Cisco 300-208 Practice Exam Material 300-208 Best Exam Result 2018
This exam tests whether a network security engineer knows the components and architecture of secure access, by utilizing 802.1X and Cisco TrustSec. This exam assesses knowledge of Cisco Identity Services Engine (ISE) architecture, solution, and components as an overall network threat mitigation and endpoint control solutions. It also includes the fundamental concepts of bring your own device (BYOD) using posture and profiling services of ISE. Candidates can prepare for this exam by taking the Implementing Cisco Secure Access Solutions (SISAS) course.
For More Details:
https://www.certswarrior.com/exam/300-208/
Question: 1
What are three portals provided by PSN? (Choose three.)
A. Monitoring
B. Troubleshooting
C. Sponsor
D. Guest
E. My devices
F. Admin
Answer: C, D, E
Question: 2
A customer is concerned with the use of the issued laptops even when devices are not on the corporate network. Which agent continues to be operational even when the host is not on the Cisco ISE network?
A. Cisco ISE Agent
B. Cisco NAC Agent
C. Cisco Custom Agent
D. Cisco NAC Web Agent
Answer: B
Question: 3
A company has implemented a dual SSID BYOD design. A provisioning SSID is used for user registration, and an employee SSID is used for company network access. How is the layer 2 security of the provisioning SSID configured?
A. 802.1X
B. Open
C. WPA2
D. MAC filtering disabled
Answer: B
Question: 4
A company has implemented a dual SSID BYOD design. A provisioning SSID is used for user registration, and an employee SSID is used for company network access. Which controller option must be enabled to allow a user to switch immediately from the provisioning SSID to the employee SSID after registration has been completed?
A. AAA override
B. User Idle Timeout
C. Fast SSID Change
D. AP Fallback
Answer: C
Question: 5
An engineer must enable SGACL policy globally for a Cisco TrustSec –enabled routed interface. Which
command must be used?
A. cts role-based monitor enable
B. cts role-based enfrocement
C. cts role-based sgt-caching with-enforcement
D. cts role-based monitor permissions from {sgt_num} to {dgt_num}][ipv4| ipv6]
Answer: B
Question: 6
What two values does Cisco recommend you adjust and test to set the optimal timeout value for your network’s specific 802.1X MAB deployment?
A. Max-reath-req
B. Supp-timeout
C. Max-req
D. Tx-period
E. Server-timeout
Answer: A, D
Question: 7
Which two protocols does Cisco Prime Infrastructure use for device discovery? (Choose two.)
A. SNAP
B. LLDP
C. RARP
D. DNS
E. LACP
Answer: BD
Question: 8
An engineer is designing a BYOD environment utilizing Cisco ISE for devices that do not support native
supplicants. Which portals must the security engineer configure to accomplish this task?
A. Client Provisioning Portals
B. BYOD Portals
C. My Devices Portals
D. MDM Portals
Answer: C
Question: 9
Which type of SGT propagation does a WLC in a data center require?
A. SXP
B. SGT
C. SGT inline
D. SGT Reflector
Answer: A
Question: 10
Which two accounting types are used to implement accounting with RADIUS? (Choose two.)
A. Network
B. User
C. Attribute
D. Device
E. Resource
Answer: AE
Question: 11
Which functionality does the Cisco ISE BYOD flow provide?
A. It provides support for native supplicants, allowing users to connect devices directly to the network.
B. It provides the My Devices portal, allowing users to add devices to the network.
C. It provides support for users to install the Cisco NAC agent on enterprise devices.
D. It provides self-registration functionality to allow guest users to access the network.
Answer: A
Question: 12
Which description of SXP is true?
A. applies SGT along every hop in the network path
B. propagates SGT on a device upon which SGT inline tagging is unsupported
C. removes SGT from every in the network path
D. propagates SGT on a device which inline tagging is supported
Answer: D
Question: 13
You must recover a wireless client from quarantine. You disconnect the client from the network. Which action do you take next?
A. Reboot the client machine after the idle timeout period expires.
B. Start a manual reassessment
C. Reconnect to the network after the idle timeout period expires.
D. Turn off the MIC of the client
Answer: C
Question: 14
Which internal Cisco ISE component reduces demand on JVM memory by limiting the number of devices the profiler handles?
A. eventHandlerQueueStze
B. maxEndPomtslnLocalDb
C. NetworkDeviceEventHandter
D. forwarderQueueSize
Answer: B
Question: 15
Which action do you take to define the global authorization exception policy by using a Device Admin Policy Set?
A. Configure the policy by using Proxy Sequence mode.
B. Configure a rule-based condition in a policy set.
C. Define the policy for each group of devices.
D. Define the policy by configuring a standard profile
Answer: B
Question: 16
In the redirect URL authorization attribute, which Cisco ISE node acts as the web server when performing CWA?
A. Administration
B. Monitoring
C. Policy Service
D. pxGrid
Answer: C
Question: 17
Which two protocols are supported with the Cisco IOS Device Sensor? (Choose two.)
A. SNMP
B. Cisco Discovery Protocol
C. RADIUS
D. LLDP
E. NetFlow
Answer: B, D
Question: 18
What sends the redirect ACL that is configured in the authorization profile back to the Cisco WLC?
A. Event
B. Cisco-av-pair
C. State attribute
D. Class attribute
Answer: B
Question: 19
While troubleshooting a posture assessment issue on a Windows PC, the NAC Agent is not popping up as expected. Which two logs would help in isolating the issue? (Choose two.)
A. Cisco AnyConnect ISE posture logs
B. NAC agent logs
C. Dart bundle
D. Cisco ISE profiler log file
E. Cisco ISE ise-psc.log file
Answer: BE
Question: 20
A manager of Company A is hosting a conference. Conference participants use a code on the AUP page of the hot-spot guest portal Which code must the manager create on Cisco ISE before the meeting?
A. user code
B. pass code
C. access code
D. registration code
Answer: D
For More Details:
Use Coupon code "20off2018" to enjoy 20% off.
0コメント