[2017 New] Ensure Pass 300-208 Exam By Training Lead2pass New PDF Dumps (76-100)
2017 July Cisco Official New Released 300-208 Dumps in Lead2pass.com! 100% Free Download! 100% Pass Guaranteed! Our PDF dumps of 300-208 exam is designed to ensure everything which you need to pass your exam successfully. At Lead2pass, we have a completely customer oriented policy. We invite the professionals who have rich experience and expert knowledge of the IT certification industry to guarantee the PDF details precisely and logically. Our customers' time is a precious concern for us. This requires us to provide you the products that can be utilized most efficiently. Following questions and answers are all new published by Cisco Official Exam Center: https://www.lead2pass.com/300-208.html 3 1 QUESTION 76 Which two are technologies that secure the control plane of the Cisco router? (Choose two.) A. Cisco IOS Flexible Packet Matching B. uRPF C. routing protocol authentication D. CPPr E. BPDU protection F. role-based access control Answer: CD QUESTION 77 What is the result of configuring the command dotlx system-auth-control on a Cisco Catalyst switch? A. enables the switch to operate as the 802.1X supplicant B. globally enables 802.1X on the switch C. globally enables 802.1X and defines ports as 802.1X-capable D. places the configuration sub-mode into dotix-auth mode, in which you can identify the authentication server parameters Answer: B QUESTION 78 Cisco IOS IPS uses which alerting protocol with a pull mechanism for getting IPS alerts to the network management application? A. HTTPS B. SMTP C. SNMP D. syslog E. SDEE F. POP3 Answer: E QUESTION 79 When enabling the Cisco IOS IPS feature, which step should you perform to prevent rogue signature updates from being installed on the router? A. configure authentication and authorization for maintaining signature updates B. install a known RSA public key that correlates to a private key used by Cisco C. manually import signature updates from Cisco to a secure server, and then transfer files from the secure server to the router D. use the SDEE protocol for all signature updates from a known secure management station Answer: B QUESTION 80 When is it most appropriate to choose IPS functionality based on Cisco IOS software? A. when traffic rates are low and a complete signature is not required B. when accelerated, integrated performance is required using hardware ASIC-based IPS inspections C. when integrated policy virtualization is required D. when promiscuous inspection meets security requirements Answer: A QUESTION 81 Which Cisco IOS IPS risk rating component uses a low value of 75, a medium value of 100, a high value of 150, and a mission-critical value of 200? A. Signature Fidelity Rating B. Attack Severity Rating C. Target Value Rating D. Attack Relevancy Rating E. Promiscuous Delta F. Watch List Rating Answer: C QUESTION 82 Which two of these are potential results of an attacker performing a DHCP server spoofing attack? (Choose two.) A. DHCP snooping B. DoS C. confidentiality breach D. spoofed MAC addresses E. switch ports being converted to an untrusted state Answer: BC QUESTION 83 When Cisco IOS IPS signatures are being tuned, how is the Target Value Rating assigned? A. It is calculated from the Event Risk Rating. B. It is calculated from a combination of the Attack Severity Rating and Signature Fidelity Rating C. It is manually set by the administrator. D. It is set based upon SEAP functions. Answer: C QUESTION 84 When performing NAT, which of these is a limitation you need to account for? A. exhaustion of port number translations B. embedded IP addresses C. security payload identifiers D. inability to provide mutual connectivity to networks with overlapping address spaces Answer: B QUESTION 85 Which two answers are potential results of an attacker that is performing a DHCP server spoofing attack? (Choose two.) A. ability to selectively change DHCP options fields of the current DHCP server, such as the giaddr field. B. DoS C. excessive number of DHCP discovery requests D. ARP cache poisoning on the router E. client unable to access network resources Answer: BE QUESTION 86 When configuring NAT, which three protocols that are shown may have limitations or complications when using NAT? (Choose three.) A. Kerberos B. HTTPS C. NTP D. SIP E. FTP F. SQL Answer: ADE QUESTION 87 Which state is a Cisco IOS IPS signature in if it does not take an appropriate associated action even if it has been successfully compiled? A. retired B. disabled C. unsupported D. inactive Answer: B QUESTION 88 Which statement best describes inside policy based NAT? A. Policy NAT rules are those that determine which addresses need to be translated per the enterprise security policy B. Policy NAT consists of policy rules based on outside sources attempting to communicate with inside endpoints. C. These rules use source addresses as the decision for translation policies. D. These rules are sensitive to all communicating endpoints. Answer: A QUESTION 89 When is it feasible for a port to be both a guest VLAN and a restricted VLAN? A. this configuration scenario is never be implemented B. when you have configured the port for promiscuous mode C. when private VLANs have been configured to place each end device into different subnets D. when you want to allow both types of users the same services Answer: D QUESTION 90 In an 802.1X environment, which feature allows for non-802.1X-supported devices such as printers and fax machines to authenticate? A. multiauth B. WebAuth C. MAB D. 802.1X guest VLAN Answer: C QUESTION 91 Which RADIUS attribute is used primarily to differentiate an IEEE 802.1x request from a Cisco MAB request? A. RADIUS Attribute (5) NAS-Port B. RADIUS Attribute (6) Service-Type C. RADIUS Attribute (7) Framed-Protocol D. RADIUS Attribute (61) NAS-Port-Type Answer: B QUESTION 92 Which authorization method is the Cisco best practice to allow endpoints access to the Apple App store or Google Play store with Cisco WLC software version 7.6 or newer? A. dACL B. DNS ACL C. DNS ACL defined in Cisco ISE D. redirect ACL Answer: B QUESTION 93 Which time allowance is the minimum that can be configured for posture reassessment interval? A. 5 minutes B. 20 minutes C. 60 minutes D. 90 minutes Answer: C QUESTION 94 Which advanced authentication setting is needed to allow an unknown device to utilize Central WebAuth? A. If Authentication failed > Continue B. If Authentication failed > Drop C. If user not found > Continue D. If user not found > Reject Answer: C QUESTION 95 Which option restricts guests from connecting more than one device at a time? A. Guest Portal policy > Set Device registration portal limit B. Guest Portal Policy > Set Allow only one guest session per user C. My Devices Portal > Set Maximum number of devices to register D. Multi-Portal Policy > Guest users should be able to do device registration Answer: B QUESTION 96 In Cisco ISE, which two actions can be taken based on matching a profiler policy? (Choose two). A. exception B. network scan (NMAP) C. delete endpoint D. automatically remediate E. create matching identity group Answer: AB QUESTION 97 Which statement about the Cisco ISE BYOD feature is true? A. Use of SCEP/CA is optional. B. BYOD works only on wireless access. C. Cisco ISE needs to integrate with MDM to support BYOD. D. Only mobile endpoints are supported. Answer: A QUESTION 98 What user rights does an account need to join ISE to a Microsoft Active Directory domain? A. Create and Delete Computer Objects B. Domain Admin C. Join and Leave Domain D. Create and Delete User Objects Answer: A QUESTION 99 A network administrator must enable which protocol to utilize EAP-Chaining? A. EAP-FAST B. EAP-TLS C. MSCHAPv2 D. PEAP Answer: A QUESTION 100 The corporate security policy requires multiple elements to be matched in an authorization policy. Which elements can be combined to meet the requirement? A. Device registration status and device activation status B. Network access device and time condition C. User credentials and server certificate D. Built-in profile and custom profile Answer: B If you want to get more 300-208 exam preparation material, you can download the free 300-208 braindumps in PDF files on Lead2pass. It would be great helpful for your exam. All the 300-208 dumps are updated and cover every aspect of the examination. Welcome to choose. 300-208 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDM1I1WlhIdHJZNjA 2 2017 Cisco 300-208 exam dumps (All 300 Q&As) from Lead2pass: https://www.lead2pass.com/300-208.html 3 1 [100% Exam Pass Guaranteed]
|