web analytics

Valid 300-208 Dumps with VCE and PDF for Free (Question 16 – Question 30)

New 300-208 exam questions from PassLeader 300-208 dumps! Welcome to download the newest PassLeader 300-208 VCE and PDF dumps: http://www.passleader.com/300-208.html (250 Q&As)

P.S. Free 300-208 dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=0B-ob6L_QjGLpfkFleG9jUGxxS3kwS0VwcllTWmlxdTlBZUd5cnBkaG5DSE5FbU5yOEpYQzQ

QUESTION 16
Which command can check a AAA server authentication for server group Group1, user cisco, and password cisco555 on a Cisco ASA device?

A.    ASA# test aaa-server authentication Group1 username cisco password cisco555
B.    ASA# test aaa-server authentication group Group1 username cisco password cisco555
C.    ASA# aaa-server authorization Group1 username cisco password cisco555
D.    ASA# aaa-server authentication Group1 roger cisco555

Answer: A

QUESTION 17
Which statement about system time and NTP server configuration with Cisco ISE is true?

A.    The system time and NTP server settings can be configured centrally on the Cisco ISE.
B.    The system time can be configured centrally on the Cisco ISE, but NTP server settings must be configured individually on each ISE node.
C.    NTP server settings can be configured centrally on the Cisco ISE, but the system time must be configured individually on each ISE node.
D.    The system time and NTP server settings must be configured individually on each ISE node.

Answer: D

QUESTION 18
Wireless client supplicants attempting to authenticate to a wireless network are generating excessive log messages. Which three WLC authentication settings should be disabled? (Choose three.)

A.    RADIUS Server Timeout
B.    RADIUS Aggressive-Failover
C.    Idle Timer
D.    Session Timeout
E.    Client Exclusion
F.    Roaming

Answer: BCD

QUESTION 19
Which two authentication stores are supported to design a wireless network using PEAP EAP- MSCHAPv2 as the authentication method? (Choose two.)

A.    Microsoft Active Directory
B.    ACS
C.    LDAP
D.    RSA Secure-ID
E.    Certificate Server

Answer: AB

QUESTION 20
What is another term for 802.11i wireless network security?

A.    802.1x
B.    WEP
C.    TKIP
D.    WPA
E.    WPA2

Answer: E

QUESTION 21
Which two EAP types require server side certificates? (Choose two.)

A.    EAP-TLS
B.    PEAP
C.    EAP-MD5
D.    LEAP
E.    EAP-FAST
F.    MSCHAPv2

Answer: AB

QUESTION 22
Where is client traffic decrypted in a controller-based wireless network protected with WPA2 Security?

A.    Access Point
B.    Switch
C.    Wireless LAN Controller
D.    Authentication Server

Answer: A

QUESTION 23
Which setting provides the best security for a WLAN and authenticates users against a centralized directory store?

A.    WPA2 AES-CCMP and 801.X authentication
B.    WPA2 AES-CCMP and PSK authentication
C.    WPA2 TKIP and PSK authentication
D.    WPA2 TKIP and 802.1X authentication

Answer: A

QUESTION 24
What is a feature of Cisco WLC and IPS synchronization?

A.    Cisco WLC populates the ACLs to prevent repeat intruder attacks.
B.    The IPS automatically send shuns to Cisco WLC for an active host block.
C.    Cisco WLC and IPS synchronization enables faster wireless access.
D.    IPS synchronization uses network access points to provide reliable monitoring.

Answer: B

QUESTION 25
Which two components are required to connect to a WLAN network that is secured by EAP-TLS authentication? (Choose two.)

A.    Kerberos authentication server
B.    AAA/RADIUS server
C.    PSKs
D.    CA server

Answer: BD

QUESTION 26
Which statement about Cisco Management Frame Protection is true?

A.    It enables stations to remain in power-save mode, except at specified intervals to receive data from the access point.
B.    It detects spoofed MAC addresses.
C.    It identifies potential RF jamming attacks.
D.    It protects against frame and device spoofing.

Answer: D

QUESTION 27
Which three statements about the Cisco wireless IPS solution are true? (Choose three.)

A.    It enables stations to remain in power-save mode, except at specified intervals to receive data from the access point.
B.    It detects spoofed MAC addresses.
C.    It identifies potential RF jamming attacks.
D.    It protects against frame and device spoofing.
E.    It allows the WLC to failover because of congestion.

Answer: BCD

QUESTION 28
In a basic ACS deployment consisting of two servers, for which three tasks is the primary server responsible? (Choose three.)

A.    configuration
B.    authentication
C.    sensing
D.    policy requirements
E.    monitoring
F.    repudiation

Answer: ABD

QUESTION 29
In a split ACS deployment with primary and secondary servers, which three statements about AAA load handling are true? (Choose three.)

A.    During normal operations, each server processes the full workload of both servers.
B.    If a AAA connectivity problem occurs, the servers split the full load of authentication requests.
C.    If a AAA connectivity problem occurs, each server processes the full workload of both servers.
D.    During normal operations, the servers split the full load of authentication requests.
E.    During normal operations, each server is used for specific operations, such as device administration and network admission.
F.    The primary servers are used to distribute policy information to other servers in the enterprise.

Answer: CDE

QUESTION 30
Which three personas can a Cisco ISE assume in a deployment? (Choose three.)

A.    connection
B.    authentication
C.    administration
D.    testing
E.    policy service
F.    monitoring

Answer: CEF


New 300-208 exam questions from PassLeader 300-208 dumps! Welcome to download the newest PassLeader 300-208 VCE and PDF dumps: http://www.passleader.com/300-208.html (250 Q&As)

P.S. Free 300-208 dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=0B-ob6L_QjGLpfkFleG9jUGxxS3kwS0VwcllTWmlxdTlBZUd5cnBkaG5DSE5FbU5yOEpYQzQ