web analytics

PassLeader 300-208 Exam Dumps Collection with VCE and PDF (Question 76 – Question 90)

New 300-208 exam questions from PassLeader 300-208 dumps! Welcome to download the newest PassLeader 300-208 VCE and PDF dumps: http://www.passleader.com/300-208.html (250 Q&As)

P.S. Free 300-208 dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=0B-ob6L_QjGLpfkFleG9jUGxxS3kwS0VwcllTWmlxdTlBZUd5cnBkaG5DSE5FbU5yOEpYQzQ

QUESTION 76
Which two are technologies that secure the control plane of the Cisco router? (Choose two.)

A.    Cisco IOS Flexible Packet Matching
B.    uRPF
C.    routing protocol authentication
D.    CPPr
E.    BPDU protection
F.    role-based access control

Answer: CD

QUESTION 77
What is the result of configuring the command dotlx system-auth-control on a Cisco Catalyst switch?

A.    enables the switch to operate as the 802.1X supplicant
B.    globally enables 802.1X on the switch
C.    globally enables 802.1X and defines ports as 802.1X-capable
D.    places the configuration sub-mode into dotix-auth mode, in which you can identify the authentication server parameters

Answer: B

QUESTION 78
Cisco IOS IPS uses which alerting protocol with a pull mechanism for getting IPS alerts to the network management application?

A.    HTTPS
B.    SMTP
C.    SNMP
D.    syslog
E.    SDEE
F.    POP3

Answer: E

QUESTION 79
When enabling the Cisco IOS IPS feature, which step should you perform to prevent rogue signature updates from being installed on the router?

A.    configure authentication and authorization for maintaining signature updates
B.    install a known RSA public key that correlates to a private key used by Cisco
C.    manually import signature updates from Cisco to a secure server, and then transfer files from the secure server to the router
D.    use the SDEE protocol for all signature updates from a known secure management station

Answer: B

QUESTION 80
When is it most appropriate to choose IPS functionality based on Cisco IOS software?

A.    when traffic rates are low and a complete signature is not required
B.    when accelerated, integrated performance is required using hardware ASIC-based IPS inspections
C.    when integrated policy virtualization is required
D.    when promiscuous inspection meets security requirements

Answer: A

QUESTION 81
Which Cisco IOS IPS risk rating component uses a low value of 75, a medium value of 100, a high value of 150, and a mission-critical value of 200?

A.    Signature Fidelity Rating
B.    Attack Severity Rating
C.    Target Value Rating
D.    Attack Relevancy Rating
E.    Promiscuous Delta
F.    Watch List Rating

Answer: C

QUESTION 82
Which two of these are potential results of an attacker performing a DHCP server spoofing attack? (Choose two.)

A.    DHCP snooping
B.    DoS
C.    confidentiality breach
D.    spoofed MAC addresses
E.    switch ports being converted to an untrusted state

Answer: BC

QUESTION 83
When Cisco IOS IPS signatures are being tuned, how is the Target Value Rating assigned?

A.    It is calculated from the Event Risk Rating.
B.    It is calculated from a combination of the Attack Severity Rating and Signature Fidelity Rating.
C.    It is manually set by the administrator.
D.    It is set based upon SEAP functions.

Answer: C

QUESTION 84
When performing NAT, which of these is a limitation you need to account for?

A.    exhaustion of port number translations
B.    embedded IP addresses
C.    security payload identifiers
D.    inability to provide mutual connectivity to networks with overlapping address spaces

Answer: B

QUESTION 85
Which two answers are potential results of an attacker that is performing a DHCP server spoofing attack? (Choose two.)

A.    ability to selectively change DHCP options fields of the current DHCP server, such as the giaddr field
B.    DoS
C.    excessive number of DHCP discovery requests
D.    ARP cache poisoning on the router
E.    client unable to access network resources

Answer: BE

QUESTION 86
When configuring NAT, which three protocols that are shown may have limitations or complications when using NAT? (Choose three.)

A.    Kerberos
B.    HTTPS
C.    NTP
D.    SIP
E.    FTP
F.    SQL

Answer: ADE

QUESTION 87
Which state is a Cisco IOS IPS signature in if it does not take an appropriate associated action even if it has been successfully compiled?

A.    retired
B.    disabled
C.    unsupported
D.    inactive

Answer: B

QUESTION 88
Which statement best describes inside policy based NAT?

A.    Policy NAT rules are those that determine which addresses need to be translated per the enterprise security policy.
B.    Policy NAT consists of policy rules based on outside sources attempting to communicate with inside endpoints.
C.    These rules use source addresses as the decision for translation policies.
D.    These rules are sensitive to all communicating endpoints.

Answer: A

QUESTION 89
When is it feasible for a port to be both a guest VLAN and a restricted VLAN?

A.    this configuration scenario is never be implemented
B.    when you have configured the port for promiscuous mode
C.    when private VLANs have been configured to place each end device into different subnets
D.    when you want to allow both types of users the same services

Answer: D

QUESTION 90
In an 802.1X environment, which feature allows for non-802.1X-supported devices such as printers and fax machines to authenticate?

A.    multiauth
B.    WebAuth
C.    MAB
D.    802.1X guest VLAN

Answer: C


New 300-208 exam questions from PassLeader 300-208 dumps! Welcome to download the newest PassLeader 300-208 VCE and PDF dumps: http://www.passleader.com/300-208.html (250 Q&As)

P.S. Free 300-208 dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=0B-ob6L_QjGLpfkFleG9jUGxxS3kwS0VwcllTWmlxdTlBZUd5cnBkaG5DSE5FbU5yOEpYQzQ