2017 July Cisco Official New Released 300-208 Dumps in Lead2pass.com!
100% Free Download! 100% Pass Guaranteed!
In recent years, many people choose to take Cisco 300-208 certification exam which can make you get the Cisco certificate and that is the passport to get a better job and get promotions. How to prepare for Cisco 300-208 exam and get the certificate? Please refer to Cisco 300-208 exam questions and answers on Lead2pass.
Following questions and answers are all new published by Cisco Official Exam Center: https://www.lead2pass.com/300-208.html
QUESTION 101
A network administrator needs to determine the ability of existing network devices to deliver key BYOD services. Which tool will complete a readiness assessment and outline hardware and software capable and incapable devices?
A. Prime Infrastructure
B. Network Control System
C. Cisco Security Manager
D. Identity Services Engine
Answer: A
QUESTION 102
Which EAP method uses a modified version of the MS-CHAP authentication protocol?
A. EAP-POTP
B. EAP-TLS
C. LEAP
D. EAP-MD5
Answer: C
QUESTION 103
Under which circumstance would an inline posture node be deployed?
A. When the NAD does not support CoA
B. When the NAD cannot support the number of connected endpoints
C. When a PSN is overloaded
D. To provide redundancy for a PSN
Answer: A
QUESTION 104
Which Cisco ISE 1.x protocol can be used to control admin access to network access devices?
A. TACACS+
B. RADIUS
C. EAP
D. Kerberos
Answer: A
QUESTION 105
A user is on a wired connection and the posture status is noncompliant.
Which state will their EPS session be placed in?
A. disconnected
B. limited
C. no access
D. quarantined
Answer: D
QUESTION 106
Which three posture states can be used for authorization rules? (Choose three.)
A. unknown
B. known
C. noncompliant
D. quarantined
E. compliant
F. no access
G. limited
Answer: ACE
QUESTION 107
Which two Cisco ISE administration options are available in the Default Posture Status setting? (Choose two.)
A. Unknown
B. Compliant
C. FailOpen
D. FailClose
E. Noncompliant
Answer: BE
QUESTION 108
Which two portals can be configured to use portal FQDN? (Choose two.)
A. admin
B. sponsor
C. guest
D. my devices
E. monitoring and troubleshooting
Answer: BD
QUESTION 109
Which five portals are provided by PSN? (Choose five.)
A. guest
B. sponsor
C. my devices
D. blacklist
E. client provisioning
F. admin
G. monitoring and troubleshooting
Answer: ABCDE
QUESTION 110
When you add a new PSN for guest access services, which two options must be enabled under deployment settings? (Choose two.)
A. Admin
B. Monitoring
C. Policy Service
D. Session Services
E. Profiling
Answer: CD
QUESTION 111
In Cisco ISE, which probe must be enabled to collect profiling data using Device Sensor?
A. RADIUS
B. SNMPQuery
C. SNMPTrap
D. Network Scan
E. Syslog
Answer: A
QUESTION 112
Which two profile attributes can be collected by a Cisco Catalyst Switch that supports Device Sensor? (Choose two.)
A. LLDP agent information
B. user agent
C. DHCP options
D. open ports
E. operating system
F. trunk ports
Answer: AC
QUESTION 113
Which two profile attributes can circumstance would an inline posture node LAN Controller that supports Device Sensor? (Choose two.)
A. LLDP agent information
B. user agent
C. DHCP options
D. open ports
E. CDP agent information
F. FQDN
Answer: BC
QUESTION 114
Which statement about Cisco ISE BYOD is true?
A. Dual SSID allows EAP-TLS only when connecting to the secured SSID.
B. Single SSID does not require endpoints to be registered.
C. Dual SSID allows BYOD for guest users.
D. Single SSID utilizes open SSID to accommodate different types of users.
E. Single SSID allows PEAP-MSCHAPv2 for native supplicant provisioning.
Answer: E
QUESTION 115
Which two types of client provisioning resources are used for BYOD implementations? (Choose two.)
A. user agent
B. Cisco NAC agent
C. native supplicant profiles
D. device sensor
E. software provisioning wizards
Answer: CE
QUESTION 116
Which protocol sends authentication and accounting in different requests?
A. RADIUS
B. TACACS+
C. EAP-Chaining
D. PEAP
E. EAP-TLS
Answer: B
QUESTION 117
You enabled the guest session limit feature on the Cisco ISE. However, end users report that the same guest can log in from multiple devices simultaneously.
Which configuration is missing on the network access device?
A. RADIUS authentication
B. RADIUS accounting
C. DHCP required
D. AAA override
Answer: B
QUESTION 118
A properly configured Cisco ISE Policy Service node is not receiving any profile data from a Cisco switch that runs Device Sensor.
Which option is the most likely reason for the failure?
A. Syslog is configured for the Policy Administration Node.
B. RADIUS Accounting is disabled.
C. The SNMP community strings are mismatched.
D. RADIUS Authentication is misconfigured.
E. The connected endpoints support CDP but not DHCP.
Answer: B
QUESTION 119
Drag and Drop Question
Answer:
QUESTION 120
The NAC Agent v4.9.x uses which ports and protocols to communicate with an ISE Policy Service Node?
A. tcp/8905, http/80, ftp/21
B. tcp/8905, http/80, https/443
C. udp/8905, telnet/23, https/443
D. udp/8906, http/80, https/443
Answer: B
QUESTION 121
Which two are valid ISE posture conditions? (Choose two.)
A. Dictionary
B. memberOf
C. Profile status
D. File
E. Service
Answer: DE
QUESTION 122
A network engineer is configuring HTTP based CWA on a switch. Which three configuration elements are required? (Choose three.)
A. HTTP server enabled
B. Radius authentication on the port with MAB
C. Redirect access-list
D. Redirect-URL
E. HTTP secure server enabled
F. Radius authentication on the port with 802.1x
G. Pre-auth port based access-list
Answer: ABC
QUESTION 123
Which three statements describe differences between TACACS+ and RADIUS? (Choose three.)
A. RADIUS encrypts the entire packet, while TACACS+ encrypts only the password.
B. TACACS+ encrypts the entire packet, while RADIUS encrypts only the password.
C. RADIUS uses TCP, while TACACS+ uses UDP.
D. TACACS+ uses TCP, while RADIUS uses UDP.
E. RADIUS uses ports 1812 and 1813, while TACACS+ uses port 49.
F. TACACS+ uses ports 1812 and 1813, while RADIUS uses port 49
Answer: BDE
QUESTION 124
Which two identity store options allow you to authorize based on group membership? (Choose two).
A. Lightweight Directory Access Protocol
B. RSA SecurID server
C. RADIUS
D. Active Directory
Answer: AD
QUESTION 125
What attribute could be obtained from the SNMP query probe?
A. FQDN
B. CDP
C. DHCP class identifier
D. User agent
Answer: B
Lead2pass is a good website that provides all candidates with the latest IT certification exam materials. Lead2pass will provide you with the exam questions and verified answers that reflect the actual exam. The Cisco 300-208 exam dumps are developed by experienced IT professionals. 99.9% of hit rate. Guarantee you success in your 300-208 exam with our exam materials.
300-208 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDM1I1WlhIdHJZNjA
2017 Cisco 300-208 exam dumps (All 300 Q&As) from Lead2pass:
https://www.lead2pass.com/300-208.html [100% Exam Pass Guaranteed]