Cisco CCNP Security 300-208 Practical test exercises, free 300-208 exam dumps



exam2pass.com not only provides practical Cisco 300-208 questions, but also provides a detailed answer, exam2pass.com is
the final source of preparation through the Cisco 300-208 Exam. exam2pass 300-208 PDF dumps! Welcome to download the newest
exam2pass 300-208 VCE dumps: https://www.exam2pass.com/300-208.html (356 Q&As)

Exam2pass offers the latest Cisco CCNP Security 300-208 practice test free of charge (25Q&As)

QUESTION 1
A network administrator is seeing a posture status “unknown” for a single corporate machine on the Cisco ISE authentication report, whereas the other machines are reported as “compliant”. Which option is the reason for machine being
reported as “unknown”?
A. Posture agent is not installed on the machine.
B. Posture policy does not support the OS.
C. Posfure compliance condition is missing on the machine.
D. Posture service is disabled on Cisco ISE.
Correct Answer: A
Explanation

QUESTION 2
Where is client traffic decrypted in a controller-based wireless network protected with WPA2 Security?
A. Access Point
B. Switch
C. Wireless LAN Controller
D. Authentication Server
Correct Answer: A
Explanation

QUESTION 3
Which two switchport commands enable MAB and allow non-802.1X capable devices to immediately run through the MAB process? (Choose two.)
A. authentication order mab dot1x
B. authentication order dot1x mab
C. no authentication timer
D. dot1x timeout tx-period
E. authentication open
F. mab
Correct Answer: AF
Explanation
https://www.real4exam.com/C2070-993.html
https://www.real4exam.com/P2070-072.html
QUESTION 4
Which three remediation actions are supported by the Web Agent for Windows? (Choose three.)
A. Automatic Remediation
B. Message text
C. URL Link
D. File Distribution
E. AV definition update
F. Launch Program
Correct Answer: BCD
Explanation

QUESTION 5
When using CA for identity source, which method can be used to provide real-time certificate validation?
A. X.509
B. PKI
C. OCSP
D. CRL
Correct Answer: D
Explanation

QUESTION 6
Which configuration must you perform on a switch to deploy Cisco ISE in low-impact mode?
A. Configure an ingress port ACL on the switchport.
B. Configure DHCP snooping globally.
C. Configure IP-device tracking.
D. Configure BPDU filtering.
Correct Answer: A
Explanation

QUESTION 7
Which command configures console port authorization under line con 0?
A. authorization default|WORD
B. authorization exec line con 0|WORD
C. authorization line con 0|WORD
D. authorization exec default|WORD
Correct Answer: D
Explanation

QUESTION 8
A security engineer has a new TrustSec project and must create a few static security group tag classifications as a proof of concept. Which two classifications can the tags be mapped to? (Choose two.)
A. VLAN
B. user ID
C. interface
D. switch ID
E. MAC address
Correct Answer: AC
Explanation
Explanation/Reference:
Explanation: In static classification the tag maps to some thing (an IP, subnet, VLAN, or interface) rather than relying on an authorization from the Cisco ISE.
This process of assigning the SGT is defined as “classification.” These classifications are thentransported deeper into the network for policy enforcement

QUESTION 9
Which description of the use of low-impact mode in a Cisco ISE deployment is correct?
A. It continues to use the authentication open capabilities of the switch port, which allows traffic to enter the switch before an authentication result.
B. Low-impact mode must be the final phase in deploying Cisco ISE into a network environment using the phased approach.
C. The port does not allow any traffic before the authentication (except for EAP, Cisco Discovery Protocol, and LLDP), and then the port is assigned to specific authorization results after the authentication.
D. It enables authentication (with authentication open), sees exactly which devices fail and which succeed, and corrects the failed authentications before they cause any problems.
Correct Answer: A
Explanation
Explanation/Reference:

QUESTION 10
When you select Centralized Web Auth in the ISE Authorization Profile, which two components host the web authentication portal? (Choose two.)
A. ISE
B. the WLCC. the access point
D. the switch
E. the endpoints
Correct Answer: BD
Explanation

QUESTION 11
Which definition of “posturing” as it relates to a general network infrastructure and access into the internal network is true?
A. The process by which an operating system or application running on an endpoint provides critical information about internet activity being used by the endpoint.
B. The process by which an endpoint device can be monitored while connected to the network to determine if it could contain viruses or potential harmful programs running.
C. The process by which an operating system or application running on an endpoint provides critical information about the software that is actively running on the device.
D. The process when software is uploaded to an end device before it is allowed to gain access to a secure network.
Correct Answer: D
Explanation

QUESTION 12
Which 2 options are functional components of the posture service?
A. Quarantined policy
B. Posture policy
C. Client provisioning
D. Network provisioning
Correct Answer: BC
Explanation

QUESTION 13
Which components must be selected for a client provisioning policy to do a Posture check on the Cisco ISE?
A. Configuration Wizard, Wizard Profile
B. Remediation Actions, Posture Requirements
C. Operating System, Posture Requirements
D. Agent, Profile, Compliance Module
Correct Answer: D
Explanation

QUESTION 14
Which two options can a sponsor select to create bulk guest accounts from the sponsor portal? (Choose two.)
A. Known
B. Random
C. Monthly
D. Imported
E. Daily
F. Yearly
Correct Answer: BD
Explanation

QUESTION 15
Which advanced authentication setting is needed to allow an unknown device to utilize Central WebAuth?
A. If Authentication failed > Continue
B. If Authentication failed > Drop
C. If user not found > Continue
D. If user not found > Reject
Correct Answer: C
Explanation

QUESTION 16
Which three network access devices allow for static security group tag assignment? (Choose three.)
A. intrusion prevention system
B. access layer switch
C. data center access switch
D. load balancer
E. VPN concentrator
F. wireless LAN controller
Correct Answer: BCE
Explanation

QUESTION 17
Which three statements describe differences between TACACS+ and RADIUS? (Choose three.)
A. RADIUS encrypts the entire packet, while TACACS+ encrypts only the password.
B. TACACS+ encrypts the entire packet, while RADIUS encrypts only the password.
C. RADIUS uses TCP, while TACACS+ uses UDP.
D. TACACS+ uses TCP, while RADIUS uses UDP.
E. RADIUS uses ports 1812 and 1813, while TACACS+ uses port 49.
F. TACACS+ uses ports 1812 and 1813, while RADIUS uses port 49
Correct Answer: BDE
Explanation

QUESTION 18
Which protocol is EAP encapsulated in for communications between the authenticator and the authentication server ?
A. EAP-MD5
B. IPSec
C. EAPOL
D. Radius
Correct Answer: D
Explanation

QUESTION 19
exam2pass 300-208 question
Refer to the exhibit. Which authentication method is being used?
A. PEAP-MSCHAP
B. EAP-GTC
C. EAP-TLS
D. PEAP-TLSCorrect Answer: A
Explanation
Explanation/Reference:
These authentication methods are supported with LDAP:
Extensible Authentication Protocol
Generic Token Card (EAP-GTC) Extensible Authentication Protocol
Transport Layer Security (EAP-TLS) Protected Extensible Authentication Protocol
Transport Layer Security (PEAP-)

QUESTION 20
When MAB is configured, how often are ports reauthenticated by default?
A. every 60 seconds
B. every 90 seconds
C. every 120 seconds
D. never
Correct Answer: D
Explanation

QUESTION 21
You discover that the Cisco ISE is failing to connect to the Active Directory server. Which option is a possible cause of the problem?
A. NTP server time synchronization is configured incorrectly.
B. There is a certificate mismatch between Cisco ISE and Active Directory.
C. NAT statements required for Active Directory are configured incorrectly.
D. The RADIUS authentication ports are being blocked by the firewall.
Correct Answer: A
Explanation

QUESTION 22
Which feature must you configure on a switch to allow it to redirect wired endpoints to Cisco ISE?
A. the http secure-server command
B. RADIUS Attribute 29
C. the RADIUS VSA for accounting
D. the RADIUS VSA for URL-REDIRECT
Correct Answer: A
Explanation

QUESTION 23
Which debug command on a Cisco WLC shows the reason that a client session was terminated?
A. debug dot11 state enable
B. debug dot1x packet enable
C. debug client mac addr
D. debug dtls event enable
E. debug ap enable cisco ap
Correct Answer: C
Explanation

QUESTION 24
Which technology performs CoA support Posture Service?
A. External root CA
B. Cisco ACS
C. Cisco ISE
D. Internal root CA
Correct Answer: C
Explanation

QUESTION 25
Which supplicants(s) and server(s) are capable of supporting EAP-CHAINING?
A. Cisco AnyConnect NAM and Cisco Access Control Server
B. Cisco Secure Services Client and Cisco Access Control Server
C. Cisco AnyConnect NAM and Cisco Identity Service Engine
D. Windows Native Supplicant and Cisco Identity Service Engine
Correct Answer: C
Explanation
【Official recommendations】

300-208 SISAS – Cisco: https://www.cisco.com/c/en/us/training-events/training-certifications/exams/current-list/specialist-sisas.html
This exam tests whether a network security engineer knows the components and architecture of secure access, by utilizing 802.1X and
Cisco TrustSec. This exam assesses knowledge of Cisco Identity Services Engine (ISE) architecture, solution, and components as
an overall network threat mitigation and endpoint control solutions. It also includes the fundamental concepts of bring your
own device (BYOD) using posture and profiling services of ISE. Candidates can prepare for this exam by taking the Implementing
Cisco Secure Access Solutions (SISAS) course.
400-251 vce
400-351 vce
Download Latest 300-208 VCE Dumps From Exam2pass: http://www.exam2pass.com/300-208.html
(Exam databases are regularly updated throughout the year to include the latest questions and answers from the Cisco
CCNP Security 300-208 exam)

Deixar uma resposta

O seu endereço de email não será publicado. Campos obrigatórios são marcados com *