web analytics

PassLeader Valid 300-208 Dumps with VCE and PDF (Question 61 – Question 75)

New 300-208 exam questions from PassLeader 300-208 dumps! Welcome to download the newest PassLeader 300-208 VCE and PDF dumps: http://www.passleader.com/300-208.html (250 Q&As)

P.S. Free 300-208 dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=0B-ob6L_QjGLpfkFleG9jUGxxS3kwS0VwcllTWmlxdTlBZUd5cnBkaG5DSE5FbU5yOEpYQzQ

QUESTION 61
A network administrator must enable which protocol extension to utilize EAP-Chaining?

A.    EAP-FAST
B.    EAP-TLS
C.    MSCHAPv2
D.    PEAP

Answer: A

QUESTION 62
In the command ‘aaa authentication default group tacacs local’, how is the word ‘default’ defined?

A.    Command set
B.    Group name
C.    Method list
D.    Login type

Answer: C

QUESTION 63
Changes were made to the ISE server while troubleshooting, and now all wireless certificate authentications are failing. Logs indicate an EAP failure. What is the most likely cause of the problem?

A.    EAP-TLS is not checked in the Allowed Protocols list
B.    Certificate authentication profile is not configured in the Identity Store
C.    MS-CHAPv2-is not checked in the Allowed Protocols list
D.    Default rule denies all traffic
E.    Client root certificate is not included in the Certificate Store

Answer: A

QUESTION 64
The NAC Agent uses which port and protocol to send discovery packets to an ISE Policy Service Node?

A.    tcp/8905
B.    udp/8905
C.    http/80
D.    https/443

Answer: B

QUESTION 65
Which two conditions are valid when configuring ISE for posturing? (Choose two.)

A.    Dictionary
B.    memberOf
C.    Profile status
D.    File
E.    Service

Answer: DE

QUESTION 66
Refer to the exhibit. Which three statements about the given configuration are true? (Choose three.)
passleader-300-208-dumps-661

A.    TACACS+ authentication configuration is complete.
B.    TACACS+ authentication configuration is incomplete.
C.    TACACS+ server hosts are configured correctly.
D.    TACACS+ server hosts are misconfigured.
E.    The TACACS+ server key is encrypted.
F.    The TACACS+ server key is unencrypted.

Answer: BCF

QUESTION 67
In AAA, what function does authentication perform?

A.    It identifies the actions that the user can perform on the device.
B.    It identifies the user who is trying to access a device.
C.    It identifies the actions that a user has previously taken.
D.    It identifies what the user can access.

Answer: B

QUESTION 68
Which identity store option allows you to modify the directory services that run on TCP/IP?

A.    Lightweight Directory Access Protocol
B.    RSA SecurID server
C.    RADIUS
D.    Active Directory

Answer: A

QUESTION 69
Which term describes a software application that seeks connectivity to the network via a network access device?

A.    authenticator
B.    server
C.    supplicant
D.    WLC

Answer: C

QUESTION 70
Cisco ISE distributed deployments support which three features? (Choose three.)

A.    global implementation of the profiler service CoA
B.    global implementation of the profiler service in Cisco ISE
C.    configuration to send system logs to the appropriate profiler node
D.    node-specific probe configuration
E.    server-specific probe configuration
F.    NetFlow probes

Answer: ACD

QUESTION 71
An organization has recently deployed ISE with the latest models of Cisco switches, and it plans to deploy Trustsec to secure its infrastructure. The company also wants to allow different network access policies for different user groups (e.g., administrators). Which solution is needed to achieve these goals?

A.    Cisco Security Group Access Policies in order to use SGACLs to control access based on SGTs assigned to different users
B.    MACsec in Multiple-Host Mode in order to open or close a portbased on a single authentication
C.    Identity-based ACLs on the switches with user identities provided by ISE
D.    Cisco Threat Defense for user group control by leveraging Netflow exported from the switches and login information from ISE

Answer: A

QUESTION 72
Security Group Access requires which three syslog messages to be sent to Cisco ISE? (Choose three.)

A.    IOS-7-PROXY_DROP
B.    AP-1-AUTH_PROXY_DOS_ATTACK
C.    MKA-2-MACDROP
D.    AUTHMGR-5-MACMOVE
E.    ASA-6-CONNECT_BUILT
F.    AP-1-AUTH_PROXY_FALLBACK_REQ

Answer: BDF

QUESTION 73
Which Cisco IOS IPS feature allows to you remove one or more actions from all active signatures based on the attacker and/or target address criteria, as well as the event risk rating criteria?

A.    signature event action filters
B.    signature event action overrides
C.    signature attack severity rating
D.    signature event risk rating

Answer: A

QUESTION 74
Which action does the command private-vlan association 100,200 take?

A.    configures VLANs 100 and 200 and associates them as a community
B.    associates VLANs 100 and 200 with the primary VLAN
C.    creates two private VLANs with the designation of VLAN 100 and VLAN 200
D.    assigns VLANs 100 and 200 as an association of private VLANs

Answer: B

QUESTION 75
Which of these allows you to add event actions globally based on the risk rating of each event, without having to configure each signature individually?

A.    event action summarization
B.    event action filter
C.    event action override
D.    signature event action processor

Answer: C


New 300-208 exam questions from PassLeader 300-208 dumps! Welcome to download the newest PassLeader 300-208 VCE and PDF dumps: http://www.passleader.com/300-208.html (250 Q&As)

P.S. Free 300-208 dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=0B-ob6L_QjGLpfkFleG9jUGxxS3kwS0VwcllTWmlxdTlBZUd5cnBkaG5DSE5FbU5yOEpYQzQ