aiotestking uk

300-208 Exam Questions - Online Test


300-208 Premium VCE File

Learn More 100% Pass Guarantee - Dumps Verified - Instant Download
150 Lectures, 20 Hours

Q1. Which Cisco ISE feature can differentiate a corporate endpoint from a personal device? 

A. EAP chaining 

B. PAC files 

C. authenticated in-band provisioning 

D. machine authentication 

Answer:

Q2. What is a required configuration step for an 802.1X capable switch to support dynamic 

VLAN and ACL assignments? 

A. Configure the VLAN assignment. 

B. Configure the ACL assignment. 

C. Configure 802.1X authenticator authorization. 

D. Configure port security on the switch port. 

Answer:

Q3. Where is client traffic decrypted in a controller-based wireless network protected with WPA2 Security? 

A. Access Point 

B. Switch 

C. Wireless LAN Controller 

D. Authentication Server 

Answer:

Q4. Refer to the exhibit. 

If the given configuration is applied to the object-group vpnservers, during which time period are external users able to connect? 

A. From Friday at 6:00 p.m. until Monday at 8:00 a.m. 

B. From Monday at 8:00 a.m. until Friday at 6:00 p.m. 

C. From Friday at 6:01 p.m. until Monday at 8:01 a.m. 

D. From Monday at 8:01 a.m. until Friday at 5:59 p.m. 

Answer:

Q5. Which three statements about the Cisco wireless IPS solution are true? (Choose three.) 

A. It enables stations to remain in power-save mode, except at specified intervals to receive data from the access point. 

B. It detects spoofed MAC addresses. 

C. It identifies potential RF jamming attacks. 

D. It protects against frame and device spoofing. 

E. It allows the WLC to failover because of congestion. 

Answer: B,C,D 

Q6. When you configure an endpoint profiling policy rule, which option describes the purpose of the minimum certainty factor? 

A. It is compared to the total certainty metric of an individual endpoint to determine whether the endpoint can be trusted. 

B. It is compared to the assigned certainty value of an individual endpoint in a device database to determine whether the endpoint can be trusted. 

C. It is used to compare the policy condition to other active policies. 

D. It is used to determine the likelihood that an endpoint is an active, trusted device on the network. 

Answer:

Q7. Certain endpoints are missing DHCP profiling data. 

Which option describes what can be used to determine if DHCP requests from clients are reaching Cisco ISE? 

A. output of show interface gigabitEthernet 0 from the CLI 

B. output of debug logging all 7 from the CLI 

C. output of show logging application profiler.log from the CLI 

D. the TCP dump diagnostic tool through the GUI 

E. the posture troubleshooting diagnostic tool through the GUI 

Answer:

Q8. Which three host modes support MACsec? (Choose three.) 

A. multidomain authentication host mode 

B. multihost mode 

C. multi-MAC host mode 

D. single-host mode 

E. dual-host mode 

F. multi-auth host mode 

Answer: A,B,D 

Q9. What is the function of the SGACL policy matrix on a Cisco TrustSec domain with SGT Assignment? 

A. It determines which access policy to apply to the endpoint. 

B. It determines which switches are trusted within the TrustSec domain. 

C. It determines the path the SGT of the packet takes when entering the Cisco TrustSec domain. 

D. It lists all servers that are permitted to participate in the TrustSec domain. 

E. It lists all hosts that are permitted to participate in the TrustSec domain. 

Answer:

Q10. Which three features should be enabled as best practices for MAB? (Choose three.) 

A. MD5 

B. IP source guard 

C. DHCP snooping 

D. storm control E. DAI 

F. URPF 

Answer: B,C,E