web analytics

100% Pass IT Exam By Training Lead2pass New VCE And PDF Dumps

100% Pass Lead2pass Practice Test Free Version

2017 July Cisco Official New Released 300-208 Dumps in Lead2pass.com!

100% Free Download! 100% Pass Guaranteed!

Lead2pass is constantly updating 300-208 exam dumps. We will provide our customers with the latest and the most accurate exam questions and answers that cover a comprehensive knowledge point, which will help you easily prepare for 300-208 exam and successfully pass your exam. You just need to spend 20-30 hours on studying the exam dumps.

Following questions and answers are all new published by Cisco Official Exam Center: https://www.lead2pass.com/300-208.html

What is a required configuration step for an 802.1X capable switch to support dynamic VLAN and ACL assignments?

A.    Configure the VLAN assignment.
B.    Configure the ACL assignment.
C.    Configure 802.1X authenticator authorization.
D.    Configure port security on the switch port.

Answer: C

Which network component would issue the CoA?

A.    switch
B.    endpoint
C.    Admin Node
D.    Policy Service Node

Answer: D

What steps must you perform to deploy a CA-signed identity certificate on an ISE device?

A.    1. Download the CA server certificate and install it on ISE.
2. Generate a signing request and save it as a file.
3. Access the CA server and submit the CA request.
4. Install the issued certificate on the ISE.
B.    1. Download the CA server certificate and install it on ISE.
2. Generate a signing request and save it as a file.
3. Access the CA server and submit the CSR.
4. Install the issued certificate on the CA server.
C.    1. Generate a signing request and save it as a file.
2. Download the CA server certificate and install it on ISE.
3. Access the ISE server and submit the CA request.
4.Install the issued certificate on the CA server.
D.    1. Generate a signing request and save it as a file.
2. Download the CA server certificate and install it on ISE.
3. Access the CA server and submit the CSR.
4. Install the issued certificate on the ISE.

Answer: D

An organization has recently deployed ISE with Trustsec capable Cisco switches and would like to allow differentiated network access based on user groups. Which solution is most suitable for achieving these goals?

A.    Cyber Threat Defense for user group control by leveraging Netflow exported from the Cisco switches and identity information from ISE
B.    MACsec in Multiple-Host Mode in order to encrypt traffic at each hop of the network infrastructure
C.    Identity-based ACLs preconfigured on the Cisco switches with user identities provided by ISE
D.    Cisco Security Group Access Policies to control access based on SGTs assigned to different user groups

Answer: D

Which three are required steps to enable SXP on a Cisco ASA? (Choose three).

A.    configure AAA authentication
B.    configure password
C.    issue the aaa authorization command aaa-server group command
D.    configure a peer
E.    configure TACACS
F.    issue the cts sxp enable command

Answer: BDF

Which three network access devices allow for static security group tag assignment? (Choose three.)

A.    intrusion prevention system
B.    access layer switch
C.    data center access switch
D.    load balancer
E.    VPN concentrator
F.    wireless LAN controller

Answer: BCE

Which option is required for inline security group tag propagation?

A.    Cisco Secure Access Control System
B.    hardware support
C.    Security Group Tag Exchange Protocol (SXP) v4
D.    Cisco Identity Services Engine

Answer: B

Which two fields are characteristics of IEEE 802.1AE frame? (Choose two.)

A.    destination MAC address
B.    source MAC address
C.    802.1AE header in EtherType
D.    security group tag in EtherType
E.    integrity check value

Answer: CE

Which two options are valid for configuring IEEE 802.1AE MACSec between switches in a TrustSec network? (Choose two.)

A.    manually on links between supported switches
B.    in the Cisco Identity Services Engine
C.    in the global configuration of a TrustSec non-seed switch
D.    dynamically on links between supported switches
E.    in the Cisco Secure Access Control System
F.    in the global configuration of a TrustSec seed switch

Answer: AD

Which three pieces of information can be found in an authentication detail report? (Choose three.)

A.    DHCP vendor ID
B.    user agent string
C.    the authorization rule matched by the endpoint
D.    the EAP method the endpoint is using
E.    the RADIUS username being used
F.    failed posture requirement

Answer: CDE

Certain endpoints are missing DHCP profiling data.
Which option describes what can be used to determine if DHCP requests from clients are reaching Cisco ISE?

A.    output of show interface gigabitEthernet 0 from the CLI
B.    output of debug logging all 7 from the CLI
C.    output of show logging application profiler.log from the CLI
D.    the TCP dump diagnostic tool through the GUI
E.    the posture troubleshooting diagnostic tool through the GUI

Answer: D

Which debug command on a Cisco WLC shows the reason that a client session was terminated?

A.    debug dot11 state enable
B.    debug dot1x packet enable
C.    debug client mac addr
D.    debug dtls event enable
E.    debug ap enable cisco ap

Answer: C

Which two identity databases are supported when PEAP-MSCHAPv2 is used as EAP type? (Choose two.)

A.    Windows Active Directory
B.    LDAP
C.    RADIUS token server
D.    internal endpoint store
E.    internal user store
F.    certificate authentication profile
G.    RSA SecurID

Answer: AE

Which two Cisco Catalyst switch interface commands allow only a single voice device and a single data device to be connected to the IEEE 802.1X-enabled interface? (Choose two.)

A.    authentication host-mode single-host
B.    authentication host-mode multi-domain
C.    authentication host-mode multi-host
D.    authentication host-mode multi-auth

Answer: AB

What are two possible reasons why a scheduled nightly backup of ISE to a FTP repository would fail? (Choose two.)

A.    ISE attempted to write the backup to an invalid path on the FTP server.
B.    The ISE and FTP server clocks are out of sync.
C.    The username and password for the FTP server are invalid.
D.    The server key is invalid or misconfigured.
E.    TCP port 69 is disabled on the FTP server.

Answer: AC

Which two statements about MAB are true? (Choose two.)

A.    It requires a preexisting database of the MAC addresses of permitted devices.
B.    It is unable to control network access at the edge.
C.    If MAB fails, the device is unable to fall back to another authentication method.
D.    It is unable to link the IP and MAC addresses of a device.
E.    It is unable to authenticate individual users.

Answer: AE

Which type of access list is the most scalable that Cisco ISE can use to implement network authorization enforcement for a large number of users?

A.    downloadable access lists
B.    named access lists
C.    VLAN access lists
D.    MAC address access lists

Answer: A

When you select Centralized Web Auth in the ISE Authorization Profile, which two components host the web authentication portal? (Choose two.)

A.    ISE
B.    the WLC
C.    the access point
D.    the switch
E.    the endpoints

Answer: BD

What is the default posture status for non-agent capable devices, such as Linux and iDevices?

A.    Unknown
B.    Validated
C.    Default
D.    Compliant

Answer: D

Your guest-access wireless network is experiencing degraded performance and excessive latency due to user saturation. Which type of rate limiting can you implement on your network to correct the problem?

A.    per-device
B.    per-policy
C.    per-access point
D.    per-controller
E.    per-application

Answer: A

You are installing Cisco ISE on nodes that will be used in a distributed deployment. After the initial bootstrap process, what state will the Cisco ISE nodes be in?

A.    Remote
B.    Policy service
C.    Administration
D.    Standalone

Answer: D

What three changes require restarting the application service on an ISE node? (Choose three.)

A.    Registering a node.
B.    Changing the primary node to standalone.
C.    Promoting the administration node.
D.    Installing the root CA certificate.
E.    Changing the guest portal default port settings.
F.    Adding a network access device.

Answer: ABC

Which default identity source is used by the MyDevices_Portal_Sequence identity source sequence?

A.    internal users
B.    guest users
C.    Active Directory
D.    internal endpoints
E.    RADIUS servers

Answer: A

What EAP method supports mutual certificate-based authentication?

D.    EAP-MD5

Answer: C

Which two Active Directory authentication methods are supported by Cisco ISE? (Choose two.)

A.    MS-CHAPv2
B.    PEAP
C.    PPTP
E.    PPP

Answer: AB

Lead2pass is no doubt your best choice. Using the Cisco 300-208 exam dumps can let you improve the efficiency of your studying so that it can help you save much more time.

300-208 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDM1I1WlhIdHJZNjA

2017 Cisco 300-208 exam dumps (All 300 Q&As) from Lead2pass:

https://www.lead2pass.com/300-208.html [100% Exam Pass Guaranteed]

July 13th, 2017

Posted In: 300-208 Dumps, 300-208 Exam Questions, 300-208 New Questions, 300-208 PDF, 300-208 VCE, Cisco Exam

Tags: , , , , , , ,