300-208 Premium Bundle

300-208 Premium Bundle

Implementing Cisco Secure Access Solutions (SISAS) Certification Exam

4.5 
(975 ratings)
0 QuestionsPractice Tests
0 PDFPrint version
November 23, 2024Last update

Introducing The New!

Surepassexam Collection

Get Unlimited Access to all
Surepassexam's PREMIUM files

DOWNLOAD NOW
Download Quality. Itexamlabs.com Certified
  1. Home
  2. Cisco
  3. 300-208 Exam

Cisco 300-208 Free Practice Questions

Q1. Changes were made to the ISE server while troubleshooting, and now all wireless certificate authentications are failing. Logs indicate an EAP failure. What is the most likely cause of the problem? 

A. EAP-TLS is not checked in the Allowed Protocols list 

B. Certificate authentication profile is not configured in the Identity Store 

C. MS-CHAPv2-is not checked in the Allowed Protocols list 

D. Default rule denies all traffic 

E. Client root certificate is not included in the Certificate Store 

Answer:

Q2. Which two identity databases are supported when PEAP-MSCHAPv2 is used as EAP type? (Choose two.) 

A. Windows Active Directory 

B. LDAP 

C. RADIUS token server 

D. internal endpoint store 

E. internal user store 

F. certificate authentication profile 

G. RSA SecurID 

Answer: A,E 

Q3. Which three pieces of information can be found in an authentication detail report? (Choose three.) 

A. DHCP vendor ID 

B. user agent string 

C. the authorization rule matched by the endpoint 

D. the EAP method the endpoint is using 

E. the RADIUS username being used 

F. failed posture requirement 

Answer: C,D,E 

Q4. Which functionality does the Cisco ISE self-provisioning flow provide? 

A. It provides support for native supplicants, allowing users to connect devices directly to the network. 

B. It provides the My Devices portal, allowing users to add devices to the network. 

C. It provides support for users to install the Cisco NAC agent on enterprise devices. 

D. It provides self-registration functionality to allow guest users to access the network. 

Answer:

Q5. What is a required configuration step for an 802.1X capable switch to support dynamic 

VLAN and ACL assignments? 

A. Configure the VLAN assignment. 

B. Configure the ACL assignment. 

C. Configure 802.1X authenticator authorization. 

D. Configure port security on the switch port. 

Answer:

Q6. From which location can you run reports on endpoint profiling? 

A. Reports > Operations > Catalog > Endpoint 

B. Operations > Reports > Catalog > Endpoint 

C. Operations > Catalog > Reports > Endpoint 

D. Operations > Catalog > Endpoint 

Answer:

Q7. Which two types of client provisioning resources are used for BYOD implementations? (Choose two.) 

A. user agent 

B. Cisco NAC agent 

C. native supplicant profiles 

D. device sensor 

E. software provisioning wizards 

Answer: C,E 

Q8. Where is client traffic decrypted in a controller-based wireless network protected with WPA2 Security? 

A. Access Point 

B. Switch 

C. Wireless LAN Controller 

D. Authentication Server 

Answer:

Q9. Which two statements about administrative access to the Cisco Secure ACS SE are true? (Choose two.) 

A. The Cisco Secure ACS SE supports command-line connections through a serial-port connection. 

B. For GUI access, an administrative GUI user must be created by using the add-guiadmin command. 

C. The Cisco Secure ACS SE supports command-line connections through an Ethernet interface. 

D. An ACL-based policy must be configured to allow administrative-user access. 

E. GUI access to the Cisco Secure ASC SE is not supported. 

Answer: B,D 

Q10. RAG DROP Answer: 

Answer:

Q11. Which two portals can be configured to use portal FQDN? (Choose two.) 

A. admin 

B. sponsor 

C. guest 

D. my devices 

E. monitoring and troubleshooting 

Answer: B,D 

Q12. Which condition triggers wireless authentication? A. NAS-Port-Type is set to IEEE 802.11. 

B. Framed-Compression is set to None. 

C. Service-Type is set to Framed. 

D. Tunnel-Type is set to VLAN. 

Answer:

Q13. Which three statements describe differences between TACACS+ and RADIUS? (Choose three.) 

A. RADIUS encrypts the entire packet, while TACACS+ encrypts only the password. 

B. TACACS+ encrypts the entire packet, while RADIUS encrypts only the password. 

C. RADIUS uses TCP, while TACACS+ uses UDP. 

D. TACACS+ uses TCP, while RADIUS uses UDP. 

E. RADIUS uses ports 1812 and 1813, while TACACS+ uses port 49. 

F. TACACS+ uses ports 1812 and 1813, while RADIUS uses port 49 

Answer: B,D,E 

Q14. A network administrator must enable which protocol to utilize EAP-Chaining? 

A. EAP-FAST 

B. EAP-TLS 

C. MSCHAPv2 

D. PEAP 

Answer:

Q15. What are two possible reasons why a scheduled nightly backup of ISE to a FTP repository would fail? (Choose two.) 

A. ISE attempted to write the backup to an invalid path on the FTP server. 

B. The ISE and FTP server clocks are out of sync. 

C. The username and password for the FTP server are invalid. 

D. The server key is invalid or misconfigured. 

E. TCP port 69 is disabled on the FTP server. 

Answer: A,C 

Q16. In an 802.1X authorization process, a network access device provides which three functions? (Choose three.) 

A. Filters traffic prior to authentication 

B. Passes credentials to authentication server 

C. Enforces policy provided by authentication server 

D. Hosts a central web authentication page 

E. Confirms supplicant protocol compliance 

F. Validates authentication credentials 

Answer: A,B,C 

Q17. Which three posture states can be used for authorization rules? (Choose three.) 

A. unknown 

B. known 

C. noncompliant 

D. quarantined 

E. compliant 

F. no access 

G. limited 

Answer: A,C,E 

START 300-208 EXAM
© All pages Copyright to 2024 by itexamlabs.com. All rights reserved. testpreplab.com certstest.com