Precise 300-208 Dumps 2021

NEW QUESTION 1
Cisco ISE distributed deployments support which three features? (Choose three.)

• A. global implementation of the profiler service CoA
• B. global implementation of the profiler service in Cisco ISE
• C. configuration to send system logs to the appropriate profiler node
• D. node-specific probe configuration
• E. server-specific probe configuration
• F. NetFlow probes

Answer: ACD

NEW QUESTION 2
What are two methods of enforcement with SGTs?

• A. SG-ACLs on switches.
• B. SG-ACLs on routers.
• C. SG-Firewalls.
• D. SG-Appliances.
• E. SGTs are not enforced.

Answer: AC

NEW QUESTION 3
The switch 2960-x the below configuration: (sw-if)# switchport mode access
(sw-if)# authentication port-control auto (sw-if)# dot1x pae authenticator
After you connected unmanaged switch to the port dot1x failed, what is the problem ?

• A. missing command "mab"
• B. there is no Bpdu in the port
• C. eapol packet not received in the port
• D. missing command "authentication host-mode multi-host"
• E. missing command "authentication host-mode multi-auth

Answer: A

NEW QUESTION 4
Which two EAP types require server side certificates? (Choose two.)

• A. EAP-TLS
• B. EAP-FAST/TLS
• C. EAP-MD5
• D. EAP-PEAP
• E. EAP-FAST/GTC

Answer: AD

NEW QUESTION 5
What attribute could be obtained from the SNMP query probe?

• A. FQDN
• B. CDP
• C. DHCP class identifier
• D. User agent

Answer: B

NEW QUESTION 6
Which option is the correct redirect-ACL for Wired-CWA, with 10.201.228.76 being the Cisco ISE IP address?

• A. ip access-l ex ACL-WEBAUTH-REDIRECT deny udp any any eq domain deny ip any ho 10.201.228.76 permit tcp any any eq 80 permit tcp any any eq 443
• B. ip access-l ex ACL-WEBAUTH-REDIRECT permit udp any any eq domain permit ip any 10.201.228.76 deny tcp any any eq 80 permit tcp any any eq 443
• C. ip access-l ex ACL-WEBAUTH-REDIRECT deny udp any any eq domain permit tcp any 10.201.228.76 eq 8443 deny ip any host 10.201.228.76 permit tcp any any eq 80 permit tcp any 443
• D. ip access-l ex ACL-WEBAUTH-REDIRECT permit udp any any eq domain deny ip any 10.201.228.76 permit tcp any any eq 80permit tcp any any eq 443

Answer: A

NEW QUESTION 7
If the user is in a non-compliant state and wants to Get out of quarantine, what must be done?

• A. download posture
• B. download profiling
• C. download mab
• D. download web agent

Answer: A

NEW QUESTION 8
Which action is a Cisco recommended practice while attempting to increase efficiency on the monitoring nodes?

• A. Back up data and transfer to a remote repository on regular basis
• B. Remove endpoints when not active.
• C. Re-index the data on a regular basis.
• D. Compress the data regularly

Answer: D

NEW QUESTION 9
In the redirect URL authorization attribute, which Cisco ISE node acts as the web server when performing CWA?

• A. Administration
• B. Monitoring
• C. Policy Service
• D. pxGrid

Answer: C

NEW QUESTION 10
An engineer is designing a BYOD environment utilizing Cisco ISE for devices that do not support native supplicants. Which portals must the security engineer configure to accomplish this task?

• A. Client Provisioning Portals
• B. BYOD Portals
• C. My Devices Portals
• D. MDM Portals

Answer: C

NEW QUESTION 11
A network administrator needs to determine the ability of existing network devices to deliver key BYOD services. Which tool will complete a readiness assessment and outline hardware and software capable and incapable devices?

• A. Prime Infrastructure
• B. Network Control System
• C. Cisco Security Manager
• D. Identity Services Engine

Answer: A

NEW QUESTION 12
Prime Uses Which protocol for devices discovery ?

Answer:

Explanation: RARP,LLDP

NEW QUESTION 13
Which two types of web portals are related to guest services? (Choose two )

• A. limited access portal
• B. sponsor portal
• C. guest services portal
• D. user portal
• E. admin portal

Answer: BC

NEW QUESTION 14
An organization has recently deployed ISE with Trustsec capable Cisco switches and would like to allow differentiated network access based on user groups. Which solution is most suitable for achieving these goals?

• A. Cyber Threat Defense for user group control by leveraging Netflow exported from the Cisco switches and identity information from ISE
• B. MACsec in Multiple-Host Mode in order to encrypt traffic at each hop of the network infrastructure
• C. Identity-based ACLs preconfigured on the Cisco switches with user identities provided by ISE
• D. Cisco Security Group Access Policies to control access based on SGTs assigned to different user groups

Answer: D

NEW QUESTION 15
Which two statements about RADIUS are true1? (Choose two.)

• A. It uses UDP ports 1812 and 1813.
• B. It encrypts the payload.
• C. It encrypts the password only
• D. It uses TCP ports 1812 and 1813.
• E. It separates authorization and authentication functions

Answer: AC

NEW QUESTION 16
A user is on a wired connection and the posture status is noncompliant.
Which state will their EPS session be placed in?

• A. disconnected
• B. limited
• C. no access
• D. quarantined

Answer: D

NEW QUESTION 17
When you select Centralized Web Auth in the ISE Authorization Profile, which two components host the web authentication portal? (Choose two.)

• A. ISE
• B. the WLC
• C. the access point
• D. the switch
• E. the endpoints

Answer: BD

NEW QUESTION 18
Which two values are compared by the binary comparison function in authentication that is based on Active Directory?

• A. subject alternative name and the common name
• B. user-presented password hash and a hash stored in Active Directory
• C. user-presented certificate and a certificate stored in Active Directory
• D. MS-CHAPv2 provided machine credentials and credentials stored in Active Directory

Answer: AD

NEW QUESTION 19
What type of identity group is the Blacklist identity group?

• A. endpoint
• B. user
• C. blackhole
• D. quarantine
• E. denied systems

Answer: A