Cisco 300-208 Dumps

Exam: CCNP Security Implementing Cisco Secure Access Solutions (SISAS)

300-208 Premium VCE File
300-208.vce - Exam-Labs Verified - Instant Download
Get Latest & Verified 300-208 Exam Questions with 30-Days Free Updates
337 Questions & Answers
 $39.99

Free 300-208 Exam Questions in VCE Format
File Votes Size Last comment
1 2.47 MB  
Play Cisco 300-208 VCE files with Avanset VCE Simulator
 

Cisco 300-208 Exam Tutorial

Showing 1-20 of 224 Questions   (Page 1 out of 12)


Question No : 1

Which option is the correct redirect-ACL for Wired-CWA, with 10.201.228.76 being the
Cisco ISE IP address?

A. ip access-l ex ACL-WEBAUTH-REDIRECT deny udp any any eq domain deny ip any host 10.201.228.76 permit tcp any any eq 80 permit tcp any any eq 443
B. ip access-l ex ACL-WEBAUTH-REDIRECT permit udp any any eq domain permit ip any host 10.201.228.76 deny tcp any any eq 80 permit tcp any any eq 443
C. ip access-l ex ACL-WEBAUTH-REDIRECT deny udp any any eq domain permit tcp any host 10.201.228.76 eq 8443 deny ip any host 10.201.228.76 permit tcp any any eq 80 permit tcp any any eq 443
D. ip access-l ex ACL-WEBAUTH-REDIRECT permit udp any any eq domain deny ip any host 10.201.228.76 permit tcp any any eq 80permit tcp any any eq 443


Question No : 2

What are the initial steps to configure an ACS as a TACACS server?

A. 1. Choose Network Devices and AAA Clients > Network Resources.2. Click Create.
B. 1. Choose Network Resources > Network Devices and AAA Clients.2. Click Create.
C. 1. Choose Network Resources > Network Devices and AAA Clients.2. Click Manage.
D. 1. Choose Network Devices and AAA Clients > Network Resources.2. Click Install.


Question No : 3

Which three are required steps to enable SXP on a Cisco ASA? (Choose three).

A. configure AAA authentication
B. configure password
C. issue the aaa authorization command aaa-server group command
D. configure a peer
E. configure TACACS
F. issue the cts sxp enable command


Question No : 4

Wireless client supplicants attempting to authenticate to a wireless network are generating
excessive log messages. Which three WLC authentication settings should be disabled?
(Choose three.)

A. RADIUS Server Timeout
B. RADIUS Aggressive-Failover
C. Idle Timer
D. Session Timeout
E. Client Exclusion
F. Roaming


Question No : 5

Which command enables static PAT for TCP port 25?

A. nat (outside,inside) static 209.165.201.3 209.165.201.226 eq smtp
B. nat static 209.165.201.3 eq smtp
C. nat (inside,outside) static 209.165.201.3 service tcp smtp smtp
D. static (inside,outside) 209.165.201.3 209.165.201.226 netmask 255.255.255.255


Question No : 6

Which model does Cisco support in a RADIUS change of authorization implementation?

A. push
B. pull
C. policy
D. security


Question No : 7

Which configuration must you perform on a switch to deploy Cisco ISE in low-impact
mode?

A. Configure an ingress port ACL on the switchport.
B. Configure DHCP snooping globally.
C. Configure IP-device tracking.
D. Configure BPDU filtering.


Question No : 8

Scenario:
Currently, many users are expehecing problems using their AnyConnect NAM supplicant to
login to the network. The rr desktop support staff have already examined and vehfed the
AnyConnect NAM configuration is correct.
In this simulation, you are tasked to examine the various ISE GUI screens to determine the
ISE current configurations to help isolate the problems. Based on the current ISE
configurations, you will need to answer three multiple choice questions.
To access the ISE GUI, click on the ISE icon in the topology diagram to access the ISE
GUI.
Not all the ISE GUI screen are operational in this simulation and some of the ISE GUI
operations have been reduced in this simulation.
Not all the links on each of the ISE GUI screen works, if some of the links are not working
on a screen, click Home to go back to the Home page first. From the Home page, you can
access all the required screens.
To view some larger GUI screens, use the simulation window scroll bars. Some of the
larger GUI screens only shows partially but will include all information required to complete
this simulation.
Cisco 300-208 question 8
Cisco 300-208 question 8
Which two of the following statements are correct? (Choose two.)

A. The ISE is not able to successfully connect to the hq-srv.secure-x. local AD server.
B. The ISE internal endpoints database is used authenticate any users not in the Active Directory domain.
C. The ISE internal user database has two accounts enabled: student and test that maps to the Employee user identity group.
D. Guest_Portal_Sequence is a built-in identity source sequence.


Question No : 9

The Secure-X company has started to tested the 802.1X authentication deployment using
the Cisco Catalyst 3560-X layer 3 switch and the Cisco ISEvl2 appliance. Each employee
desktop will be connected to the 802.1X enabled switch port and will use the Cisco
AnyConnect NAM 802.1X supplicant to log in and connect to the network.
Your particular tasks in this simulation are to create a new identity source sequence named
AD_internal which will first use the Microsoft Active Directory (AD1) then use the ISE
Internal User database. Once the new identity source sequence has been configured, edit
the existing DotlX authentication policy to use the new AD_internal identity source
sequence.
The Microsoft Active Directory (AD1) identity store has already been successfully
configured, you just need to reference it in your configuration.
Cisco 300-208 question 9
In addition to the above, you are also tasked to edit the IT users authorization policy so IT
users who successfully authenticated will get the permission of the existing IT_Corp
authorization profile.
Perform this simulation by accessing the ISE GUI to perform the following tasks:
Create a new identity source sequence named AD_internal to first use the Microsoft
Active Directory (AD1) then use the ISE Internal User database
Edit the existing Dot1X authentication policy to use the new AD_internal identity source
sequence:
If authentication failed-reject the access request
If user is not found in AD-Drop the request without sending a response
If process failed-Drop the request without sending a response
Edit the IT users authorization policy so IT users who successfully authenticated will get
the permission of the existing IT_Corp authorization profile.
To access the ISE GUI, click the ISE icon in the topology diagram. To verify your
configurations, from the ISE GUI, you should also see the Authentication Succeeded event
for the it1 user after you have successfully defined the DotlX authentication po


Question No : 10

In this simulation, you are task to examine the various authentication events using the ISE
GUI. For example, you should see events like Authentication succeeded. Authentication
failed and etc...
Cisco 300-208 question 10
Cisco 300-208 question 10
Cisco 300-208 question 10
Which two statements are correct regarding the event that occurred at 2014-05-07
00:22:48.175? (Choose two.)

A. The DACL will permit http traffic from any host to 10.10.2.20
B. The DACL will permit http traffic from any host to 10.10.3.20
C. The DACL will permit icmp traffic from any host to 10.10.2.20
D. The DACL will permit icmp traffic from any host to 10.10.3.20
E. The DACL will permit https traffic from any host to 10.10.3.20


Question No : 11

In a basic ACS deployment consisting of two servers, for which three tasks is the primary
server responsible? (Choose three.)

A. configuration
B. authentication
C. sensing
D. policy requirements
E. monitoring
F. repudiation


Question No : 12

Which type of access list is the most scalable that Cisco ISE can use to implement network
authorization enforcement for a large number of users?

A. downloadable access lists
B. named access lists
C. VLAN access lists
D. MAC address access lists


Question No : 13

How frequently does the Profiled Endpoints dashlet refresh data?

A. every 30 seconds
B. every 60 seconds
C. every 2 minutes
D. every 5 minutes


Question No : 14

Changes were made to the ISE server while troubleshooting, and now all wireless
certificate authentications are failing. Logs indicate an EAP failure. What is the most likely
cause of the problem?

A. EAP-TLS is not checked in the Allowed Protocols list
B. Certificate authentication profile is not configured in the Identity Store
C. MS-CHAPv2-is not checked in the Allowed Protocols list
D. Default rule denies all traffic
E. Client root certificate is not included in the Certificate Store


Question No : 15

Refer to the exhibit.
Cisco 300-208 question 15
In a distributed deployment of Cisco ISE, which column in Figure 1 is used to fill in the Host
Name field in Figure 2 to collect captures on Cisco ISE while authenticating the specific
endpoint?

A. Server
B. Network Device
C. Endpoint ID
D. Identity


Question No : 16

Which two statements about Cisco NAC Agents that are installed on clients that interact
with the Cisco ISE profiler are true? (Choose two.)

A. They send endpoint data to AAA servers.
B. They collect endpoint attributes.
C. They interact with the posture service to enforce endpoint security policies.
D. They block access from the network through noncompliant endpoints.
E. They store endpoints in the Cisco ISE with their profiles.
F. They evaluate clients against posture policies, to enforce requirements.


Question No : 17

Which profiling capability allows you to gather and forward network packets to an analyzer?

A. collector
B. spanner
C. retriever
D. aggregator


Question No : 18

Which two EAP types require server side certificates? (Choose two.)

A. EAP-TLS
B. PEAP
C. EAP-MD5
D. LEAP
E. EAP-FAST
F. MSCHAPv2


Question No : 19

During BYOD flow, where does a Microsoft Windows 8.1 PC download the Network Setup
Assistant from?

A. from Cisco App Store
B. from Cisco ISE directly
C. from Microsoft App Store
D. It uses the native OTA functionality.


Question No : 20

A network administrator needs to determine the ability of existing network devices to deliver
key BYOD services. Which tool will complete a readiness assessment and outline
hardware and software capable and incapable devices?

A. Prime Infrastructure
B. Network Control System
C. Cisco Security Manager
D. Identity Services Engine


Showing 1-20 of 224 Questions   (Page 1 out of 12)

Site Search:

Close

Close
SPECIAL OFFER: GET 10% OFF

Exam-Labs PREMIUM Files

Get 10% Discount on all Exam-Labs.com PREMIUM files!



Enter Your Email Address to Receive Your 10% Off Discount Code

A Confirmation Link will be sent to this email address to verify your login

We value your privacy.
We will not rent or sell your email address

Close
Download Free Demo of VCE
Exam Simulator

Experience Avanset VCE Exam Simulator for yourself.


Simply submit your e-mail address below to get started with our interactive software demo of your free trial.


Enter Your Email Address

Free Demo Limits: In the demo version you will be able to access only first 5 questions from exam.