Cisco 300-208 Free Practice Questions

Q1. Which three are required steps to enable SXP on a Cisco ASA? (Choose three). 

A. configure AAA authentication 

B. configure password 

C. issue the aaa authorization command aaa-server group command 

D. configure a peer 

E. configure TACACS 

F. issue the cts sxp enable command 

View Answer

Q2. In an 802.1X authorization process, a network access device provides which three functions? (Choose three.) 

A. Filters traffic prior to authentication 

B. Passes credentials to authentication server 

C. Enforces policy provided by authentication server 

D. Hosts a central web authentication page 

E. Confirms supplicant protocol compliance 

F. Validates authentication credentials 

View Answer

Q3. Which default identity source is used by the MyDevices_Portal_Sequence identity source sequence? 

A. internal users 

B. guest users 

C. Active Directory 

D. internal endpoints 

E. RADIUS servers 

View Answer

Q4. ORRECT TEXT 

The Secure-X company has recently successfully tested the 802.1X authentication deployment using the Cisco Catalyst switch and the Cisco ISEv1.2 appliance. Currently, each employee desktop is connected to an 802.1X enabled switch port and is able to use the Cisco AnyConnect NAM 802.1Xsupplicantto log in and connect to the network. 

Currently, a new testing requirement is to add a network printer to the Fa0/19 switch port and have it connect to the network. The network printer does not support 802.1X supplicant. The Fa0/19 switch port is now configured to use 802.1X authentication only. 

To support this network printer, the Fa0/19 switch port configuration needs to be edited to enable the network printer to authenticate using its MAC address. The network printer should also be on VLAN 9. 

Another network security engineer responsible for managing the Cisco ISE has already per-configured all the requirements on the Cisco ISE, including adding the network printer MAC address to the Cisco ISE endpoint database and etc... 

Your task in the simulation is to access the Cisco Catalyst Switch console then use the CLI to: 

. Enable only the Cisco Catalyst Switch Fa0/19 switch port to authenticate the network printer using its MAC address and: 

. Ensure that MAC address authentication processing is not delayed until 802.1Xfails 

. Ensure that even if MAC address authentication passes, the switch will still perform 802.1X authentication if requested by a 802.1X supplicant 

. Use the required show command to verify the MAC address authentication on the Fa0/19 is successful 

The switch enable password is Cisco 

For the purpose of the simulation, to test the network printer, assume the network printer will be unplugged then plugged back into the Fa0/19 switch port after you have finished the required configurations on the Fa0/19 switch port. 

Note: For this simulation, you will not need and do not have access to the ISE GUI To access the switch CLI, click the Switch icon in the topology diagram 

View Answer

Q5. Which two types of client provisioning resources are used for BYOD implementations? (Choose two.) 

A. user agent 

B. Cisco NAC agent 

C. native supplicant profiles 

D. device sensor 

E. software provisioning wizards 

View Answer

Q6. Changes were made to the ISE server while troubleshooting, and now all wireless certificate authentications are failing. Logs indicate an EAP failure. What are the two possible causes of the problem? (Choose two.) 

A. EAP-TLS is not checked in the Allowed Protocols list 

B. Client certificate is not included in the Trusted Certificate Store 

C. MS-CHAPv2-is not checked in the Allowed Protocols list 

D. Default rule denies all traffic 

E. Certificate authentication profile is not configured in the Identity Store 

View Answer

Q7. Which two Active Directory authentication methods are supported by Cisco ISE? (Choose two.) 

A. MS-CHAPv2 

B. PEAP 

C. PPTP 

D. EAP-PEAP 

E. PPP 

View Answer

Q8. Which statement about IOS accounting is true? 

A. A named list of AAA methods must be defined. 

B. A named list of accounting methods must be defined. 

C. Authorization must be configured before accounting. 

D. A named list of tracking methods must be defined. 

View Answer

Q9. The NAC Agent v4.9.x uses which ports and protocols to communicate with an ISE Policy Service Node? 

A. tcp/8905, http/80, ftp/21 

B. tcp/8905, http/80, https/443 

C. udp/8905, telnet/23, https/443 

D. udp/8906, http/80, https/443 

View Answer

Q10. Which two profile attributes can be collected by a Cisco Wireless LAN Controller that supports Device Sensor? (Choose two.) 

A. LLDP agent information 

B. user agent 

C. DHCP options 

D. open ports 

E. CDP agent information 

F. FQDN 

View Answer

Q11. Which feature enables the Cisco ISE DHCP profiling capabilities to determine and enforce authorization policies on mobile devices? 

A. disabling the DHCP proxy option 

B. DHCP option 42 

C. DHCP snooping 

D. DHCP spoofing 

View Answer

Q12. An organization has recently deployed ISE with the latest models of Cisco switches, and it plans to deploy Trustsec to secure its infrastructure. The company also wants to allow different network access policies for different user groups (e.g., administrators). Which solution is needed to achieve these goals? 

A. Cisco Security Group Access Policies in order to use SGACLs to control access based on SGTs assigned to different users 

B. MACsec in Multiple-Host Mode in order to open or close a port based on a single authentication 

C. Identity-based ACLs on the switches with user identities provided by ISE 

D. Cisco Threat Defense for user group control by leveraging Netflow exported from the switches and login information from ISE 

View Answer

Q13. Which profiling capability allows you to gather and forward network packets to an analyzer? 

A. collector 

B. spanner 

C. retriever 

D. aggregator 

View Answer

Q14. In the command 'aaa authentication default group tacacs local', how is the word 'default' defined? 

A. Command set 

B. Group name 

C. Method list 

D. Login type 

View Answer

Q15. Refer to the exhibit. 

You are troubleshooting RADIUS issues on the network and the debug radius command returns the given output. What is the most likely reason for the failure? 

A. An invalid username or password was entered. 

B. The RADIUS port is incorrect. 

C. The NAD is untrusted by the RADIUS server. 

D. The RADIUS server is unreachable. 

E. RADIUS shared secret does not match 

View Answer

Q16. Refer to the exhibit. 

You are configuring permissions for a new Cisco ISE standard authorization profile. If you configure the Tunnel-Private-Group-ID attribute as shown, what does the value 123 represent? 

A. the VLAN ID 

B. the VRF ID 

C. the tunnel ID 

D. the group ID 

View Answer

Q17. In this simulation, you are task to examine the various authentication events using the ISE GUI. For example, you should see events like Authentication succeeded. Authentication failed and etc... 

Which three statements are correct regarding the events with the 20 repeat count that occurred at 2014-05-07 00:22:48.748? (Choose three.) 

A. The device was successfully authenticated using MAB. 

B. The device matched the Machine_Corp authorization policy. 

C. The Print Servers authorization profile were applied. 

D. The device was profiled as a Linksys-PrintServer. 

E. The device MAC address is 00:14:BF:70:B5:FB. 

F. The device is connected to the Gi0/1 switch port and the switch IP address is 10.10.2.2. 

View Answer