PASS4TEST \ http://www.pass4test.com We offer free update service for one year
Exam : 300-208 Title : Implementing Cisco Secure Access Solutions Vendor : Cisco Version : DEMO Get Latest & Valid 300-208 Exam's Question and Answers 1 from Pass4test.com. 1
NO.1 You must recover a wireless client from quarantine. You disconnect the client from the network. Which action do you take next? A. Reconnect to the network after the idle timeout period expires. B. Start a manual reassessment C. Turn off the MIC of the client D. Reboot the client machine after the idle timeout period expires. Reference: https://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_pos_pol.html NO.2 A security administrator wants to profile endpoints and gain visibility into attempted authentications. Which 802.1x mode allows these actions? A. high-security mode B. monitor mode C. closed mode D. low-impact mode Explanation Monitor ModeMonitor Mode is a process, not just a command on a switch. The process is to enable authentication (with authentication open), see exactly which devices fail and which ones succeed, and correct the failed authentications before they cause any problems. NO.3 Which action do you take to restrict network access for endpoints that are not posture compliant? A. Define the policy by configuring a standard profile.s B. Configure client provisioning services on the Cisco ISE Server C. Assian a dynamjc VLAN oq the, NA D. Configure a dacl on the NA NO.4 Which three options can be pushed from Cisco ISE server as part of a successful 802.1x authentication. (Choose three) A. vlan B. re-authentication timer C. posture status D. authentication order E. authentication priority F. DACL,B,F Get Latest & Valid 300-208 Exam's Question and Answers 2 from Pass4test.com. 2
NO.5 An engineer of Company A wants to know what kind of devices are connecting to the network. Which service can be enabled on the Cisco ISE node? A. MAB B. profiling C. posture D. central web authentication Explanation Cisco ISE Profiling Services provides dynamic detection and classification of endpoints connected to the network.using MAC addresses as the unique identifier, ISE collects various attributes for each network endpoint to build an internal endpoint database. NO.6 An organization has recently deployed ISE with Trustsec capable Cisco switches and would like to allow differentiated network access based on user groups. Which solution is most suitable for achieving these goals? A. Cisco Security Group Access Policies to control access based on SGTs assigned to different user groups B. Cyber Threat Defense for user group control by leveraging Netflow exported from the Cisco switches and identity information from ISE C. Identity-based ACLs preconfigured on the Cisco switches with user identities provided by ISE D. MACsec in Multiple-Host Mode in order to encrypt traffic at each hop of the network infrastructure NO.7 What is the purpose of configuring Native Supplicant Profile on the Cisco ISE? A. It is used to register personal devices on the network. B. It enforces the use of MSCHAPv2 or EAP-TLS for 802 1X authentication C. It provides posture assessments and remediation for devices that are attempting to gain access to the corporate network. D. It helps employees add and manage new devices by entering the MAC address for the device. NO.8 Which action is a Cisco recommended practice while attempting to increase efficiency on the monitoring nodes? A. Compress the data regularly B. Re-index the data on a regular basis. C. Remove endpoints when not active. D. Back up data and transfer to a remote repository on regular basis Answer: D Reference: https://www.cisco.com/c/en/us/td/docs/security/ise/1-4/admin_guide/b_ise_admin_guide_14/b_ise_admin_guide NO.9 Which effect does the ip http secure-server command have on a Cisco ISE? Get Latest & Valid 300-208 Exam's Question and Answers 3 from Pass4test.com. 3
A. It enables the HTTP server for users to connect by using web-based authentication. B. It enables the HTTPS server for users to connect on the command line. C. It enables the HTTP server for users to connect on the command line. D. It enables the HTTPS server for users to connect by using web-based authentication. Answer: D NO.10 Which profiling capability allows you to gather and forward network packets to an analyzer? A. collector B. aggregator C. spanner D. retriever NO.11 Which 2 options are functional components of the posture service? A. Posture policy B. Network provisioning C. Quarantined policy D. Client provisioning,d NO.12 An engineer has discovered that a NAD is already configured to send packets to the cisco ISE node running session services, which probe profile requires the simplest configuration? A. DHCP B. HTTP C. SPAN D. NMAP E. RADIUS Answer: E NO.13 Which two options enable security group tags to the assigned to a session? A. DHCP B. Firewall C. Source VLAN D. ISE E. ACL,D NO.14 Which protocol is EAP encapsulated in for communications between the authenticator and the authentication server? A. Radius B. EAP-MD5 C. IPSec D. EAPOL Get Latest & Valid 300-208 Exam's Question and Answers 4 from Pass4test.com. 4
NO.15 What protecs MacSec Frame? A. ICV B. MKA NO.16 Which two services are included in the Cisco ISE posture service? (Choose two.) A. posture administration B. posture catalog C. posture run-time D. posture policing E. posture monitoring,c NO.17 You are installing Cisco ISE on nodes that will be used in a distributed deployment. After the initial bootstrap process, what state will the Cisco ISE nodes be in? A. Standalone B. Policy service C. Remote D. Administration NO.18 Which error in a redirect ACL can cause the redirection of an endpoint to the provisioning portal to fail? A. The redirect ACL is blocking access to Cisco ISE port 8905. B. The redirect ACL is blocking access to the client provisioning portal. C. The redirect ACL is blocking access to ports 80 and 443. D. The redirect ACL is applied to an incorrect SVI. Answer: C NO.19 Which Cisco IOS IPS risk rating component uses a low value of 75, a medium value of 100, a high value of 150, and a mission-critical value of 200? A. Attack Relevancy Rating B. Watch List Rating C. Signature Fidelity Rating D. Promiscuous Delta E. Target Value Rating F. Attack Severity Rating Answer: E NO.20 In this simulation, you are task to examine the various authentication events using the ISE Get Latest & Valid 300-208 Exam's Question and Answers 5 from Pass4test.com. 5
GUI. For example, you should see events like Authentication succeeded. Authentication failed and etc... Which four statements are correct regarding the event that occurred at 2014-05-07 00:19:07.004? (Choose four.) A. The it1 user machine has been profiled as a Microsoft-Workstation. B. The it1 user supplicant used the PEAP (EAP-MSCHAPv2) authentication method. Get Latest & Valid 300-208 Exam's Question and Answers 6 from Pass4test.com. 6
C. The it1 user was successfully authenticated against AD1 identity store. D. The it1 user was matched to the IT_Corp authorization policy. E. The IT_Corp authorization profile were applied. F. The it1 user was authenticated using MAB. G. The it1 user machine has passed all the posture assessement tests.,b,c,d Explanation Here are the details shown for this event: Get Latest & Valid 300-208 Exam's Question and Answers 7 from Pass4test.com. 7