Setup Assistant from?

from Cisco App Store

from Cisco ISE directly

from Microsoft App Store

It uses the native OTA functionality.

Question 18

- (Exam Topic 1)
Which type of probe is required when using a Cisco IOS Sensor-enabled network switch?

network scan probe

HTTP probe

RADIUS probe

NetFlow probe

Question 19

- (Exam Topic 3)
Which port does Cisco ISE use for native supplicant provisioning of a Windows computer?

TCP 8443

TCP/UDP 8905

TCP/UDP 8909

TCP 443

Question 20

- (Exam Topic 2)
A properly configured Cisco ISE Policy Service node is not receiving any profile data from a Cisco switch that runs Device Sensor.
Which option is the most likely reason for the failure?

Syslog is configured for the Policy Administration Node.

RADIUS Accounting is disabled.

The SNMP community strings are mismatched.

RADIUS Authentication is misconfigured.

The connected endpoints support CDP but not DHCP.

Question 21

- (Exam Topic 1)
Which EAP method uses a modified version of the MS-CHAP authentication protocol?

EAP-POTP

EAP-TLS

LEAP

EAP-MD5

Question 22

- (Exam Topic 1)
A network administrator must enable which protocol extension to utilize EAP-Chaining?

EAP-FAST

EAP-TLS

MSCHAPv2

PEAP

Question 23

- (Exam Topic 1)
Which effect does the ip http secure-server command have on a Cisco ISE?

It enables the HTTP server for users to connect on the command line.

It enables the HTTP server for users to connect by using web-based authentication.

It enables the HTTPS server for users to connect by using web-based authentication.

It enables the HTTPS server for users to connect on the command line.

Question 24

- (Exam Topic 3)
Which RADIUS attribute can be used to dynamically assign the Inactivity active timer for MAB users from the Cisco ISE node?

radius-server timeout

idle-timeout attribute

session-timeout attribute

termination-action attribute

Question 25

- (Exam Topic 1)
Which two services are included in the Cisco ISE posture service? (Choose two.)

posture administration

posture run-time

posture monitoring

posture policing

posture catalog

Question 26

- (Exam Topic 1)
What is another term for 802.11i wireless network security?

802.1x

WEP

TKIP

WPA

WPA2

Question 27

- (Exam Topic 2)
Which option is the correct redirect-ACL for Wired-CWA, with 10.201.228.76 being the Cisco ISE IP address?

ip access-l ex ACL-WEBAUTH-REDIRECT deny udp any any eq domain deny ip any ho 10.201.228.76 permit tcp any any eq 80 permit tcp any any eq 443

ip access-l ex ACL-WEBAUTH-REDIRECT permit udp any any eq domain permit ip any 10.201.228.76 deny tcp any any eq 80 permit tcp any any eq 443

ip access-l ex ACL-WEBAUTH-REDIRECT deny udp any any eq domain permit tcp any 10.201.228.76 eq 8443 deny ip any host 10.201.228.76 permit tcp any any eq 80 permit tcp any 443

ip access-l ex ACL-WEBAUTH-REDIRECT permit udp any any eq domain deny ip any 10.201.228.76 permit tcp any any eq 80permit tcp any any eq 443

Question 28

- (Exam Topic 2)
Which feature of Cisco ASA allows VPN users to be postured against Cisco ISE without requiring an inline posture node?

RADIUS Change of Authorization

device tracking

DHCP snooping

VLAN hopping

Question 29

- (Exam Topic 1)
Which Cisco ISE 1.x protocol can be used to control admin access to network access devices?

TACACS+

RADIUS

EAP

Kerberos

Question 30

- (Exam Topic 2)
Which two Active Directory authentication methods are supported by Cisco ISE? (Choose two.)

MS-CHAPv2

PEAP

PPTP

EAP-PEAP

PPP

Page: 1 / 34

Total 417 questions Full Exam Access