This page was exported from Lead2pass New Updated Exam Questions [ https://www.getfreevce.com ] Export date:Sun Dec 22 12:31:22 2024 / +0000 GMT ___________________________________________________ Title: [PDF&VCE] Lead2pass Provides Latest Exam 300-208 Dumps VCE For Free Downloading (121-140) --------------------------------------------------- 2016 October Cisco Official New Released 300-208 Dumps in Lead2pass.com! 100% Free Download! 100% Pass Guaranteed! Lead2pass 300-208 braindumps including the exam questions and the answer, completed by our senior IT lecturers and the Cisco product experts, include the current newest 300-208 exam questions. Following questions and answers are all new published by Cisco Official Exam Center: http://www.lead2pass.com/300-208.html QUESTION 121 Which two are valid ISE posture conditions? (Choose two.) A.    Dictionary B.    memberOf C.    Profile status D.    File E.    ServiceAnswer: DE QUESTION 122 A network engineer is configuring HTTP based CWA on a switch. Which three configuration elements are required? (Choose three.) A.    HTTP server enabled B.    Radius authentication on the port with MAB C.    Redirect access-list D.    Redirect-URL E.    HTTP secure server enabled F.    Radius authentication on the port with 802.1x G.    Pre-auth port based access-list Answer: ABC QUESTION 123 Which three statements describe differences between TACACS+ and RADIUS? (Choose three.) A.    RADIUS encrypts the entire packet, while TACACS+ encrypts only the password. B.    TACACS+ encrypts the entire packet, while RADIUS encrypts only the password. C.    RADIUS uses TCP, while TACACS+ uses UDP. D.    TACACS+ uses TCP, while RADIUS uses UDP. E.    RADIUS uses ports 1812 and 1813, while TACACS+ uses port 49. F.    TACACS+ uses ports 1812 and 1813, while RADIUS uses port 49 Answer: BDE QUESTION 124 Which two identity store options allow you to authorize based on group membership? (Choose two). A.    Lightweight Directory Access Protocol B.    RSA SecurID server C.    RADIUS D.    Active Directory Answer: AD QUESTION 125 What attribute could be obtained from the SNMP query probe? A.    FQDN B.    CDP C.    DHCP class identifier D.    User agent Answer: B QUESTION 126 What is a required configuration step for an 802.1X capable switch to support dynamic VLAN and ACL assignments? A.    Configure the VLAN assignment. B.    Configure the ACL assignment. C.    Configure 802.1X authenticator authorization. D.    Configure port security on the switch port. Answer: C QUESTION 127 Which network component would issue the CoA? A.    switch B.    endpoint C.    Admin Node D.    Policy Service Node Answer: D QUESTION 128 What steps must you perform to deploy a CA-signed identity certificate on an ISE device? A.    1. Download the CA server certificate and install it on ISE. 2. Generate a signing request and save it as a file. 3. Access the CA server and submit the CA request. 4. Install the issued certificate on the ISE. B.    1. Download the CA server certificate and install it on ISE. 2. Generate a signing request and save it as a file. 3. Access the CA server and submit the CSR. 4. Install the issued certificate on the CA server. C.    1. Generate a signing request and save it as a file. 2. Download the CA server certificate and install it on ISE. 3. Access the ISE server and submit the CA request. 4.Install the issued certificate on the CA server. D.    1. Generate a signing request and save it as a file. 2. Download the CA server certificate and install it on ISE. 3. Access the CA server and submit the CSR. 4. Install the issued certificate on the ISE. Answer: D QUESTION 129 An organization has recently deployed ISE with Trustsec capable Cisco switches and would like to allow differentiated network access based on user groups. Which solution is most suitable for achieving these goals? A.    Cyber Threat Defense for user group control by leveraging Netflow exported from the Cisco switches and identity information from ISE B.    MACsec in Multiple-Host Mode in order to encrypt traffic at each hop of the network infrastructure C.    Identity-based ACLs preconfigured on the Cisco switches with user identities provided by ISE D.    Cisco Security Group Access Policies to control access based on SGTs assigned to different user groups Answer: D QUESTION 130 Which three are required steps to enable SXP on a Cisco ASA? (Choose three). A.    configure AAA authentication B.    configure password C.    issue the aaa authorization command aaa-server group command D.    configure a peer E.    configure TACACS F.    issue the cts sxp enable command Answer: BDF QUESTION 131 Which three network access devices allow for static security group tag assignment? (Choose three.) A.    intrusion prevention system B.    access layer switch C.    data center access switch D.    load balancer E.    VPN concentrator F.    wireless LAN controller Answer: BCE QUESTION 132 Which option is required for inline security group tag propagation? A.    Cisco Secure Access Control System B.    hardware support C.    Security Group Tag Exchange Protocol (SXP) v4 D.    Cisco Identity Services Engine Answer: B QUESTION 133 Which two fields are characteristics of IEEE 802.1AE frame? (Choose two.) A.    destination MAC address B.    source MAC address C.    802.1AE header in EtherType D.    security group tag in EtherType E.    integrity check value F.    CRC/FCS Answer: CE QUESTION 134 Which two options are valid for configuring IEEE 802.1AE MACSec between switches in a TrustSec network? (Choose two.) A.    manually on links between supported switches B.    in the Cisco Identity Services Engine C.    in the global configuration of a TrustSec non-seed switch D.    dynamically on links between supported switches E.    in the Cisco Secure Access Control System F.    in the global configuration of a TrustSec seed switch Answer: AD QUESTION 135 Which three pieces of information can be found in an authentication detail report? (Choose three.) A.    DHCP vendor ID B.    user agent string C.    the authorization rule matched by the endpoint D.    the EAP method the endpoint is using E.    the RADIUS username being used F.    failed posture requirement Answer: CDE QUESTION 136 Certain endpoints are missing DHCP profiling data. Which option describes what can be used to determine if DHCP requests from clients are reaching Cisco ISE? A.    output of show interface gigabitEthernet 0 from the CLI B.    output of debug logging all 7 from the CLI C.    output of show logging application profiler.log from the CLI D.    the TCP dump diagnostic tool through the GUI E.    the posture troubleshooting diagnostic tool through the GUI Answer: D QUESTION 137 Which debug command on a Cisco WLC shows the reason that a client session was terminated? A.    debug dot11 state enable B.    debug dot1x packet enable C.    debug client mac addr D.    debug dtls event enable E.    debug ap enable cisco ap Answer: C QUESTION 138 Which two identity databases are supported when PEAP-MSCHAPv2 is used as EAP type? (Choose two.) A.    Windows Active Directory B.    LDAP C.    RADIUS token server D.    internal endpoint store E.    internal user store F.    certificate authentication profile G.    RSA SecurID Answer: AE QUESTION 139 Which two Cisco Catalyst switch interface commands allow only a single voice device and a single data device to be connected to the IEEE 802.1X-enabled interface? (Choose two.) A.    authentication host-mode single-host B.    authentication host-mode multi-domain C.    authentication host-mode multi-host D.    authentication host-mode multi-auth Answer: AB QUESTION 140 What are two possible reasons why a scheduled nightly backup of ISE to a FTP repository would fail? (Choose two.) A.    ISE attempted to write the backup to an invalid path on the FTP server. B.    The ISE and FTP server clocks are out of sync. C.    The username and password for the FTP server are invalid. D.    The server key is invalid or misconfigured. E.    TCP port 69 is disabled on the FTP server. Answer: AC If you use Lead2pass braindump as your 300-208 exam prepare material, we guarantee your success in the first attempt. Lead2pass 300-208 dump provides you everything you will need to take your 300-208 Exam. 300-208 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDM1I1WlhIdHJZNjA 2016 Cisco 300-208 exam dumps (All 250 Q&As) from Lead2pass: http://www.lead2pass.com/300-208.html [100% Exam Pass Guaranteed] --------------------------------------------------- Images: --------------------------------------------------- --------------------------------------------------- Post date: 2016-10-17 06:46:28 Post date GMT: 2016-10-17 06:46:28 Post modified date: 2016-10-17 06:46:28 Post modified date GMT: 2016-10-17 06:46:28 ____________________________________________________________________________________________ Export of Post and Page as text file has been powered by [ Universal Post Manager ] plugin from www.gconverters.com