Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
P.S. Precise 300-208 preparation exams are available on Google Drive, GET MORE: https://drive.google.com/open?id=1yGEdwxIKhFIrcjJSl9zh7C6TjZ5L9Txo
Question No: 14
Refer to the exhibit.
You are configuring permissions for a new Cisco ISE standard authorization profile. If you
configure the Tunnel-Private-Group-ID attribute as shown, what does the value 123 represent?
A. the VLAN ID
B. the VRF ID
C. the tunnel ID
D. the group ID
Answer: A
Question No: 15
A user configured a Cisco Identity Service Engine and switch to work with downloadable access list for wired dot1x users, though it is failing to work. Which command must be added to address the issue?
A. ip dhcp snooping
B. ip device tracking
C. dot1x pae authenticator
D. aaa authentication dot1x default group radius
Answer: B
Question No: 16
Which two switchport commands enable MAB and allow non-802.1X capable devices to immediately run through the MAB process? (Choose two.)
A. authentication order mab dot1x
B. authentication order dot1x mab
C. no authentication timer
D. dot1x timeout tx-period
E. authentication open
F. mab
Answer: A,F
Question No: 17
Cisco 802.1X phasing enables flexible deployments through the use of open, low-impact, and closed modes. What is a unique characteristic of the most secure mode?
A. Granular ACLs applied prior to authentication
B. Per user dACLs applied after successful authentication
C. Only EAPoL traffic allowed prior to authentication
D. Adjustable 802.1X timers to enable successful authentication
Answer: C
Question No: 18
In a basic ACS deployment consisting of two servers, for which three tasks is the primary server responsible? (Choose three.)
A. configuration
B. authentication
C. sensing
D. policy requirements
E. monitoring
F. repudiation
Answer: A,B,D
Question No: 19
In Cisco ISE 1.3, which feature is available to a sponsor in a sponsor group?
A. Help employees add and manage new devices by entering the MAC address for the device.
B. Restrict sponsors from viewing guest passwords.
C. Allow the user to download a native supplicant profile.
D. Reinstate or delete devices that were registered previously.
Answer: B
Question No: 20
Which two options are EAP methods supported by Cisco ISE? (Choose two.)
A. EAP-FAST
B. EAP-TLS
C. EAP-MS-CHAPv2
D. EAP-GTC
Answer: A,B
Question No: 21
Which statement about the CAK is true?
A. It is the master key that generates the other keys that MACsec requires.
B. Failed MACsec connections fall back to MAB by default.
C. It is the key that is used to discover MACsec peers and perform key negotiation between the peers.
D. It is the secret key that encrypts traffic during the connection.
E. It is the key that is used to negotiate session encryption keys.
Answer: A
Question No: 22
Which protocol sends authentication and accounting in different requests?
A. RADIUS
B. TACACS+
C. EAP-Chaining
D. PEAP
E. EAP-TLS
Answer: B
Question No: 23
A network administrator needs to implement a service that enables granular control of IOS commands that can be executed. Which AAA authentication method should be selected?
A. TACACS+
B. RADIUS
C. Windows Active Directory
D. Generic LDAP
Answer: A
100% Up to the minute Cisco 300-208 Questions & Answers shared by Examcollection, Get HERE: http://www.examcollectionuk.com/300-208-vce-download.html (New 310 Q&As)