This page was exported from Lead2pass New Updated Exam Questions [ https://www.getfreevce.com ] Export date:Sun Dec 22 12:13:17 2024 / +0000 GMT ___________________________________________________ Title: [2017 New] Easily Pass 300-208 Exam With Lead2pass New 300-208 VCE And PDF Dumps (201-225) --------------------------------------------------- 2017 August Cisco Official New Released 300-208 Dumps in Lead2pass.com! 100% Free Download! 100% Pass Guaranteed! The Cisco 300-208 exam is a very hard exam to successfully pass. Here you will find free Lead2pass Cisco practice sample exam test questions that will help you prepare in passing the 300-208 exam. Lead2pass Guarantees you 100% pass exam 300-208. Following questions and answers are all new published by Cisco Official Exam Center: https://www.lead2pass.com/300-208.html QUESTION 201Refer to the exhibit. In a distributed deployment of Cisco ISE, which column in Figure 1 is used to fill in the Host Name field in Figure 2 to collect captures on Cisco ISE while authenticating the specific endpoint?   A.    ServerB.    Network DeviceC.    Endpoint IDD.    IdentityAnswer: A QUESTION 202Which ISE feature is used to facilitate a BYOD deployment? A.    self-service personal device registration and onboardingB.    Guest Service Sponsor PortalC.    Local Web AuthD.    Guest Identity Source Sequence Answer: A QUESTION 203What are two actions that can occur when an 802.1X-enabled port enters violation mode? (Choose two.) A.    The port is error disabled.B.    The port drops packets from any new device that sends traffic to the port.C.    The port generates a port resistance error.D.    The port attempts to repair the violation.E.    The port is placed in quarantine state.F.    The port is prevented from authenticating indefinitely. Answer: AB QUESTION 204Which option describes the purpose of configuring Native Supplicant Profile on the Cisco ISE? A.    It helps employees add and manage new devices by entering the MAC address for the device.B.    It is used to register personal devices on the network.C.    It enforces the use of MSCHAPv2 or EAP-TLS for 802.1X authentication.D.    It provides posture assessments and remediation for devices that are attempting to gain access to the corporate network. Answer: C QUESTION 205Which configuration is required in the Cisco ISE Authentication policy to allow Central Web Authentication? A.    Dot1x and if authentication failed continueB.    MAB and if user not found continueC.    MAB and if authentication failed continueD.    Dot1x and if user not found continue Answer: B QUESTION 206In a Cisco ISE deployment, which traffic is permitted by the default dynamic ACL? A.    all IP trafficB.    management traffic onlyC.    TCP traffic onlyD.    UDP traffic only Answer: A QUESTION 207Which redirect-URL is pushed by Cisco ISE for posture redirect for corporate users? A.    https://ise1.cisco.com:8443/portal/gateway?sessionId=0A00023D0000003A239F78CC&po rtal=283258a0-e96e-11e4-a30a-005056bf01c9&action=cpp&token=a1a6ea71ea8f410c2637e11ba534379eB.    https://ise1.cisco.com:8443/portal/gateway?sessionId=0A00023D0000003A239F78CC&po rtal=283258a0-e96e-11e4-a30a-005056bf01c9&action=cwa&token=a1a6ea71ea8f410c2637e11ba534379eC.    https://ise1.cisco.com:8443/portal/gateway?sessionId=0A00023D0000003A239F78CC&po rtal=283258a0-e96e-11e4-a30a-005056bf01c9&action=mdm&token=a1a6ea71ea8f410c2637e11ba534379eD.    https://ise1.cisco.com:8443/portal/gateway?sessionId=0A00023D0000003A239F78CC&po rtal=283258a0-e96e-11e4-a30a-005056bf01c9&action=drw&token=a1a6ea71ea8f410c2637e11ba534379e Answer: A QUESTION 208Scenario:Currently, many users are expehecing problems using their AnyConnect NAM supplicant to login to the network. The rr desktop support staff have already examined and vehfed the AnyConnect NAM configuration is correct.In this simulation, you are tasked to examine the various ISE GUI screens to determine the ISE current configurations to help isolate the problems. Based on the current ISE configurations, you will need to answer three multiple choice questions.To access the ISE GUI, click on the ISE icon in the topology diagram to access the ISE GUI.Not all the ISE GUI screen are operational in this simulation and some of the ISE GUI operations have been reduced in this simulation.Not all the links on each of the ISE GUI screen works, if some of the links are not working on a screen, click Home to go back to the Home page first. From the Home page, you can access all the required screens.To view some larger GUI screens, use the simulation window scroll bars. Some of the larger GUI screens only shows partially but will include all information required to complete this simulation.     Determine which can be two reasons why many users like the Sales and fT users are not able to authenticate and access the network using their AnyConnect NAM client with EAP- FAST.(Choose two.) A.    The DotlX authentication policy is not allowing the EAP-FAST protocol.B.    The rr_Corp authorization profile has the wrong Access Type configured.C.    The authorization profile used for the Sales users is misconfigured.D.    The order for the MAB authentication policy and the DotlX authentication policy should be reversed.E.    Many of the fT Sales and fT user machines are not passing the ISE posture accessment.F.    he PERMrr_ALL_TRAFFIC DACL is missing the permit ip any any statement it the end.G.    The Employee_FullAccess_DACL DACL is missing the permit ip any any statement in the end. Answer: AD QUESTION 209Which 802.1X command ignores Access-Reject during EAP authentication? A.    dot1x pae authenticatorB.    switchport mode accessC.    authentication port-control autoD.    authentication openE.    authentication host-mode multi-domain Answer: D QUESTION 210Refer to the exhibit. If a user with privilege 15 is matching this command set on Cisco ISE 2.0, which three commands can the user execute? (Choose three.)   A.    configure terminalB.    show runC.    show clockD.    ping 10.10.100.1E.    exitF.    show ip interface brief Answer: BCF QUESTION 211Which two options must be used on Cisco ISE to enable the TACACS+ feature? (Choose two.) A.    TACACS External ServersB.    TACACS+ Authentication SettingsC.    TACACS Server SequenceD.    Enable Device Admin ServiceE.    TACACS Command SetsF.    TACACS ProfilesG.    Device Administration License Answer: DG QUESTION 212Which operating system type needs access to the Internet to download the application that is required for BYOD on-boarding? A.    iOSB.    OSXC.    AndroidD.    Windows Answer: C QUESTION 107Refer to the exhibit. Which two things must be verified if authentication is failing with this error message? (Choose two.)   A.    Cisco ISE EAP identity certificate is valid.B.    CA cert chain of Cisco ISE EAP certificate is installed on the trusted certs store of the client machine.C.    CA cert chain of the client certificate is installed on Cisco ISE.D.    Cisco ISE HTTPS/admin certificate is valid.E.    Cisco ISE server certificate is installed on the client. Answer: AB QUESTION 213Which three pieces of information can be found in an authentication detail report? (Choose three.) A.    DHCP vendor IDB.    user agent stringC.    the authorization rule matched by the endpointD.    the EAP method the endpoint is usingE.    the RADIUS username being usedF.    failed posture requirement Answer: CDE QUESTION 214Which profiling capability allows you to gather and forward network packets to an analyzer? A.    collectorB.    spannerC.    retrieverD.    aggregator Answer: A QUESTION 215Scenario:Currently, many users are expehecing problems using their AnyConnect NAM supplicant to login to the network. The rr desktop support staff have already examined and vehfed the AnyConnect NAM configuration is correct.In this simulation, you are tasked to examine the various ISE GUI screens to determine the ISE current configurations to help isolate the problems. Based on the current ISE configurations, you will need to answer three multiple choice questions.To access the ISE GUI, click on the ISE icon in the topology diagram to access the ISE GUI.Not all the ISE GUI screen are operational in this simulation and some of the ISE GUI operations have been reduced in this simulation.Not all the links on each of the ISE GUI screen works, if some of the links are not working on a screen, click Home to go back to the Home page first. From the Home page, you can access all the required screens.To view some larger GUI screens, use the simulation window scroll bars. Some of the larger GUI screens only shows partially but will include all information required to complete this simulation.     Which two of the following statements are correct? (Choose two.) A.    The ISE is not able to successfully connect to the hq-srv.secure-x. local AD server.B.    The ISE internal endpoints database is used authenticate any users not in the Active Directory domain.C.    The ISE internal user database has two accounts enabled: student and test that maps to the Employee user identity group.D.    Guest_Portal_Sequence is a built-in identity source sequence. Answer: BD QUESTION 216By default, how many days does Cisco ISE wait before it purges the expired guest accounts? A.    1B.    10C.    15D.    20 Answer: C QUESTION 217In Cisco ISE 1.3, which feature is available to a sponsor in a sponsor group? A.    Help employees add and manage new devices by entering the MAC address for the device.B.    Restrict sponsors from viewing guest passwords.C.    Allow the user to download a native supplicant profile.D.    Reinstate or delete devices that were registered previously. Answer: B QUESTION 218Which option is one method for transporting security group tags throughout the network? A.    by embedding the SGT in the IP headerB.    via Security Group Exchange ProtocolC.    by embedding the SGT in the 802.1Q headerD.    by enabling 802.1AE on every network device Answer: B QUESTION 219Which two options can a sponsor select to create bulk guest accounts from the sponsor portal? (Choose two.) A.    KnownB.    RandomC.    MonthlyD.    ImportedE.    DailyF.    Yearly Answer: BD QUESTION 220Which components must be selected for a client provisioning policy to do a Posture check on the Cisco ISE? A.    Configuration Wizard, Wizard ProfileB.    Remediation Actions, Posture RequirementsC.    Operating System, Posture RequirementsD.    Agent, Profile, Compliance Module Answer: D QUESTION 221How many bits are in a security group tag? A.    64B.    8C.    16D.    32 Answer: C QUESTION 222Which attribute is needed for Cisco ISE to profile a device with HTTP probe? A.    user-agentB.    OUIC.    host-nameD.    cdp-cache-platformE.    dhcp-class-identifierF.    sysDescr Answer: A QUESTION 223Which two posture redirect ACLs and remediation DACLs must be pushed from Cisco ISE to a Cisco IOS switch if the endpoint must remediate itself The ISE IP address is 10.201.228.76 and the IP address of the remediating server is 10.201.229.1. (Choose two.) A.    ip access-l ex ACL-POSTURE-REDIRECT deny udp any any eq domain deny ip any host 10.201.228.76 permit tcp any any eq 80 permit tcp any any eq 443B.    ip access-l ex ACL-POSTURE-REDIRECT deny udp any any eq domain deny ip any host 10.201.228.76 deny ip any host 10.201.229.1 permit tcp any any eq 80permit tcp any any eq 443C.    ip access-l ex ACL-POSTURE-REDIRECT deny udp any any eq domain permit ip any host 10.201.228.76 permit ip any host 10.201.229.1 deny ip any anyD.    POSTURE_REMEDIATION DACL permit udp any any eq domain permit tcp any host 10.201.228.76 permit tcp any any eq 80 permit tcp any any eq 443E.    POSTURE_REMEDIATION DACL permit udp any any eq domain deny tcp any host 10.201.228.76 permit tcp any any eq 80 permit tcp any any eq 443 permit ip any host 10.210.229.1F.    POSTURE_REMEDIATION DACL permit udp any any eq domain deny tcp any host 10.201.228.76 deny ip any host 10.210.229.1 permit tcp any any eq 80 permit tcp any any eq 443 Answer: CD QUESTION 224Scenario:Currently, many users are expehecing problems using their AnyConnect NAM supplicant to login to the network. The rr desktop support staff have already examined and vehfed the AnyConnect NAM configuration is correct.In this simulation, you are tasked to examine the various ISE GUI screens to determine the ISE current configurations to help isolate the problems. Based on the current ISE configurations, you will need to answer three multiple choice questions.To access the ISE GUI, click on the ISE icon in the topology diagram to access the ISE GUI.Not all the ISE GUI screen are operational in this simulation and some of the ISE GUI operations have been reduced in this simulation.Not all the links on each of the ISE GUI screen works, if some of the links are not working on a screen, click Home to go back to the Home page first. From the Home page, you can access all the required screens.To view some larger GUI screens, use the simulation window scroll bars. Some of the larger GUI screens only shows partially but will include all information required to complete this simulation.     Which of the following statement is correct? A.    Currently,IT users who successfully authenticate will have their packets tagged withaSGTof3.B.    Currently,ITusers who successfully authenticate will be assigned to VLAN 9.C.    Currently, any domain administrator who successfully authenticate will be assigned to VLAN 10.D.    Computers belonging to the secure-x domain which passes machine authentication but failed user authentication will have the Employee_Restricted_DACL applied.E.    Print Servers matching the Linksys-PrintServer identity group will have the following access restrictions:permit icmp any host 10.10.2.20 permit tcp any host 10.10.2.20 eq 80 permit icmp any host 10.10.3.20 permit tcp any host 10.10.3.20 eq 80 deny ip any any Answer: C QUESTION 225Refer to the exhibit. If the user matches the given TACACS+ profile on Cisco ISE, which command can the user enter from shell prompt on a Cisco switch?   A.    enableB.    enable 10C.    show runD.    configure terminal Answer: B Lead2pass new released premium 300-208 exam dumps guarantee you a 100% exam success or we promise full money back! Download Cisco 300-208 exam dumps full version from Lead2pass instantly! 300-208 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDM1I1WlhIdHJZNjA 2017 Cisco 300-208 exam dumps (All 300 Q&As) from Lead2pass: https://www.lead2pass.com/300-208.html [100% Exam Pass Guaranteed] --------------------------------------------------- Images: --------------------------------------------------- --------------------------------------------------- Post date: 2017-08-02 06:13:25 Post date GMT: 2017-08-02 06:13:25 Post modified date: 2017-08-02 06:13:25 Post modified date GMT: 2017-08-02 06:13:25 ____________________________________________________________________________________________ Export of Post and Page as text file has been powered by [ Universal Post Manager ] plugin from www.gconverters.com