Cisco 300-208 Exam Questions and Answers 2021

Master the ccnp security sisas 300 208 official cert guide content and be ready for exam day success quickly with this 300 208 dumps. We guarantee it!We make it a reality and give you real 300 208 sisas in our Cisco 300-208 braindumps. Latest 100% VALID 300 208 dumps at below page. You can use our Cisco 300-208 braindumps and pass your exam.

Cisco 300-208 Free Dumps Questions Online, Read and Test Now.

NEW QUESTION 1
The posture run-time services encapsulates which protocol services, and all the interactions that happen between the NAC Agents?

  • A. SWISS
  • B. MAB
  • C. DOT1X
  • D. DEFAULT

Answer: A

NEW QUESTION 2
A user is on a wired connection and the posture status is noncompliant.
Which state will their EPS session be placed in?

  • A. disconnected
  • B. limited
  • C. no access
  • D. quarantined

Answer: D

NEW QUESTION 3
An administrator is configuring an ASA firewall for to secure access on ASA firewall in the essence of controlling configuration command executed on the Firewall. Which command will he use?

  • A. aaa authorization ssh console
  • B. aaa authorization commands
  • C. aaa authentication ssh console
  • D. aaa authentication exec server-authentication

Answer: D

NEW QUESTION 4
Which description of the purpose of the Continue option in an authentication policy rule is true?

  • A. It allows Cisco ISE to check the list of rules in an authentication policy until there is a match.
  • B. It sends an authentication to the next subrule within the same authentication rule.
  • C. It allows Cisco ISE to proceed to the authorization policy regardless of authentication pass/fail.
  • D. It sends an authentication to the selected identity store.
  • E. It causes Cisco ISE to ignore the NAD because NAD will treat the Cisco ISE server as dead.

Answer: C

NEW QUESTION 5
What protecs MacSec Frame ?

  • A. ICV
  • B. MKA

Answer: B

NEW QUESTION 6
What is a requirement for posture administration services in Cisco ISE?

  • A. at least one Cisco router to store Cisco ISE profiling policies
  • B. Cisco NAC Agents that communicate with the Cisco ISE server
  • C. an ACL that points traffic to the Cisco ISE deployment
  • D. the advanced license package must be installed

Answer: D

NEW QUESTION 7
An administrator can leverage which attribute to assign privileges based on Microsoft Active Directory user groups?

  • A. member of
  • B. group
  • C. class
  • D. person

Answer: A

NEW QUESTION 8
Which error in a redirect ACL can cause the redirection of an endpoint to the provisioning portal to fail?

  • A. The redirect ACL is blocking access to ports 80 and 443.
  • B. The redirect ACL is applied to an incorrect SVI.
  • C. The redirect ACL is blocking access to the client provisioning portal.
  • D. The redirect ACL is blocking access to Cisco ISE port 8905.

Answer: A

NEW QUESTION 9
The corporate security policy requires multiple elements to be matched in an authorization policy. Which elements can be combined to meet the requirement?

  • A. Device registration status and device activation status
  • B. Network access device and time condition
  • C. User credentials and server certificate
  • D. Built-in profile and custom profile

Answer: B

NEW QUESTION 10
Which three algorithms should be avoided due to security concerns? (Choose three.)

  • A. DES for encryption
  • B. SHA-1 for hashing
  • C. 1024-bit RSA
  • D. AES GCM mode for encryption
  • E. HMAC-SHA-1
  • F. 256-bit Elliptic Curve Diffie-Hellman
  • G. 2048-bit Diffie-Hellman

Answer: ABC

NEW QUESTION 11
An engineer wants do allow dynamic vlan assignment from ISE. What must be configured on the switch?

  • A. DTP
  • B. VTP
  • C. AAA authentication
  • D. AAA authorization

Answer: D

NEW QUESTION 12
Which command enables static PAT for TCP port 25?

  • A. nat (outside,inside) static 209.165.201.3 209.165.201.226 eq smtp
  • B. nat static 209.165.201.3 eq smtp
  • C. nat (inside,outside) static 209.165.201.3 service tcp smtp smtp
  • D. static (inside,outside) 209.165.201.3 209.165.201.226 netmask 255.255.255.255

Answer: C

NEW QUESTION 13
A network administrator needs to determine the ability of existing network devices to deliver key BYOD services. Which tool will complete a readiness assessment and outline hardware and software capable and incapable devices?

  • A. Prime Infrastructure
  • B. Network Control System
  • C. Cisco Security Manager
  • D. Identity Services Engine

Answer: A

NEW QUESTION 14
Which 802.1x command is needed for ACL to be applied on a switch port?

  • A. dot1x system-auth-control
  • B. dot1x pae authenticator
  • C. authentication port-control auto
  • D. radius-server vsa send authentication
  • E. aaa authorization network default group radius

Answer: D

NEW QUESTION 15
Which two statements about administrative access to the Cisco Secure ACS SE are true? (Choose two.)

  • A. The Cisco Secure ACS SE supports command-line connections through a serial-port connection.
  • B. For GUI access, an administrative GUI user must be created by using the add-guiadmin command.
  • C. The Cisco Secure ACS SE supports command-line connections through an Ethernet interface.
  • D. An ACL-based policy must be configured to allow administrative-user access.
  • E. GUI access to the Cisco Secure ASC SE is not supported.

Answer: BD

NEW QUESTION 16
If the user is in a non-compliant state and wants to Get out of quarantine, what must be done?

  • A. download posture
  • B. download profiling
  • C. download mab
  • D. download web agent

Answer: A

NEW QUESTION 17
Which two are best practices to implement profiling services in a distributed environment? (Choose two)

  • A. use of device sensor feature
  • B. configuration to send syslogs to the appropriate profiler node
  • C. netflow probes enabled on central nodes
  • D. node-specific probe configuration
  • E. global enablement of the profiler service

Answer: BD

Explanation: https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_prof_pol.html#wp1340515
You can deploy the Cisco ISE profiler service either in a standalone environment (on a single node), or in a distributed environment (on multiple nodes).
Depending on the type of your deployment and the license you have installed, the profiler service of Cisco ISE can run on a single node or on multiple nodes.
You need to install either the base license to take advantage of the basic services or the advanced license to take advantage of all the services of Cisco ISE.
The ISE distributed deployment includes support for the following:
• The Deployment Nodes page supports the infrastructure for the distributed nodes in the distributed deployment.
• A node specific configuration of probes—The Probe Config page allows you to configure the probe per node.
• Global Implementation of the profiler Change of Authorization (CoA).
• Configuration to allow syslogs to be sent to the appropriate profiler node.

NEW QUESTION 18
Which feature of Cisco ASA allows VPN users to be postured against Cisco ISE without requiring an inline posture node?

  • A. RADIUS Change of Authorization
  • B. device tracking
  • C. DHCP snooping
  • D. VLAN hopping

Answer: A

NEW QUESTION 19
Which characteristic of static SGT classification is true?

  • A. uses MAB
  • B. maps a tag to an IP address
  • C. maps a tag to a MAC address
  • D. uses web authentication

Answer: A

Recommend!! Get the Full 300-208 dumps in VCE and PDF From Exambible, Welcome to Download: https://www.exambible.com/300-208-exam/ (New 400 Q&As Version)