2017 July Cisco Official New Released 300-208 Dumps in Lead2pass.com!
100% Free Download! 100% Pass Guaranteed!
Lead2pass is constantly updating 300-208 exam dumps. We will provide our customers with the latest and the most accurate exam questions and answers that cover a comprehensive knowledge point, which will help you easily prepare for 300-208 exam and successfully pass your exam. You just need to spend 20-30 hours on studying the exam dumps.
Following questions and answers are all new published by Cisco Official Exam Center: https://www.lead2pass.com/300-208.html
QUESTION 126
What is a required configuration step for an 802.1X capable switch to support dynamic VLAN and ACL assignments?
A. Configure the VLAN assignment.
B. Configure the ACL assignment.
C. Configure 802.1X authenticator authorization.
D. Configure port security on the switch port.
Answer: C
QUESTION 127
Which network component would issue the CoA?
A. switch
B. endpoint
C. Admin Node
D. Policy Service Node
Answer: D
QUESTION 128
What steps must you perform to deploy a CA-signed identity certificate on an ISE device?
A. 1. Download the CA server certificate and install it on ISE.
2. Generate a signing request and save it as a file.
3. Access the CA server and submit the CA request.
4. Install the issued certificate on the ISE.
B. 1. Download the CA server certificate and install it on ISE.
2. Generate a signing request and save it as a file.
3. Access the CA server and submit the CSR.
4. Install the issued certificate on the CA server.
C. 1. Generate a signing request and save it as a file.
2. Download the CA server certificate and install it on ISE.
3. Access the ISE server and submit the CA request.
4.Install the issued certificate on the CA server.
D. 1. Generate a signing request and save it as a file.
2. Download the CA server certificate and install it on ISE.
3. Access the CA server and submit the CSR.
4. Install the issued certificate on the ISE.
Answer: D
QUESTION 129
An organization has recently deployed ISE with Trustsec capable Cisco switches and would like to allow differentiated network access based on user groups. Which solution is most suitable for achieving these goals?
A. Cyber Threat Defense for user group control by leveraging Netflow exported from the Cisco switches and identity information from ISE
B. MACsec in Multiple-Host Mode in order to encrypt traffic at each hop of the network infrastructure
C. Identity-based ACLs preconfigured on the Cisco switches with user identities provided by ISE
D. Cisco Security Group Access Policies to control access based on SGTs assigned to different user groups
Answer: D
QUESTION 130
Which three are required steps to enable SXP on a Cisco ASA? (Choose three).
A. configure AAA authentication
B. configure password
C. issue the aaa authorization command aaa-server group command
D. configure a peer
E. configure TACACS
F. issue the cts sxp enable command
Answer: BDF
QUESTION 131
Which three network access devices allow for static security group tag assignment? (Choose three.)
A. intrusion prevention system
B. access layer switch
C. data center access switch
D. load balancer
E. VPN concentrator
F. wireless LAN controller
Answer: BCE
QUESTION 132
Which option is required for inline security group tag propagation?
A. Cisco Secure Access Control System
B. hardware support
C. Security Group Tag Exchange Protocol (SXP) v4
D. Cisco Identity Services Engine
Answer: B
QUESTION 133
Which two fields are characteristics of IEEE 802.1AE frame? (Choose two.)
A. destination MAC address
B. source MAC address
C. 802.1AE header in EtherType
D. security group tag in EtherType
E. integrity check value
F. CRC/FCS
Answer: CE
QUESTION 134
Which two options are valid for configuring IEEE 802.1AE MACSec between switches in a TrustSec network? (Choose two.)
A. manually on links between supported switches
B. in the Cisco Identity Services Engine
C. in the global configuration of a TrustSec non-seed switch
D. dynamically on links between supported switches
E. in the Cisco Secure Access Control System
F. in the global configuration of a TrustSec seed switch
Answer: AD
QUESTION 135
Which three pieces of information can be found in an authentication detail report? (Choose three.)
A. DHCP vendor ID
B. user agent string
C. the authorization rule matched by the endpoint
D. the EAP method the endpoint is using
E. the RADIUS username being used
F. failed posture requirement
Answer: CDE
QUESTION 136
Certain endpoints are missing DHCP profiling data.
Which option describes what can be used to determine if DHCP requests from clients are reaching Cisco ISE?
A. output of show interface gigabitEthernet 0 from the CLI
B. output of debug logging all 7 from the CLI
C. output of show logging application profiler.log from the CLI
D. the TCP dump diagnostic tool through the GUI
E. the posture troubleshooting diagnostic tool through the GUI
Answer: D
QUESTION 137
Which debug command on a Cisco WLC shows the reason that a client session was terminated?
A. debug dot11 state enable
B. debug dot1x packet enable
C. debug client mac addr
D. debug dtls event enable
E. debug ap enable cisco ap
Answer: C
QUESTION 138
Which two identity databases are supported when PEAP-MSCHAPv2 is used as EAP type? (Choose two.)
A. Windows Active Directory
B. LDAP
C. RADIUS token server
D. internal endpoint store
E. internal user store
F. certificate authentication profile
G. RSA SecurID
Answer: AE
QUESTION 139
Which two Cisco Catalyst switch interface commands allow only a single voice device and a single data device to be connected to the IEEE 802.1X-enabled interface? (Choose two.)
A. authentication host-mode single-host
B. authentication host-mode multi-domain
C. authentication host-mode multi-host
D. authentication host-mode multi-auth
Answer: AB
QUESTION 140
What are two possible reasons why a scheduled nightly backup of ISE to a FTP repository would fail? (Choose two.)
A. ISE attempted to write the backup to an invalid path on the FTP server.
B. The ISE and FTP server clocks are out of sync.
C. The username and password for the FTP server are invalid.
D. The server key is invalid or misconfigured.
E. TCP port 69 is disabled on the FTP server.
Answer: AC
QUESTION 141
Which two statements about MAB are true? (Choose two.)
A. It requires a preexisting database of the MAC addresses of permitted devices.
B. It is unable to control network access at the edge.
C. If MAB fails, the device is unable to fall back to another authentication method.
D. It is unable to link the IP and MAC addresses of a device.
E. It is unable to authenticate individual users.
Answer: AE
QUESTION 142
Which type of access list is the most scalable that Cisco ISE can use to implement network authorization enforcement for a large number of users?
A. downloadable access lists
B. named access lists
C. VLAN access lists
D. MAC address access lists
Answer: A
QUESTION 143
When you select Centralized Web Auth in the ISE Authorization Profile, which two components host the web authentication portal? (Choose two.)
A. ISE
B. the WLC
C. the access point
D. the switch
E. the endpoints
Answer: BD
QUESTION 144
What is the default posture status for non-agent capable devices, such as Linux and iDevices?
A. Unknown
B. Validated
C. Default
D. Compliant
Answer: D
QUESTION 145
Your guest-access wireless network is experiencing degraded performance and excessive latency due to user saturation. Which type of rate limiting can you implement on your network to correct the problem?
A. per-device
B. per-policy
C. per-access point
D. per-controller
E. per-application
Answer: A
QUESTION 146
You are installing Cisco ISE on nodes that will be used in a distributed deployment. After the initial bootstrap process, what state will the Cisco ISE nodes be in?
A. Remote
B. Policy service
C. Administration
D. Standalone
Answer: D
QUESTION 147
What three changes require restarting the application service on an ISE node? (Choose three.)
A. Registering a node.
B. Changing the primary node to standalone.
C. Promoting the administration node.
D. Installing the root CA certificate.
E. Changing the guest portal default port settings.
F. Adding a network access device.
Answer: ABC
QUESTION 148
Which default identity source is used by the MyDevices_Portal_Sequence identity source sequence?
A. internal users
B. guest users
C. Active Directory
D. internal endpoints
E. RADIUS servers
Answer: A
QUESTION 149
What EAP method supports mutual certificate-based authentication?
A. EAP-TTLS
B. EAP-MSCHAP
C. EAP-TLS
D. EAP-MD5
Answer: C
QUESTION 150
Which two Active Directory authentication methods are supported by Cisco ISE? (Choose two.)
A. MS-CHAPv2
B. PEAP
C. PPTP
D. EAP-PEAP
E. PPP
Answer: AB
Lead2pass is no doubt your best choice. Using the Cisco 300-208 exam dumps can let you improve the efficiency of your studying so that it can help you save much more time.
300-208 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDM1I1WlhIdHJZNjA
2017 Cisco 300-208 exam dumps (All 300 Q&As) from Lead2pass:
https://www.lead2pass.com/300-208.html [100% Exam Pass Guaranteed]