This page was exported from Latest Lead2pass Dumps For Sharing [ https://www.ensurepass.net ] Export date:Wed Jan 22 10:44:48 2025 / +0000 GMT ___________________________________________________ Title: [2017 New] New Released Cisco 300-208 Exam Questions From Cisco Exam Center (51-75) --------------------------------------------------- 2017 July Cisco Official New Released 300-208 Dumps in Lead2pass.com! 100% Free Download! 100% Pass Guaranteed! Good news, Lead2pass has updated the 300-208 exam dumps. With all the questions and answers in your hands, you will pass the Cisco 300-208 exam easily. Following questions and answers are all new published by Cisco Official Exam Center: https://www.lead2pass.com/300-208.html QUESTION 51Which two attributes must match between two Cisco ASA devices to properly enable high availability? (Choose two.) A.    model, interface configuration, and RAMB.    major and minor software releaseC.    tcp dead-peer detection protocolD.    802.1x authentication identityAnswer: AB QUESTION 52What are two client-side requirements of the NAC Agent and NAC Web Agent installation? (Choose two.) A.    Administrator workstation rightsB.    Active Directory Domain membershipC.    Allowing of web browser activex installationD.    WSUS service running Answer: AC QUESTION 53Which three algorithms should be avoided due to security concerns? (Choose three.) A.    DES for encryptionB.    SHA-1 for hashingC.    1024-bit RSAD.    AES GCM mode for encryptionE.    HMAC-SHA-1F.    256-bit Elliptic Curve Diffie-HellmanG.    2048-bit Diffie-Hellman Answer: ABC QUESTION 54In the command 'aaa authentication default group tacacs local', how is the word 'default' defined? A.    Command setB.    Group nameC.    Method listD.    Login type Answer: C QUESTION 55Which statement about IOS accounting is true? A.    A named list of AAA methods must be defined.B.    A named list of accounting methods must be defined.C.    Authorization must be configured before accounting.D.    A named list of tracking methods must be defined. Answer: C QUESTION 56What are the initial steps to configure an ACS as a TACACS server? A.    1. Choose Network Devices and AAA Clients > Network Resources.2. Click Create.B.    1. Choose Network Resources > Network Devices and AAA Clients.2. Click Create.C.    1. Choose Network Resources > Network Devices and AAA Clients.2. Click Manage.D.    1. Choose Network Devices and AAA Clients > Network Resources.2. Click Install. Answer: B QUESTION 57Which effect does the ip http secure-server command have on a Cisco ISE? A.    It enables the HTTP server for users to connect on the command line.B.    It enables the HTTP server for users to connect by using web-based authentication.C.    It enables the HTTPS server for users to connect by using web-based authentication.D.    It enables the HTTPS server for users to connect on the command line. Answer: C QUESTION 58A network administrator needs to implement a service that enables granular control of IOS commands that can be executed. Which AAA authentication method should be selected? A.    TACACS+B.    RADIUSC.    Windows Active DirectoryD.    Generic LDAP Answer: A QUESTION 59An administrator can leverage which attribute to assign privileges based on Microsoft Active Directory user groups? A.    member ofB.    groupC.    classD.    person Answer: A QUESTION 60Cisco 802.1X phasing enables flexible deployments through the use of open, low-impact, and closed modes. What is a unique characteristic of the most secure mode? A.    Granular ACLs applied prior to authenticationB.    Per user dACLs applied after successful authenticationC.    Only EAPoL traffic allowed prior to authenticationD.    Adjustable 802.1X timers to enable successful authentication Answer: C QUESTION 61A network administrator must enable which protocol extension to utilize EAP-Chaining? A.    EAP-FASTB.    EAP-TLSC.    MSCHAPv2D.    PEAP Answer: A QUESTION 62In the command 'aaa authentication default group tacacs local', how is the word 'default' defined? A.    Command setB.    Group nameC.    Method listD.    Login type Answer: C QUESTION 63Changes were made to the ISE server while troubleshooting, and now all wireless certificate authentications are failing. Logs indicate an EAP failure. What is the most likely cause of the problem? A.    EAP-TLS is not checked in the Allowed Protocols listB.    Certificate authentication profile is not configured in the Identity StoreC.    MS-CHAPv2-is not checked in the Allowed Protocols listD.    Default rule denies all trafficE.    Client root certificate is not included in the Certificate Store Answer: A QUESTION 64The NAC Agent uses which port and protocol to send discovery packets to an ISE Policy Service Node? A.    tcp/8905B.    udp/8905C.    http/80D.    https/443 Answer: B QUESTION 65Which two conditions are valid when configuring ISE for posturing? (Choose two.) A.    DictionaryB.    memberOfC.    Profile statusD.    FileE.    Service Answer: DE QUESTION 66Refer to the exhibit. Which three statements about the given configuration are true? (Choose three.)   A.    TACACS+ authentication configuration is complete.B.    TACACS+ authentication configuration is incomplete.C.    TACACS+ server hosts are configured correctly.D.    TACACS+ server hosts are misconfigured.E.    The TACACS+ server key is encrypted.F.    The TACACS+ server key is unencrypted. Answer: BCF QUESTION 67In AAA, what function does authentication perform? A.    It identifies the actions that the user can perform on the device.B.    It identifies the user who is trying to access a device.C.    It identifies the actions that a user has previously taken.D.    It identifies what the user can access. Answer: B QUESTION 68Which identity store option allows you to modify the directory services that run on TCP/IP? A.    Lightweight Directory Access ProtocolB.    RSA SecurID serverC.    RADIUSD.    Active Directory Answer: A QUESTION 69Which term describes a software application that seeks connectivity to the network via a network access device? A.    authenticatorB.    serverC.    supplicantD.    WLC Answer: C QUESTION 70Cisco ISE distributed deployments support which three features? (Choose three.) A.    global implementation of the profiler service CoAB.    global implementation of the profiler service in Cisco ISEC.    configuration to send system logs to the appropriate profiler nodeD.    node-specific probe configurationE.    server-specific probe configurationF.    NetFlow probes Answer: ACD QUESTION 71An organization has recently deployed ISE with the latest models of Cisco switches, and it plans to deploy Trustsec to secure its infrastructure. The company also wants to allow different network access policies for different user groups (e.g., administrators). Which solution is needed to achieve these goals? A.    Cisco Security Group Access Policies in order to use SGACLs to control access based on SGTs assigned to different usersB.    MACsec in Multiple-Host Mode in order to open or close a portbased on a single authenticationC.    Identity-based ACLs on the switches with user identities provided by ISED.    Cisco Threat Defense for user group control by leveraging Netflow exported from the switches and login information from ISE Answer: A QUESTION 72Security Group Access requires which three syslog messages to be sent to Cisco ISE? (Choose three.) A.    IOS-7-PROXY_DROPB.    AP-1-AUTH_PROXY_DOS_ATTACKC.    MKA-2-MACDROPD.    AUTHMGR-5-MACMOVEE.    ASA-6-CONNECT_BUILTF.    AP-1-AUTH_PROXY_FALLBACK_REQ Answer: BDF QUESTION 73Which Cisco IOS IPS feature allows to you remove one or more actions from all active signatures based on the attacker and/or target address criteria, as well as the event risk rating criteria? A.    signature event action filtersB.    signature event action overridesC.    signature attack severity ratingD.    signature event risk rating Answer: A QUESTION 74Which action does the command private-vlan association 100,200 take? A.    configures VLANs 100 and 200 and associates them as a communityB.    associates VLANs 100 and 200 with the primary VLANC.    creates two private VLANs with the designation of VLAN 100 and VLAN 200D.    assigns VLANs 100 and 200 as an association of private VLANs Answer: B QUESTION 75Which of these allows you to add event actions globally based on the risk rating of each event,without having to configure each signature individually? A.    event action summarizationB.    event action filterC.    event action overrideD.    signature event action processor Answer: C Once there are some changes on 300-208 exam questions, we will update the study materials timely to make sure that our customer can download the latest edition. 300-208 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDM1I1WlhIdHJZNjA 2017 Cisco 300-208 exam dumps (All 300 Q&As) from Lead2pass: https://www.lead2pass.com/300-208.html [100% Exam Pass Guaranteed] --------------------------------------------------- Images: --------------------------------------------------- --------------------------------------------------- Post date: 2017-07-12 08:36:48 Post date GMT: 2017-07-12 08:36:48 Post modified date: 2017-07-12 08:36:48 Post modified date GMT: 2017-07-12 08:36:48 ____________________________________________________________________________________________ Export of Post and Page as text file has been powered by [ Universal Post Manager ] plugin from www.gconverters.com