300-208 Premium Bundle

300-208 Premium Bundle

Implementing Cisco Secure Access Solutions (SISAS) Certification Exam

4.5 
(34890 ratings)
0 QuestionsPractice Tests
0 PDFPrint version
November 23, 2024Last update

Introducing The New!

Surepassexam Collection

Get Unlimited Access to all
Surepassexam's PREMIUM files

DOWNLOAD NOW
Download Quality. Itexamlabs.com Certified
  1. Home
  2. Cisco
  3. 300-208 Exam

Cisco 300-208 Free Practice Questions

Q1. The corporate security policy requires multiple elements to be matched in an authorization policy. Which elements can be combined to meet the requirement? 

A. Device registration status and device activation status 

B. Network access device and time condition 

C. User credentials and server certificate 

D. Built-in profile and custom profile 

Answer:

Q2. Which effect does the ip http secure-server command have on a Cisco ISE? 

A. It enables the HTTP server for users to connect on the command line. 

B. It enables the HTTP server for users to connect by using web-based authentication. 

C. It enables the HTTPS server for users to connect by using web-based authentication. 

D. It enables the HTTPS server for users to connect on the command line. 

Answer:

Q3. In the command 'aaa authentication default group tacacs local', how is the word 'default' defined? 

A. Command set 

B. Group name 

C. Method list 

D. Login type 

Answer:

Q4. Which command enables static PAT for TCP port 25? 

A. nat (outside,inside) static 209.165.201.3 209.165.201.226 eq smtp 

B. nat static 209.165.201.3 eq smtp 

C. nat (inside,outside) static 209.165.201.3 service tcp smtp smtp 

D. static (inside,outside) 209.165.201.3 209.165.201.226 netmask 255.255.255.255 

Answer:

Q5. Which two portals can be configured to use portal FQDN? (Choose two.) 

A. admin 

B. sponsor 

C. guest 

D. my devices 

E. monitoring and troubleshooting 

Answer: B,D 

Q6. A network administrator needs to implement a service that enables granular control of IOS commands that can be executed. Which AAA authentication method should be selected? 

A. TACACS+ 

B. RADIUS 

C. Windows Active Directory 

D. Generic LDAP 

Answer:

Q7. Which RADIUS attribute is used primarily to differentiate an IEEE 802.1x request from a Cisco MAB request? 

A. RADIUS Attribute (5) NAS-Port 

B. RADIUS Attribute (6) Service-Type 

C. RADIUS Attribute (7) Framed-Protocol 

D. RADIUS Attribute (61) NAS-Port-Type 

Answer:

Q8. Which two statements about MAB are true? (Choose two.) 

A. It requires a preexisting database of the MAC addresses of permitted devices. 

B. It is unable to control network access at the edge. 

C. If MAB fails, the device is unable to fall back to another authentication method. 

D. It is unable to link the IP and MAC addresses of a device. 

E. It is unable to authenticate individual users. 

Answer: A,E 

Q9. Which condition triggers wireless authentication? A. NAS-Port-Type is set to IEEE 802.11. 

B. Framed-Compression is set to None. 

C. Service-Type is set to Framed. 

D. Tunnel-Type is set to VLAN. 

Answer:

Q10. Which Cisco ISE feature can differentiate a corporate endpoint from a personal device? 

A. EAP chaining 

B. PAC files 

C. authenticated in-band provisioning 

D. machine authentication 

Answer:

Q11. What is the effect of the ip http secure-server command on a Cisco ISE? 

A. It enables the HTTP server for users to connect on the command line. 

B. It enables the HTTP server for users to connect using Web-based authentication. 

C. It enables the HTTPS server for users to connect using Web-based authentication. 

D. It enables the HTTPS server for users to connect on the command line. 

Answer:

Q12. During client provisioning on a Mac OS X system, the client system fails to renew its IP address. Which change can you make to the agent profile to correct the problem? 

A. Enable the Agent IP Refresh feature. 

B. Enable the Enable VLAN Detect Without UI feature. 

C. Enable CRL checking. 

D. Edit the Discovery Host parameter to use an IP address instead of an FQDN. 

Answer:

Q13. Which two EAP types require server side certificates? (Choose two.) 

A. EAP-TLS 

B. PEAP 

C. EAP-MD5 

D. LEAP 

E. EAP-FAST 

F. MSCHAPv2 

Answer: A,B 

Q14. When RADIUS NAC and AAA Override are enabled for a WLC on a Cisco ISE, which two statements about RADIUS NAC are true? (Choose two.) 

A. It returns an access-accept and sends the redirection URL for all users. 

B. It establishes secure connectivity between the RADIUS server and the Cisco ISE. 

C. It allows the Cisco ISE to send a CoA request that indicates when the user is authenticated. 

D. It is used for posture assessment, so the Cisco ISE changes the user profile based on posture result. 

E. It allows multiple users to authenticate at the same time. 

Answer: C,D 

Q15. How frequently does the Profiled Endpoints dashlet refresh data? 

A. every 30 seconds 

B. every 60 seconds 

C. every 2 minutes 

D. every 5 minutes 

Answer:

Q16. A network engineer is configuring HTTP based CWA on a switch. Which three configuration elements are required? (Choose three.) 

A. HTTP server enabled 

B. Radius authentication on the port with MAB 

C. Redirect access-list 

D. Redirect-URL 

E. HTTP secure server enabled 

F. Radius authentication on the port with 802.1x 

G. Pre-auth port based access-list 

Answer: A,B,C 

Q17. In the command 'aaa authentication default group tacacs local', how is the word 'default' defined? 

A. Command set 

B. Group name 

C. Method list 

D. Login type 

Answer:

START 300-208 EXAM
© All pages Copyright to 2024 by itexamlabs.com. All rights reserved. testpreplab.com certstest.com