[2017 New] Free Updated Lead2pass 300-208 Exam Dumps Download (226-250)
2017 August Cisco Official New Released 300-208 Dumps in Lead2pass.com! 100% Free Download! 100% Pass Guaranteed! Are you interested in successfully completing the Cisco 300-208 Certification Then start to earning Salary? Lead2pass has leading edge developed Cisco exam questions that will ensure you pass this 300-208 exam! Lead2pass delivers you the most accurate, current and latest updated 300-208 Certification exam questions and available with a 100% money back guarantee promise! Following questions and answers are all new published by Cisco Official Exam Center: https://www.lead2pass.com/300-208.html 3 1 QUESTION 226
During BYOD flow, where does a Microsoft Windows 8.1 PC download the Network Setup Assistant from? A. from Cisco App Store
B. from Cisco ISE directly
C. from Microsoft App Store
D. It uses the native OTA functionality. Answer: B
QUESTION 227
Which two attributes are delivered by the DHCP probe to the Cisco ISE? (Choose two.)
A. dhcp-client-identifier
B. framed-IP-address
C. host-name
D. calling-station-ID
E. MAC address Answer: AC
QUESTION 228
Which option is the correct redirect-ACL for Wired-CWA, with 10.201.228.76 being the Cisco ISE IP address?
A. ip access-l ex ACL-WEBAUTH-REDIRECT
deny udp any any eq domain
deny ip any host 10.201.228.76
permit tcp any any eq 80
permit tcp any any eq 443
B. ip access-l ex ACL-WEBAUTH-REDIRECT
permit udp any any eq domain
permit ip any host 10.201.228.76
deny tcp any any eq 80
permit tcp any any eq 443
C. ip access-l ex ACL-WEBAUTH-REDIRECT
deny udp any any eq domain
permit tcp any host 10.201.228.76 eq 8443
deny ip any host 10.201.228.76
permit tcp any any eq 80
permit tcp any any eq 443
D. ip access-l ex ACL-WEBAUTH-REDIRECT
permit udp any any eq domain
deny ip any host 10.201.228.76
permit tcp any any eq 80
permit tcp any any eq 443 Answer: B
QUESTION 229
In Cisco ISE 1.3 and above, which two operations are allowed on Endpoint Certificates pages for issued endpoint certificates on the admin portal? (Choose two.)
A. unrevoke
B. delete
C. view
D. export
E. revoke Answer: CE
QUESTION 230
Which statement about the CAK is true?
A. It is the master key that generates the other keys that MACsec requires.
B. Failed MACsec connections fall back to MAB by default.
C. It is the key that is used to discover MACsec peers and perform key negotiation between the peers.
D. It is the secret key that encrypts traffic during the connection.
E. It is the key that is used to negotiate session encryption keys. Answer: A
QUESTION 231
Which remediation type ensures that Automatic Updates configuration is turned on Windows clients per security policy to remediate Windows clients for posture compliance?
A. AS Remediation
B. File Remediation
C. Launch Program Remediation
D. Windows Update Remediation
E. Windows Server Update Services Remediation Answer: D
QUESTION 232
Which command on the switch ensures that the Service-Type attribute is sent with all RADIUS authentication request?
A. radius-server attribute 8 include-in-access-req
B. radius-server attribute 25 access-request include
C. radius-server attribute 6 on-for-login-auth
D. radius-server attribute 31 send nas-port-detail Answer: C
QUESTION 233
Which protocol is EAP encapsulated in for communications between the authenticator and the authentication server?
A. EAP-MD5
B. IPsec
C. EAPOL
D. RADIUS Answer: D
QUESTION 234
Which three of these are features of data plane security on a Cisco ISR? (Choose three)
A. Routing protocol filtering
B. FPM
C. uRPF
D. RBAC
E. CPPr
F. Netflow export Answer: BCF
QUESTION 235
When you are configuring DHCP snooping, how should you classify access ports?
A. untrusted
B. trusted
C. promiscuous
D. private Answer: A
QUESTION 236
When 802.1X is implemented, how do the client (supplicant) and authenticator communicate?
A. RADIUS
B. TACACS+
C. MAB
D. EAPOL Answer: D
QUESTION 237
When performing NAT, which of these is a limitation you need to account for?
A. exhaustion of port number translations
B. embedded IP addresses
C. security payload identifiers
D. inability to provide mutual connectivity to networks with overlapping address spaces Answer: B
QUESTION 238
Which two answers are potential results of an attacker that is performing a DHCP server spoofing attack? (Choose two.)
A. ability to selectively change DHCP options fields of the current DHCP server, such as the giaddr field.
B. DoS
C. excessive number of DHCP discovery requests
D. ARP cache poisoning on the router
E. client unable to access network resources Answer: BE
QUESTION 239
When configuring NAT, which three protocols that are shown may have limitations or complications when using NAT? (Choose three.)
A. Kerberos
B. HTTPS
C. NTP
D. SIP
E. FTP
F. SQL Answer: ADE
QUESTION 240
Which state is a Cisco IOS IPS signature in if it does not take an appropriate associated action even if it has been successfully compiled?
A. retired
B. disabled
C. unsupported
D. inactive Answer: B
QUESTION 241
Which statement best describes inside policy based NAT?
A. Policy NAT rules are those that determine which addresses need to be translated per the enterprise
security policy
B. Policy NAT consists of policy rules based on outside sources attempting to communicate with
inside endpoints.
C. These rules use source addresses as the decision for translation policies.
D. These rules are sensitive to all communicating endpoints. Answer: A QUESTION 242
When Cisco IOS IPS is configured to use SDEE for event notification, how are events managed? A. They are stored in the router's event store and will allow authenticated remote systems to pull
events from the event store.
B. All events are immediately sent to the remote SDEE server.
C. Events are sent via syslog over a secure SSUTLS communications channel.
D. When the event store reaches its maximum configured number of event notifications, the stored
events are sent via SDEE to a remote authenticated server and a new event store is created. Answer: A
QUESTION 243
When is it feasible for a port to be both a guest VLAN and a restricted VLAN?
A. this configuration scenario is never be implemented
B. when you have configured the port for promiscuous mode
C. when private VLANs have been configured to place each end device into different subnets
D. when you want to allow both types of users the same services Answer: D
QUESTION 244
In an 802.1X environment, which feature allows for non-802.1X-supported devices such as printers and fax machines to authenticate?
A. multiauth
B. WebAuth
C. MAB
D. 802.1X guest VLAN Answer: C
QUESTION 245
Which Cisco IOS IPS feature allows to you remove one or more actions from all active signatures based on the attacker and/or target address criteria, as well as the event risk rating criteria?
A. signature event action filters
B. signature event action overrides
C. signature attack severity rating
D. signature event risk rating Answer: A
QUESTION 246
You are troubleshooting reported connectivity issues from remote users who are accessing corporate headquarters via an IPsec VPN connection. What should be your first step in troubleshooting these issues?
A. issue a show crypto isakmp policy command to verify matching policies of the tunnel endpoints
B. ping the tunnel endpoint
C. run a traceroute to verify the tunnel path
D. debug the connection process and look for any error messages in tunnel establishment Answer: B
QUESTION 247
Which of these allows you to add event actions globally based on the risk rating of each event,
without having to configure each signature individually?
A. event action summarization
B. event action filter
C. event action override
D. signature event action processor Answer: C
QUESTION 248
Which Cisco IOS Firewall feature allows the firewall to function as a Layer 2 bridge on the network?
A. zone-based firewall
B. CBAC
C. firewall ACL bypass
D. transparent firewall Answer: D
QUESTION 249
Cisco IOS IPS uses which alerting protocol with a pull mechanism for getting IPS alerts to the network management application?
A. HTTPS
B. SMTP
C. SNMP
D. syslog
E. SDEE
F. POP3 Answer: E
QUESTION 250
When configuring the Auto Update feature for Cisco IOS IPS, what is a recommended best practice?
A. Synchronize the router's clock to the PC before configuring Auto Update.
B. Clear the router's flash of unused signature files.
C. Enable anonymous TFTP downloads from Cisco.com and specify the download frequency.
D. Create the appropriate directory on the router's flash memory to store the downloaded signature files.
E. Download the realm-cisco.pub.key file and update the public key stored on the router. Answer: A All Cisco 300-208 exam questions are the new checked and updated! In recent years, the 300-208 certification has become a global standard for many successful IT companies. Want to become a certified Cisco professional? Download Lead2pass 2017 latest released 300-208 exam dumps full version and pass 300-208 100%! 300-208 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDM1I1WlhIdHJZNjA 2 2017 Cisco 300-208 exam dumps (All 300 Q&As) from Lead2pass: https://www.lead2pass.com/300-208.html 3 1 [100% Exam Pass Guaranteed]
|
