Cisco 300-208 Free Practice Questions 2021

NEW QUESTION 1
An administrator is configuring an ASA firewall for to secure access on ASA firewall in the essence of controlling configuration command executed on the Firewall. Which command will he use?

• A. aaa authorization ssh console
• B. aaa authorization commands
• C. aaa authentication ssh console
• D. aaa authentication exec server-authentication

Answer: D

NEW QUESTION 2
How does the device sensor send information to a RADIUS server?

• A. Accounting
• B. Authorization
• C. Analyzer
• D. Collector

Answer: D

NEW QUESTION 3
You configured wired 802.1X with EAP-TLS on Windows machines. The ISE authentication detail report shows "EAP-TLS failed SSL/TLS handshake because of an unknown CA in the client certificates chain." What is the most likely cause of this error?

• A. The ISE certificate store is missing a CA certificate.
• B. The Wireless LAN Controller is missing a CA certificate.
• C. The switch is missing a CA certificate.
• D. The Windows Active Directory server is missing a CA certificate.

Answer: A

NEW QUESTION 4
In this simulation, you are task to examine the various authentication events using the ISE GUI. For example, you should see events like Authentication succeeded. Authentication failed and etc...


Which four statements are correct regarding the event that occurred at 2014-05-07 00:19:07.004? (Choose four.)

• A. The IT_Corp authorization profile were applied.
• B. The it1 user was matched to the IT_Corp authorization policy.
• C. The it1 user supplicant used the PEAP (EAP-MSCHAPv2) authentication method.
• D. The it1 user was authenticated using MAB.
• E. The it1 user was successfully authenticated against AD1 identity store.
• F. The it1 user machine has been profiled as a Microsoft-Workstation.
• G. The it1 user machine has passed all the posture assessement tests.

Answer: BCEF

Explanation: Here are the details shown for this event:

NEW QUESTION 5
Which definition of “posturing” as it relates to a general network infrastructure and access into the internal network is true?

• A. The process by which an operating system or application running on an endpoint provides critical information about internet activity being used by the endpoint.
• B. The process by which an endpoint device can be monitored while connected to the network to determine if it could contain viruses or potential harmful programs running.
• C. The process by which an operating system or application running on an endpoint provides critical information about the software that is actively running on the device.
• D. The process when software is uploaded to an end device before it is allowed to gain access to a secure network.

Answer: D

NEW QUESTION 6
Which two attributes are delivered by the DHCP probe to the Cisco ISE? (Choose two.)

• A. dhcp-client-identifier
• B. framed-IP-address
• C. host-name
• D. calling-station-ID
• E. MAC address

Answer: AC

NEW QUESTION 7
Which NAC agents support remediation? (Choose three.)

• A. Windows NAC
• B. Windows web-based NAC
• C. MAC NAC
• D. MAC web-based NAC

Answer: ABC

NEW QUESTION 8
Which two protocols does Cisco Prime Infrastructure use for device discovery? (Choose two.)

• A. SNAP
• B. LLDP
• C. RARP
• D. DNS
• E. LACP

Answer: BD

NEW QUESTION 9
Which three statements about the Cisco ISE profiler are true? (Choose three.)

• A. It sends endpoint data to AAA servers.
• B. It collects endpoint attributes.
• C. It stores MAC addresses for endpoint systems.
• D. It monitors and polices router and firewall traffic.
• E. It matches endpoints to their profiles.
• F. It stores endpoints in the Cisco ISE database with their profiles.

Answer: BEF

NEW QUESTION 10
In Cisco ISE, which two actions can be taken based on matching a profiler policy? (Choose two).

• A. exception
• B. network scan (NMAP)
• C. delete endpoint
• D. automatically remediate
• E. create matching identity group

Answer: AB

NEW QUESTION 11
Which three are required steps to enable SXP on a Cisco ASA? (Choose three).

• A. configure AAA authentication
• B. configure password
• C. issue the aaa authorization command aaa-server group command
• D. configure a peer
• E. configure TACACS
• F. issue the cts sxp enable command

Answer: BDF

NEW QUESTION 12
A security engineer has a new TrustSec project and must create a few static security group tag classifications as a proof of concept. Which two classifications can the tags be mapped to? (Choose two.)

• A. VLAN
• B. user ID
• C. interface
• D. switch ID
• E. MAC address

Answer: AC

Explanation: In static classification the tag maps to some thing (an IP, subnet, VLAN, or interface) rather than relying on an authorization from the Cisco ISE.
This process of assigning the SGT is defined as “classification.” These classifications are then transported deeper into the network for policy enforcement

NEW QUESTION 13
A network administrator found that the IP device tracking table on a switch is not getting updated when the client has a static IP address, but if the address is from DHCP, the table is getting updated. Which description of the cause of this issue is true?

• A. The switch code must be upgraded.
• B. IP device tracking is not configured properly
• C. ARP inspection is on and there is no ARP ACL for static clients
• D. IP device tracking does not work with statically assigned IP addresses

Answer: B

NEW QUESTION 14
In this simulation, you are task to examine the various authentication events using the ISE GUI. For example, you should see events like Authentication succeeded. Authentication failed and etc...



Which two statements are correct regarding the event that occurred at 2014-05-07 00:22:48.175? (Choose two.)

• A. The DACL will permit http traffic from any host to 10.10.2.20
• B. The DACL will permit http traffic from any host to 10.10.3.20
• C. The DACL will permit icmp traffic from any host to 10.10.2.20
• D. The DACL will permit icmp traffic from any host to 10.10.3.20
• E. The DACL will permit https traffic from any host to 10.10.3.20

Answer: AE

Explanation: Event Details:

NEW QUESTION 15
In the command 'aaa authentication default group tacacs local', how is the word 'default' defined?

• A. Command set
• B. Group name
• C. Method list
• D. Login type

Answer: C

NEW QUESTION 16
To disable devices not currently on the network?

• A. Shutdown
• B. Disconnect
• C. Dot1x
• D. Cisco NAC Agent

Answer: D

NEW QUESTION 17
When enabling the Cisco IOS IPS feature, which step should you perform to prevent rogue signature updates from being installed on the router?

• A. configure authentication and authorization for maintaining signature updates
• B. install a known RSA public key that correlates to a private key used by Cisco
• C. manually import signature updates from Cisco to a secure server, and then transfer files from the secure server to the router
• D. use the SDEE protocol for all signature updates from a known secure management station

Answer: B

NEW QUESTION 18
An ISE1.3 environment, which path does a network engineer use to set up a self-registered guest portal?

• A. Guest Access > Configure > Guest Portals
• B. Security > Access Control Lists > Guest Portals
• C. Policy > Settings > Guest Portals
• D. Policy > Authorization > Guest Portals

Answer: A

NEW QUESTION 19
In the command 'aaa authentication default group tacacs local', how is the word 'default' defined?

• A. Command set
• B. Group name
• C. Method list
• D. Login type

Answer: C