Simulation 300-208 Dumps Questions 2021

NEW QUESTION 1
Which administrative role has permission to assign Security Group Access Control Lists?

• A. System Admin
• B. Network Device Admin
• C. Policy Admin
• D. Identity Admin

Answer: C

NEW QUESTION 2
In Cisco ISE 1.3, where is BYOD enabled with dual-SSID onboarding?

• A. client provisioning policy
• B. client provisioning resources
• C. BYOD portal
• D. guest portal

Answer: D

NEW QUESTION 3
When using a DHCP probe in a Cisco ISE deployment, which type of request triggers an endpoint to be reprofiled?

• A. DHCP Inform
• B. REBINDING
• C. RENEWING
• D. INIT-REBOOT

Answer: D

NEW QUESTION 4
You are troubleshooting reported connectivity issues from remote users who are acessing corporate headquarters via an IPsec VPN connection. What should be your first step in troubleshooting these issues?

• A. issue a show crypto isakmp policy command to verify matching policies of the tunnel endpoints
• B. ping the tunnel endpoint
• C. run a traceroute to verify the tunnel path
• D. debug the connection process and look for any error messages in tunnel establishment

Answer: B

NEW QUESTION 5
Which model does Cisco support in a RADIUS change of authorization implementation?

• A. push
• B. pull
• C. policy
• D. security

Answer: A

NEW QUESTION 6
A security engineer is deploying Cisco ISE for a company's guest user services. Drag and drop the Cisco ISE persona on the left onto its function on the right.

Answer:

Explanation:

NEW QUESTION 7
Which functionality does the Cisco ISE BYOD flow provide?

• A. It provides support for native supplicants, allowing users to connect devices directly to the network.
• B. It provides the My Devices portal, allowing users to add devices to the network.
• C. It provides support for users to install the Cisco NAC agent on enterprise devices.
• D. It provides self-registration functionality to allow guest users to access the network.

Answer: A

NEW QUESTION 8
A network administrator must enable which protocol extension to utilize EAP-Chaining?

• A. EAP-FAST
• B. EAP-TLS
• C. MSCHAPv2
• D. PEAP

Answer: A

NEW QUESTION 9
Which CoA type does a Cisco ISE PSN send to a network access device when a NAG agent reports the OS patch status of a noncompliant endpoint?

• A. CoA-Terminate
• B. CoA-PortBounce
• C. CoA-Reauth
• D. CoA-Remediate

Answer: C

NEW QUESTION 10
What is a requirement for posture administration services in Cisco ISE?

• A. at least one Cisco router to store Cisco ISE profiling policies
• B. Cisco NAC Agents that communicate with the Cisco ISE server
• C. an ACL that points traffic to the Cisco ISE deployment
• D. the advanced license package must be installed

Answer: D

NEW QUESTION 11

Refer to the exhibit. Which authentication method is being used?

• A. PEAP-MSCHAP
• B. EAP-GTC
• C. EAP-TLS
• D. PEAP-TLS

Answer: A

Explanation: These authentication methods are supported with LDAP:
Extensible Authentication Protocol – Generic Token Card (EAP-GTC) Extensible Authentication Protocol – Transport Layer Security (EAP-TLS) Protected Extensible Authentication Protocol – Transport Layer Security (PEAP-

NEW QUESTION 12
An engineer wants to migrate 802.1x deployment phase from Open to low impact mode. Which options she select?

• A. Ingress access list applied to the interface
• B. Authentication host mode to multiple domain
• C. Open authentication to the domain
• D. Authentication host mode to multiple authentication

Answer: A

NEW QUESTION 13
The NAC Agent uses which port and protocol to send discovery packets to an ISE Policy Service Node?

• A. tcp/8905
• B. udp/8905
• C. http/80
• D. https/443

Answer: B

Explanation: http://www.cisco.com/c/en/us/td/docs/security/ise/2-0/installation_guide/b_ise_InstallationGuide20/Cisco_SNS_3400_Series_Appliance_Ports_Reference.html

NEW QUESTION 14
Which three posture states can be used for authorization rules? (Choose three.)

• A. unknown
• B. known
• C. noncompliant
• D. quarantined
• E. compliant
• F. no access
• G. limited

Answer: ACE

NEW QUESTION 15
What are the initial steps must you perform to add the ISE to the WLC?

• A. 1. With a Web browser, establish an HTTP connection to the WLC pod.2. Navigate to Administration > Authentication > New.3. Enter server values to begin the configuration.
• B. 1. With a Web browser, establish an FTP connection to the WLC pod.2. Navigate to Security > Administration > New.3. Add additional security features for FTP authentication.
• C. 1. With a Web browser, establish an HTTP connection to the WLC pod.2. Navigate to Authentication > New.3. Enter ACLs and Authentication methods to begin the configuration.
• D. 1. With a Web browser connect, establish an HTTPS connection to the WLC pod.2. Navigate to Security > Authentication > New.3. Enter server values to begin the configuration.

Answer: D

NEW QUESTION 16
Refer to the exhibit.

Which URL must you enter in the External Webauth URL field to configure Cisco ISE CWA correctly?

• A. https://ip_address:8443/guestportal/Login.action
• B. https://ip_address:443/guestportal/Welcome.html
• C. https://ip_address:443/guestportal/action=cpp
• D. https://ip_address:8905/guestportal/Sponsor.action

Answer: A

NEW QUESTION 17
Which three network access devices allow for static security group tag assignment? (Choose three.)

• A. intrusion prevention system
• B. access layer switch
• C. data center access switch
• D. load balancer
• E. VPN concentrator
• F. wireless LAN controller

Answer: BCE

NEW QUESTION 18
Which option is required for inline security group tag propagation?

• A. Cisco Secure Access Control System
• B. hardware support
• C. Security Group Tag Exchange Protocol (SXP) v4
• D. Cisco Identity Services Engine

Answer: B

NEW QUESTION 19
Which configuration is required in the Cisco ISE Authentication policy to allow Central Web Authentication

• A. Dot1x and if authentication failed continue
• B. MAB and if user not found continue
• C. MAB and if authentication failed continue
• D. Dot1x and if user not found continue

Answer: B