DumpsFree http://www.dumpsfree.com DumpsFree provide high-quality Dumps VCE & dumps demo free download
Exam : 300-208 Title : Implementing Cisco Secure Access Solutions Vendor : Cisco Version : DEMO Get Latest & Valid 300-208 Exam's Question and Answers 1 from Dumpsfree.com. 1
NO.1 Which feature must you configure on a switch to allow it to redirect wired endpoints to Cisco ISE? A. the http secure-server command B. the RADIUS VSA for accounting C. the RADIUS VSA for URL-REDIRECT D. RADIUS Attribute 29 Answer: A NO.2 Which protocol is EAP encapsulated in for communications between the authenticator and the authentication server? A. EAP-MD5 B. Radius C. EAPOL D. IPSec NO.3 In AAA, what function does authentication perform? A. It identifies the actions that a user has previously taken. B. It identifies the actions that the user can perform on the device. C. It identifies the user who is trying to access a device. D. It identifies what the user can access. NO.4 A security engineer must create an Antivirus remediation policy within Cisco ISE. Which two options can the engineer select in the new Antivirus remediation policy? (Choose two.) A. uniform resource locator B. Antivirus vendor name C. program installation path D. file to upload E. operating system,e NO.5 Which two components are required for creating native supplicant profile? (Choose two.) A. BYOD B. Connection type wired/wireless C. Ios Sutten D. Operating System,D NO.6 In an 802.1X authorization process, a network access device provides which three functions? (Choose three.) A. Filters traffic prior to authentication B. Enforces policy provided by authentication server Get Latest & Valid 300-208 Exam's Question and Answers 2 from Dumpsfree.com. 2
C. Validates authentication credentials D. Hosts a central web authentication page E. Passes credentials to authentication server F. Confirms supplicant protocol compliance Answer: A,B,E NO.7 Which mechanism does Cisco ISE use to force a device off the network if it is reported lost or stolen? A. SGACL B. certificate revocation C. CoA D. dynamic ACLs NO.8 Which of these allows you to add event actions globally based on the risk rating of each event, without having to configure each signature individually? A. event action filter B. event action summarization C. event action override D. signature event action processor NO.9 Which two Active Directory authentication methods are supported by Cisco ISE? (Choose two.) A. PPP B. PPTP C. MS-CHAPv2 D. EAP-PEAP E. PEAP,E NO.10 Which identity store option allows you to modify the directory services that run on TCP/IP? A. RADIUS B. RSA SecurID server C. Lightweight Directory Access Protocol D. Active Directory NO.11 What are the initial steps to configure an ACS as a TACACS server? A. 1. Choose Network Resources > Network Devices and AAA Clients.2. Click Manage. B. 1. Choose Network Devices and AAA Clients > Network Resources.2. Click Create. C. 1. Choose Network Resources > Network Devices and AAA Clients.2. Click Create. D. 1. Choose Network Devices and AAA Clients > Network Resources.2. Click Install. Get Latest & Valid 300-208 Exam's Question and Answers 3 from Dumpsfree.com. 3
NO.12 A network security engineer is considering configuring 802.1x port authentication such that a single host is allowed to be authenticated for data and another single host for voice. Which port authentication host mode can be used to achieve this configuration? A. single-host B. multihost C. multidomain D. multauth NO.13 Which WLC debug command would be used to troubleshoot authentication issues on a 802. 1X enabled WLAN? A. debug wps mfp Iwapp B. debug dot1x events C. debug dot11 state D. debug dot11 aaa manager all NO.14 An ISE1.3 environment, which path does a network engineer use to set up a self-registered guest portal? A. Security > Access Control Lists > Guest Portals B. Guest Access > Configure > Guest Portals C. Policy > Settings > Guest Portals D. Policy > Authorization > Guest Portals Reference: https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/118742-configureise-00.html NO.15 What are two possible reasons why a scheduled nightly backup of ISE to a FTP repository would fail? (Choose two.) A. The ISE and FTP server clocks are out of sync. B. The username and password for the FTP server are invalid. C. The server key is invalid or misconfigured. D. ISE attempted to write the backup to an invalid path on the FTP server. E. TCP port 69 is disabled on the FTP server.,d NO.16 Which action is a Cisco recommended practice while attempting to increase efficiency on the monitoring nodes? A. Back up data and transfer to a remote repository on regular basis B. Compress the data regularly C. Re-index the data on a regular basis. Get Latest & Valid 300-208 Exam's Question and Answers 4 from Dumpsfree.com. 4
D. Remove endpoints when not active. Answer: A Reference: https://www.cisco.com/c/en/us/td/docs/security/ise/1-4/admin_guide/b_ise_admin_guide_14/b_ise_admin_guide NO.17 Why would a Cisco ISE not receive profiling data? A. SNMP community is not matched. B. RADIUS accounting is not enabled. C. SNMP version is not matched. D. RADIUS authentication is not enabled. NO.18 Which three network access devices allow for static security group tag assignment? (Choose three.) A. load balancer B. VPN concentrator C. access layer switch D. intrusion prevention system E. data center access switch F. wireless LAN controller,c,e NO.19 A security engineer must provision dynamic TrustSec classifications. Which two classification options must the engineer select to accomplish this task? (Choose two.) A. 802.1X B. MAB C. interface D. IP subnet E. VLAN Answer: A,B Reference: https://www.cisco.com/c/dam/en/us/solutions/collateral/borderless-networks/trustsec/c07-730151-00_overview_ page 11 NO.20 When you configure a Cisco WLC, which task must you perform to enable central web authentication? A. Set the NAC State option to None B. Set the Layer 2 ACL option to None. C. Set the NAC State option to SNMP NAC D. Set the NAC State option to RADIUS NAC Answer: D Get Latest & Valid 300-208 Exam's Question and Answers 5 from Dumpsfree.com. 5