[2017 New] 300-208 New Questions Free Download In Lead2pass (26-50)
2017 July Cisco Official New Released 300-208 Dumps in Lead2pass.com! 100% Free Download! 100% Pass Guaranteed! Pass 300-208 exam with the latest Lead2pass 300-208 dumps: Lead2pass 300-208 exam questions and answers in PDF are prepared by our experts. Moreover, they are based on the recommended syllabus that covering all the 300-208 exam objectives. Following questions and answers are all new published by Cisco Official Exam Center: https://www.lead2pass.com/300-208.html 3 1 QUESTION 26
Which statement about Cisco Management Frame Protection is true? A. It enables stations to remain in power-save mode, except at specified intervals to receive data
from the access point.
B. It detects spoofed MAC addresses.
C. It identifies potential RF jamming attacks.
D. It protects against frame and device spoofing. Answer: D
QUESTION 27
Which three statements about the Cisco wireless IPS solution are true? (Choose three.)
A. It enables stations to remain in power-save mode, except at specified intervals to receive data from
the access point.
B. It detects spoofed MAC addresses.
C. It identifies potential RF jamming attacks.
D. It protects against frame and device spoofing.
E. It allows the WLC to failover because of congestion. Answer: BCD
QUESTION 28
In a basic ACS deployment consisting of two servers, for which three tasks is the primary server responsible? (Choose three.)
A. configuration
B. authentication
C. sensing
D. policy requirements
E. monitoring
F. repudiation Answer: ABD
QUESTION 29
In a split ACS deployment with primary and secondary servers, which three statements about AAA load handling are true? (Choose three.)
A. During normal operations, each server processes the full workload of both servers.
B. If a AAA connectivity problem occurs, the servers split the full load of authentication requests.
C. If a AAA connectivity problem occurs, each server processes the full workload of both servers.
D. During normal operations, the servers split the full load of authentication requests.
E. During normal operations, each server is used for specific operations, such as device administration
and network admission.
F. The primary servers are used to distribute policy information to other servers in the enterprise. Answer: CDE
QUESTION 30
Which three personas can a Cisco ISE assume in a deployment? (Choose three.)
A. connection
B. authentication
C. administration
D. testing
E. policy service
F. monitoring Answer: CEF
QUESTION 31
Which three components comprise the Cisco ISE profiler? (Choose three.)
A. the sensor, which contains one or more probes
B. the probe manager
C. a monitoring tool that connects to the Cisco ISE
D. the trigger, which activates ACLs
E. an analyzer, which uses configured policies to evaluate endpoints
F. a remitter tool, which fails over to redundant profilers Answer: ABE
QUESTION 32
Which three statements about the Cisco ISE profiler are true? (Choose three.)
A. It sends endpoint data to AAA servers.
B. It collects endpoint attributes.
C. It stores MAC addresses for endpoint systems.
D. It monitors and polices router and firewall traffic.
E. It matches endpoints to their profiles.
F. It stores endpoints in the Cisco ISE database with their profiles. Answer: BEF
QUESTION 33
From which location can you run reports on endpoint profiling?
A. Reports > Operations > Catalog > Endpoint
B. Operations > Reports > Catalog > Endpoint
C. Operations > Catalog > Reports > Endpoint
D. Operations > Catalog > Endpoint Answer: B
QUESTION 34
Which two services are included in the Cisco ISE posture service? (Choose two.)
A. posture administration
B. posture run-time
C. posture monitoring
D. posture policing
E. posture catalog Answer: AB
QUESTION 35
What is a requirement for posture administration services in Cisco ISE?
A. at least one Cisco router to store Cisco ISE profiling policies
B. Cisco NAC Agents that communicate with the Cisco ISE server
C. an ACL that points traffic to the Cisco ISE deployment
D. the advanced license package must be installed Answer: D
QUESTION 36
Which two statements about Cisco NAC Agents that are installed on clients that interact with the Cisco ISE profiler are true? (Choose two.)
A. They send endpoint data to AAA servers.
B. They collect endpoint attributes.
C. They interact with the posture service to enforce endpoint security policies.
D. They block access from the network through noncompliant endpoints.
E. They store endpoints in the Cisco ISE with their profiles.
F. They evaluate clients against posture policies, to enforce requirements. Answer: CF
QUESTION 37
What steps must you perform to deploy a CA-signed identify certificate on an ISE device?
A. 1. Download the CA server certificate.
2. Generate a signing request and save it as a file.
3. Access the CA server and submit the ISE request.
4. Install the issued certificate on the ISE.
B. 1. Download the CA server certificate.
2. Generate a signing request and save it as a file.
3. Access the CA server and submit the ISE request.
4. Install the issued certificate on the CA server.
C. 1. Generate a signing request and save it as a file.
2. Download the CA server certificate.
3. Access the ISE server and submit the CA request.
4.Install the issued certificate on the CA server.
D. 1. Generate a signing request and save it as a file.
2. Download the CA server certificate.
3. Access the CA server and submit the ISE request.
4. Install the issued certificate on the ISE. Answer: D
QUESTION 38
What implementation must be added to the WLC to enable 802.1X and CoA for wireless endpoints?
A. the ISE
B. an ACL
C. a router
D. a policy server Answer: A
QUESTION 39
What are the initial steps must you perform to add the ISE to the WLC?
A. 1. With a Web browser, establish an HTTP connection to the WLC pod.
2, Navigate to Administration > Authentication > New.
3. Enter server values to begin the configuration.
B. 1. With a Web browser, establish an FTP connection to the WLC pod.
2. Navigate to Security > Administration > New.
3. Add additional security features for FTP authentication.
C. 1. With a Web browser, establish an HTTP connection to the WLC pod.
2. Navigate to Authentication > New.
3. Enter ACLs and Authentication methods to begin the configuration.
D. 1. With a Web browser connect, establish an HTTPS connection to the WLC pod.
2. Navigate to Security > Authentication > New.
3. Enter server values to begin the configuration. Answer: D
QUESTION 40
Which command configures console port authorization under line con 0?
A. authorization default|WORD
B. authorization exec line con 0|WORD
C. authorization line con 0|WORD
D. authorization exec default|WORD Answer: D
QUESTION 41
Which two statements about administrative access to the ACS Solution Engine are true? (Choose two.)
A. The ACS Solution Engine supports command-line connections through a serial-port connection.
B. For GUI access, an administrative GUI user must be created with the add-guiadmin command.
C. The ACS Solution Engine supports command-line connections through an Ethernet interface.
D. An ACL-based policy must be configured to allow administrative-user access.
E. GUI access to the ACS Solution Engine is not supported. Answer: BD
QUESTION 42
What is the purpose of the Cisco ISE Guest Service Sponsor Portal?
A. It tracks and stores user activity while connected to the Cisco ISE.
B. It securely authenticates guest users for the Cisco ISE Guest Service.
C. It filters guest users from account holders to the Cisco ISE.
D. It creates and manages Guest User accounts. Answer: D
QUESTION 43
What is the effect of the ip http secure-server command on a Cisco ISE?
A. It enables the HTTP server for users to connect on the command line.
B. It enables the HTTP server for users to connect using Web-based authentication.
C. It enables the HTTPS server for users to connect using Web-based authentication.
D. It enables the HTTPS server for users to connect on the command line. Answer: C
QUESTION 44
When RADIUS NAC and AAA Override are enabled for WLC on a Cisco ISE, which two statements about RADIUS NAC are true? (Choose two.)
A. It will return an access-accept and send the redirection URL for all users.
B. It establishes secure connectivity between the RADIUS server and the ISE.
C. It allows the ISE to send a CoA request that indicates when the user is authenticated.
D. It is used for posture assessment, so the ISE changes the user profile based on posture result.
E. It allows multiple users to authenticate at the same time. Answer: CD
QUESTION 45
What are the initial steps to configure an ACS as a TACACS server?
A. 1. Choose Network Devices and AAA Clients > Network Resources.
2. Click Create.
B. 1. Choose Network Resources > Network Devices and AAA Clients.
2. Click Create.
C. 1. Choose Network Resources > Network Devices and AAA Clients.
2. Click Manage.
D. 1. Choose Network Devices and AAA Clients > Network Resources.
2. Click Install. Answer: B
QUESTION 46
Which two statements about administrative access to the Cisco Secure ACS SE are true? (Choose two.)
A. The Cisco Secure ACS SE supports command-line connections through a serial-port connection.
B. For GUI access, an administrative GUI user must be created by using the add-guiadmin command.
C. The Cisco Secure ACS SE supports command-line connections through an Ethernet interface.
D. An ACL-based policy must be configured to allow administrative-user access.
E. GUI access to the Cisco Secure ASC SE is not supported. Answer: BD
QUESTION 47
When RADIUS NAC and AAA Override are enabled for a WLC on a Cisco ISE, which two statements about RADIUS NAC are true? (Choose two.)
A. It returns an access-accept and sends the redirection URL for all users.
B. It establishes secure connectivity between the RADIUS server and the Cisco ISE.
C. It allows the Cisco ISE to send a CoA request that indicates when the user is authenticated.
D. It is used for posture assessment, so the Cisco ISE changes the user profile based on posture result.
E. It allows multiple users to authenticate at the same time. Answer: CD
QUESTION 48
In the command 'aaa authentication default group tacacs local', how is the word 'default' defined?
A. Command set
B. Group name
C. Method list
D. Login type Answer: C
QUESTION 49
In an 802.1X authorization process, a network access device provides which three functions? (Choose three.)
A. Filters traffic prior to authentication
B. Passes credentials to authentication server
C. Enforces policy provided by authentication server
D. Hosts a central web authentication page
E. Confirms supplicant protocol compliance
F. Validates authentication credentials Answer: ABC
QUESTION 50
Which two switchport commands enable MAB and allow non-802.1X capable devices to immediately run through the MAB process? (Choose two.)
A. authentication order mab dot1x
B. authentication order dot1x mab
C. no authentication timer
D. dot1x timeout tx-period
E. authentication open
F. mab Answer: AF Comparing with others', you will find our 300-208 exam questions are more helpful and precise since all the 300-208 exam content is regularly updated and has been checked for accuracy by our team of Cisco expert professionals. 300-208 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDM1I1WlhIdHJZNjA 2 2017 Cisco 300-208 exam dumps (All 300 Q&As) from Lead2pass: https://www.lead2pass.com/300-208.html 3 1 [100% Exam Pass Guaranteed]
|
