[2017 New] 300-208 New Questions Free Download In Lead2pass (201-225)

2017 August Cisco Official New Released 300-208 Dumps in Lead2pass.com!

100% Free Download! 100% Pass Guaranteed!

The Cisco 300-208 exam is a very hard exam to successfully pass. Here you will find free Lead2pass Cisco practice sample exam test questions that will help you prepare in passing the 300-208 exam. Lead2pass Guarantees you 100% pass exam 300-208.

Following questions and answers are all new published by Cisco Official Exam Center: https://www.lead2pass.com/300-208.html

QUESTION 201
Refer to the exhibit. In a distributed deployment of Cisco ISE, which column in Figure 1 is used to fill in the Host Name field in Figure 2 to collect captures on Cisco ISE while authenticating the specific endpoint?

 

A.    Server
B.    Network Device
C.    Endpoint ID
D.    Identity

Answer: A

QUESTION 202
Which ISE feature is used to facilitate a BYOD deployment?

A.    self-service personal device registration and onboarding
B.    Guest Service Sponsor Portal
C.    Local Web Auth
D.    Guest Identity Source Sequence

Answer: A

QUESTION 203
What are two actions that can occur when an 802.1X-enabled port enters violation mode? (Choose two.)

A.    The port is error disabled.
B.    The port drops packets from any new device that sends traffic to the port.
C.    The port generates a port resistance error.
D.    The port attempts to repair the violation.
E.    The port is placed in quarantine state.
F.    The port is prevented from authenticating indefinitely.

Answer: AB

QUESTION 204
Which option describes the purpose of configuring Native Supplicant Profile on the Cisco ISE?

A.    It helps employees add and manage new devices by entering the MAC address for the device.
B.    It is used to register personal devices on the network.
C.    It enforces the use of MSCHAPv2 or EAP-TLS for 802.1X authentication.
D.    It provides posture assessments and remediation for devices that are attempting to gain access to the corporate network.

Answer: C

QUESTION 205
Which configuration is required in the Cisco ISE Authentication policy to allow Central Web Authentication?

A.    Dot1x and if authentication failed continue
B.    MAB and if user not found continue
C.    MAB and if authentication failed continue
D.    Dot1x and if user not found continue

Answer: B

QUESTION 206
In a Cisco ISE deployment, which traffic is permitted by the default dynamic ACL?

A.    all IP traffic
B.    management traffic only
C.    TCP traffic only
D.    UDP traffic only

Answer: A

QUESTION 207
Which redirect-URL is pushed by Cisco ISE for posture redirect for corporate users?

A.    https://ise1.cisco.com:8443/portal/gateway?sessionId=0A00023D0000003A239F78CC&po rtal=283258a0-e96e-11e4-a30a-
005056bf01c9&action=cpp&token=a1a6ea71ea8f410c2637e11ba534379e
B.    https://ise1.cisco.com:8443/portal/gateway?sessionId=0A00023D0000003A239F78CC&po rtal=283258a0-e96e-11e4-a30a-
005056bf01c9&action=cwa&token=a1a6ea71ea8f410c2637e11ba534379e
C.    https://ise1.cisco.com:8443/portal/gateway?sessionId=0A00023D0000003A239F78CC&po rtal=283258a0-e96e-11e4-a30a-
005056bf01c9&action=mdm&token=a1a6ea71ea8f410c2637e11ba534379e
D.    https://ise1.cisco.com:8443/portal/gateway?sessionId=0A00023D0000003A239F78CC&po rtal=283258a0-e96e-11e4-a30a-
005056bf01c9&action=drw&token=a1a6ea71ea8f410c2637e11ba534379e

Answer: A

QUESTION 208
Scenario:
Currently, many users are expehecing problems using their AnyConnect NAM supplicant to login to the network. The rr desktop support staff have already examined and vehfed the AnyConnect NAM configuration is correct.
In this simulation, you are tasked to examine the various ISE GUI screens to determine the ISE current configurations to help isolate the problems. Based on the current ISE configurations, you will need to answer three multiple choice questions.
To access the ISE GUI, click on the ISE icon in the topology diagram to access the ISE GUI.
Not all the ISE GUI screen are operational in this simulation and some of the ISE GUI operations have been reduced in this simulation.
Not all the links on each of the ISE GUI screen works, if some of the links are not working on a screen, click Home to go back to the Home page first. From the Home page, you can access all the required screens.
To view some larger GUI screens, use the simulation window scroll bars. Some of the larger GUI screens only shows partially but will include all information required to complete this simulation.

 

 

Determine which can be two reasons why many users like the Sales and fT users are not able to authenticate and access the network using their AnyConnect NAM client with EAP- FAST.(Choose two.)

A.    The DotlX authentication policy is not allowing the EAP-FAST protocol.
B.    The rr_Corp authorization profile has the wrong Access Type configured.
C.    The authorization profile used for the Sales users is misconfigured.
D.    The order for the MAB authentication policy and the DotlX authentication policy should be reversed.
E.    Many of the fT Sales and fT user machines are not passing the ISE posture accessment.
F.    he PERMrr_ALL_TRAFFIC DACL is missing the permit ip any any statement it the end.
G.    The Employee_FullAccess_DACL DACL is missing the permit ip any any statement in the end.

Answer: AD

QUESTION 209
Which 802.1X command ignores Access-Reject during EAP authentication?

A.    dot1x pae authenticator
B.    switchport mode access
C.    authentication port-control auto
D.    authentication open
E.    authentication host-mode multi-domain

Answer: D

QUESTION 210
Refer to the exhibit. If a user with privilege 15 is matching this command set on Cisco ISE 2.0, which three commands can the user execute? (Choose three.)

 

A.    configure terminal
B.    show run
C.    show clock
D.    ping 10.10.100.1
E.    exit
F.    show ip interface brief

Answer: BCF

QUESTION 211
Which two options must be used on Cisco ISE to enable the TACACS+ feature? (Choose two.)

A.    TACACS External Servers
B.    TACACS+ Authentication Settings
C.    TACACS Server Sequence
D.    Enable Device Admin Service
E.    TACACS Command Sets
F.    TACACS Profiles
G.    Device Administration License

Answer: DG

QUESTION 212
Which operating system type needs access to the Internet to download the application that is required for BYOD on-boarding?

A.    iOS
B.    OSX
C.    Android
D.    Windows

Answer: C

QUESTION 107
Refer to the exhibit. Which two things must be verified if authentication is failing with this error message? (Choose two.)

 

A.    Cisco ISE EAP identity certificate is valid.
B.    CA cert chain of Cisco ISE EAP certificate is installed on the trusted certs store of the client machine.
C.    CA cert chain of the client certificate is installed on Cisco ISE.
D.    Cisco ISE HTTPS/admin certificate is valid.
E.    Cisco ISE server certificate is installed on the client.

Answer: AB

QUESTION 213
Which three pieces of information can be found in an authentication detail report? (Choose three.)

A.    DHCP vendor ID
B.    user agent string
C.    the authorization rule matched by the endpoint
D.    the EAP method the endpoint is using
E.    the RADIUS username being used
F.    failed posture requirement

Answer: CDE

QUESTION 214
Which profiling capability allows you to gather and forward network packets to an analyzer?

A.    collector
B.    spanner
C.    retriever
D.    aggregator

Answer: A

QUESTION 215
Scenario:
Currently, many users are expehecing problems using their AnyConnect NAM supplicant to login to the network. The rr desktop support staff have already examined and vehfed the AnyConnect NAM configuration is correct.
In this simulation, you are tasked to examine the various ISE GUI screens to determine the ISE current configurations to help isolate the problems. Based on the current ISE configurations, you will need to answer three multiple choice questions.
To access the ISE GUI, click on the ISE icon in the topology diagram to access the ISE GUI.
Not all the ISE GUI screen are operational in this simulation and some of the ISE GUI operations have been reduced in this simulation.
Not all the links on each of the ISE GUI screen works, if some of the links are not working on a screen, click Home to go back to the Home page first. From the Home page, you can access all the required screens.
To view some larger GUI screens, use the simulation window scroll bars. Some of the larger GUI screens only shows partially but will include all information required to complete this simulation.

 

 

Which two of the following statements are correct? (Choose two.)

A.    The ISE is not able to successfully connect to the hq-srv.secure-x. local AD server.
B.    The ISE internal endpoints database is used authenticate any users not in the Active Directory domain.
C.    The ISE internal user database has two accounts enabled: student and test that maps to the Employee user identity group.
D.    Guest_Portal_Sequence is a built-in identity source sequence.

Answer: BD

QUESTION 216
By default, how many days does Cisco ISE wait before it purges the expired guest accounts?

A.    1
B.    10
C.    15
D.    20

Answer: C

QUESTION 217
In Cisco ISE 1.3, which feature is available to a sponsor in a sponsor group?

A.    Help employees add and manage new devices by entering the MAC address for the device.
B.    Restrict sponsors from viewing guest passwords.
C.    Allow the user to download a native supplicant profile.
D.    Reinstate or delete devices that were registered previously.

Answer: B

QUESTION 218
Which option is one method for transporting security group tags throughout the network?

A.    by embedding the SGT in the IP header
B.    via Security Group Exchange Protocol
C.    by embedding the SGT in the 802.1Q header
D.    by enabling 802.1AE on every network device

Answer: B

QUESTION 219
Which two options can a sponsor select to create bulk guest accounts from the sponsor portal? (Choose two.)

A.    Known
B.    Random
C.    Monthly
D.    Imported
E.    Daily
F.    Yearly

Answer: BD

QUESTION 220
Which components must be selected for a client provisioning policy to do a Posture check on the Cisco ISE?

A.    Configuration Wizard, Wizard Profile
B.    Remediation Actions, Posture Requirements
C.    Operating System, Posture Requirements
D.    Agent, Profile, Compliance Module

Answer: D

QUESTION 221
How many bits are in a security group tag?

A.    64
B.    8
C.    16
D.    32

Answer: C

QUESTION 222
Which attribute is needed for Cisco ISE to profile a device with HTTP probe?

A.    user-agent
B.    OUI
C.    host-name
D.    cdp-cache-platform
E.    dhcp-class-identifier
F.    sysDescr

Answer: A

QUESTION 223
Which two posture redirect ACLs and remediation DACLs must be pushed from Cisco ISE to a Cisco IOS switch if the endpoint must remediate itself The ISE IP address is 10.201.228.76 and the IP address of the remediating server is 10.201.229.1. (Choose two.)

A.    ip access-l ex ACL-POSTURE-REDIRECT
deny udp any any eq domain
deny ip any host 10.201.228.76
permit tcp any any eq 80 permit tcp any any eq 443
B.    ip access-l ex ACL-POSTURE-REDIRECT
deny udp any any eq domain
deny ip any host 10.201.228.76
deny ip any host 10.201.229.1
permit tcp any any eq 80
permit tcp any any eq 443
C.    ip access-l ex ACL-POSTURE-REDIRECT
deny udp any any eq domain
permit ip any host 10.201.228.76
permit ip any host 10.201.229.1 deny ip any any
D.    POSTURE_REMEDIATION DACL
permit udp any any eq domain
permit tcp any host 10.201.228.76
permit tcp any any eq 80
permit tcp any any eq 443
E.    POSTURE_REMEDIATION DACL
permit udp any any eq domain
deny tcp any host 10.201.228.76
permit tcp any any eq 80
permit tcp any any eq 443
permit ip any host 10.210.229.1
F.    POSTURE_REMEDIATION DACL
permit udp any any eq domain
deny tcp any host 10.201.228.76
deny ip any host 10.210.229.1
permit tcp any any eq 80
permit tcp any any eq 443

Answer: CD

QUESTION 224
Scenario:
Currently, many users are expehecing problems using their AnyConnect NAM supplicant to login to the network. The rr desktop support staff have already examined and vehfed the AnyConnect NAM configuration is correct.
In this simulation, you are tasked to examine the various ISE GUI screens to determine the ISE current configurations to help isolate the problems. Based on the current ISE configurations, you will need to answer three multiple choice questions.
To access the ISE GUI, click on the ISE icon in the topology diagram to access the ISE GUI.
Not all the ISE GUI screen are operational in this simulation and some of the ISE GUI operations have been reduced in this simulation.
Not all the links on each of the ISE GUI screen works, if some of the links are not working on a screen, click Home to go back to the Home page first. From the Home page, you can access all the required screens.
To view some larger GUI screens, use the simulation window scroll bars. Some of the larger GUI screens only shows partially but will include all information required to complete this simulation.

 

 

Which of the following statement is correct?

A.    Currently,IT users who successfully authenticate will have their packets tagged withaSGTof3.
B.    Currently,ITusers who successfully authenticate will be assigned to VLAN 9.
C.    Currently, any domain administrator who successfully authenticate will be assigned to VLAN 10.
D.    Computers belonging to the secure-x domain which passes machine authentication but failed user authentication will have the Employee_Restricted_DACL applied.
E.    Print Servers matching the Linksys-PrintServer identity group will have the following access restrictions:permit icmp any host 10.10.2.20 permit tcp any host 10.10.2.20 eq 80 permit icmp any host 10.10.3.20 permit tcp any host 10.10.3.20 eq 80 deny ip any any

Answer: C

QUESTION 225
Refer to the exhibit. If the user matches the given TACACS+ profile on Cisco ISE, which command can the user enter from shell prompt on a Cisco switch?

 

A.    enable
B.    enable 10
C.    show run
D.    configure terminal

Answer: B

Lead2pass new released premium 300-208 exam dumps guarantee you a 100% exam success or we promise full money back! Download Cisco 300-208 exam dumps full version from Lead2pass instantly!

300-208 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDM1I1WlhIdHJZNjA

2017 Cisco 300-208 exam dumps (All 300 Q&As) from Lead2pass:

https://www.lead2pass.com/300-208.html [100% Exam Pass Guaranteed]

admin
Author

admin