P.S. Free 300-208 dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=0B-ob6L_QjGLpfkFleG9jUGxxS3kwS0VwcllTWmlxdTlBZUd5cnBkaG5DSE5FbU5yOEpYQzQ
QUESTION 121 Which two are valid ISE posture conditions? (Choose two.)
A. Dictionary B. memberOf C. Profile status D. File E. Service
Answer: DE
QUESTION 122 A network engineer is configuring HTTP based CWA on a switch. Which three configuration elements are required? (Choose three.)
A. HTTP server enabled B. Radius authentication on the port with MAB C. Redirect access-list D. Redirect-URL E. HTTP secure server enabled F. Radius authentication on the port with 802.1x G. Pre-auth port based access-list
Answer: ABC
QUESTION 123 Which three statements describe differences between TACACS+ and RADIUS? (Choose three.)
A. RADIUS encrypts the entire packet, while TACACS+ encrypts only the password. B. TACACS+ encrypts the entire packet, while RADIUS encrypts only the password. C. RADIUS uses TCP, while TACACS+ uses UDP. D. TACACS+ uses TCP, while RADIUS uses UDP. E. RADIUS uses ports 1812 and 1813, while TACACS+ uses port 49. F. TACACS+ uses ports 1812 and 1813, while RADIUS uses port 49.
Answer: BDE
QUESTION 124 Which two identity store options allow you to authorize based on group membership? (Choose two).
A. Lightweight Directory Access Protocol B. RSA SecurID server C. RADIUS D. Active Directory
Answer: AD
QUESTION 125 What attribute could be obtained from the SNMP query probe?
A. FQDN B. CDP C. DHCP class identifier D. User agent
Answer: B
QUESTION 126 What is a required configuration step for an 802.1X capable switch to support dynamic VLAN and ACL assignments?
A. Configure the VLAN assignment. B. Configure the ACL assignment. C. Configure 802.1X authenticator authorization. D. Configure port security on the switch port.
Answer: C
QUESTION 127 Which network component would issue the CoA?
A. switch B. endpoint C. Admin Node D. Policy Service Node
Answer: D
QUESTION 128 What steps must you perform to deploy a CA-signed identity certificate on an ISE device?
A. 1. Download the CA server certificate and install it on ISE. 2. Generate a signing request and save it as a file. 3. Access the CA server and submit the CA request. 4. Install the issued certificate on the ISE. B. 1. Download the CA server certificate and install it on ISE. 2. Generate a signing request and save it as a file. 3. Access the CA server and submit the CSR. 4. Install the issued certificate on the CA server. C. 1. Generate a signing request and save it as a file. 2. Download the CA server certificate and install it on ISE. 3. Access the ISE server and submit the CA request. 4.Install the issued certificate on the CA server. D. 1. Generate a signing request and save it as a file. 2. Download the CA server certificate and install it on ISE. 3. Access the CA server and submit the CSR. 4. Install the issued certificate on the ISE.
Answer: D
QUESTION 129 An organization has recently deployed ISE with Trustsec capable Cisco switches and would like to allow differentiated network access based on user groups. Which solution is most suitable for achieving these goals?
A. Cyber Threat Defense for user group control by leveraging Netflow exported from the Cisco switches and identity information from ISE B. MACsec in Multiple-Host Mode in order to encrypt traffic at each hop of the network infrastructure C. Identity-based ACLs preconfigured on the Cisco switches with user identities provided by ISE D. Cisco Security Group Access Policies to control access based on SGTs assigned to different user groups
Answer: D
QUESTION 130 Which three are required steps to enable SXP on a Cisco ASA? (Choose three).
A. configure AAA authentication B. configure password C. issue the aaa authorization command aaa-server group command D. configure a peer E. configure TACACS F. issue the cts sxp enable command
Answer: BDF
QUESTION 131 Which three network access devices allow for static security group tag assignment? (Choose three.)
A. intrusion prevention system B. access layer switch C. data center access switch D. load balancer E. VPN concentrator F. wireless LAN controller
Answer: BCE
QUESTION 132 Which option is required for inline security group tag propagation?
A. Cisco Secure Access Control System B. hardware support C. Security Group Tag Exchange Protocol (SXP) v4 D. Cisco Identity Services Engine
Answer: B
QUESTION 133 Which two fields are characteristics of IEEE 802.1AE frame? (Choose two.)
A. destination MAC address B. source MAC address C. 802.1AE header in EtherType D. security group tag in EtherType E. integrity check value F. CRC/FCS
Answer: CE
QUESTION 134 Which two options are valid for configuring IEEE 802.1AE MACSec between switches in a TrustSec network? (Choose two.)
A. manually on links between supported switches B. in the Cisco Identity Services Engine C. in the global configuration of a TrustSec non-seed switch D. dynamically on links between supported switches E. in the Cisco Secure Access Control System F. in the global configuration of a TrustSec seed switch
Answer: AD
QUESTION 135 Which three pieces of information can be found in an authentication detail report? (Choose three.)
A. DHCP vendor ID B. user agent string C. the authorization rule matched by the endpoint D. the EAP method the endpoint is using E. the RADIUS username being used F. failed posture requirement
Answer: CDE
New 300-208 exam questions from PassLeader 300-208 dumps! Welcome to download the newest PassLeader 300-208 VCE and PDF dumps: http://www.passleader.com/300-208.html (430 Q&As --> 451 Q&As --> 508 Q&As --> 531 Q&As)
P.S. Free 300-208 dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=0B-ob6L_QjGLpfkFleG9jUGxxS3kwS0VwcllTWmlxdTlBZUd5cnBkaG5DSE5FbU5yOEpYQzQ
]]>