300-208 Exam Questions - Online Test
300-208 Premium VCE File
150 Lectures, 20 Hours
Q1. A network administrator must enable which protocol to utilize EAP-Chaining?
A. EAP-FAST
B. EAP-TLS
C. MSCHAPv2
D. PEAP
Answer: A
Q2. ORRECT TEXT
The Secure-X company has recently successfully tested the 802.1X authentication deployment using the Cisco Catalyst switch and the Cisco ISEv1.2 appliance. Currently, each employee desktop is connected to an 802.1X enabled switch port and is able to use the Cisco AnyConnect NAM 802.1Xsupplicantto log in and connect to the network.
Currently, a new testing requirement is to add a network printer to the Fa0/19 switch port and have it connect to the network. The network printer does not support 802.1X supplicant. The Fa0/19 switch port is now configured to use 802.1X authentication only.
To support this network printer, the Fa0/19 switch port configuration needs to be edited to enable the network printer to authenticate using its MAC address. The network printer should also be on VLAN 9.
Another network security engineer responsible for managing the Cisco ISE has already per-configured all the requirements on the Cisco ISE, including adding the network printer MAC address to the Cisco ISE endpoint database and etc...
Your task in the simulation is to access the Cisco Catalyst Switch console then use the CLI to:
. Enable only the Cisco Catalyst Switch Fa0/19 switch port to authenticate the network printer using its MAC address and:
. Ensure that MAC address authentication processing is not delayed until 802.1Xfails
. Ensure that even if MAC address authentication passes, the switch will still perform 802.1X authentication if requested by a 802.1X supplicant
. Use the required show command to verify the MAC address authentication on the Fa0/19 is successful
The switch enable password is Cisco
For the purpose of the simulation, to test the network printer, assume the network printer will be unplugged then plugged back into the Fa0/19 switch port after you have finished the required configurations on the Fa0/19 switch port.
Note: For this simulation, you will not need and do not have access to the ISE GUI To access the switch CLI, click the Switch icon in the topology diagram
Answer: Review the explanation for full configuration and solution.
Q3. Which RADIUS attribute is used primarily to differentiate an IEEE 802.1x request from a Cisco MAB request?
A. RADIUS Attribute (5) NAS-Port
B. RADIUS Attribute (6) Service-Type
C. RADIUS Attribute (7) Framed-Protocol
D. RADIUS Attribute (61) NAS-Port-Type
Answer: B
Q4. Which two services are included in the Cisco ISE posture service? (Choose two.)
A. posture administration
B. posture run-time
C. posture monitoring
D. posture policing
E. posture catalog
Answer: A,B
Q5. Where is dynamic SGT classification configured?
A. Cisco ISE
B. NAD
C. supplicant
D. RADIUS proxy
Answer: A
Q6. Changes were made to the ISE server while troubleshooting, and now all wireless certificate authentications are failing. Logs indicate an EAP failure. What are the two possible causes of the problem? (Choose two.)
A. EAP-TLS is not checked in the Allowed Protocols list
B. Client certificate is not included in the Trusted Certificate Store
C. MS-CHAPv2-is not checked in the Allowed Protocols list
D. Default rule denies all traffic
E. Certificate authentication profile is not configured in the Identity Store
Answer: A,E
Q7. In this simulation, you are task to examine the various authentication events using the ISE GUI. For example, you should see events like Authentication succeeded. Authentication failed and etc...
Which three statements are correct regarding the events with the 20 repeat count that occurred at 2014-05-07 00:22:48.748? (Choose three.)
A. The device was successfully authenticated using MAB.
B. The device matched the Machine_Corp authorization policy.
C. The Print Servers authorization profile were applied.
D. The device was profiled as a Linksys-PrintServer.
E. The device MAC address is 00:14:BF:70:B5:FB.
F. The device is connected to the Gi0/1 switch port and the switch IP address is 10.10.2.2.
Answer: A,D,E
Explanation:
Event Details:
Screen Shot 2015-06-23 at 5.32.43 PM …continued:
Screen Shot 2015-06-23 at 5.33.24 PM
Q8. Which command configures console port authorization under line con 0?
A. authorization default|WORD
B. authorization exec line con 0|WORD
C. authorization line con 0|WORD
D. authorization exec default|WORD
Answer: D
Q9. RAG DROP Answer:
Answer:
Q10. In Cisco ISE, which probe must be enabled to collect profiling data using Device Sensor?
A. RADIUS
B. SNMPQuery
C. SNMPTrap
D. Network Scan
E. Syslog
Answer: A
- Cisco 210-065 Braindumps 2021
- All About Validated 350-701 Testing Bible
- [2021-New] Cisco 300-207 Dumps With Update Exam Questions (51-60)
- [2021-New] Cisco 200-310 Dumps With Update Exam Questions (6-15)
- [2021-New] Cisco 200-310 Dumps With Update Exam Questions (3-12)
- Cisco 200-301 Prep 2021
- Up To Date Cisco Security Architecture For Account Managers 700-760 Practice Exam
- [2021-New] Cisco 100-105 Dumps With Update Exam Questions (71-80)
- [2021-New] Cisco 210-260 Dumps With Update Exam Questions (1-10)
- Approved 500-651 Free Practice Questions 2021