aiotestking uk

300-208 Exam Questions - Online Test


300-208 Premium VCE File

Learn More 100% Pass Guarantee - Dumps Verified - Instant Download
150 Lectures, 20 Hours

Q1. After an endpoint has completed authentication with MAB, a security violation is triggered because a different MAC address was detected. Which host mode must be active on the port? 

A. single-host mode 

B. multidomain authentication host mode 

C. multiauthentication host mode 

D. multihost mode 

Answer:

Q2. The corporate security policy requires multiple elements to be matched in an authorization policy. Which elements can be combined to meet the requirement? 

A. Device registration status and device activation status 

B. Network access device and time condition 

C. User credentials and server certificate 

D. Built-in profile and custom profile 

Answer:

Q3. Which two Cisco ISE administration options are available in the Default Posture Status setting? (Choose two.) 

A. Unknown 

B. Compliant 

C. FailOpen 

D. FailClose 

E. Noncompliant 

Answer: B,E 

Q4. Which feature must you configure on a switch to allow it to redirect wired endpoints to Cisco ISE? 

A. the http secure-server command 

B. RADIUS Attribute 29 

C. the RADIUS VSA for accounting 

D. the RADIUS VSA for URL-REDIRECT 

Answer:

Q5. Which functionality does the Cisco ISE self-provisioning flow provide? 

A. It provides support for native supplicants, allowing users to connect devices directly to the network. 

B. It provides the My Devices portal, allowing users to add devices to the network. 

C. It provides support for users to install the Cisco NAC agent on enterprise devices. 

D. It provides self-registration functionality to allow guest users to access the network. 

Answer:

Q6. What type of identity group is the Blacklist identity group? 

A. endpoint 

B. user 

C. blackhole 

D. quarantine 

E. denied systems 

Answer:

Q7. You discover that the Cisco ISE is failing to connect to the Active Directory server. Which option is a possible cause of the problem? 

A. NTP server time synchronization is configured incorrectly. 

B. There is a certificate mismatch between Cisco ISE and Active Directory. 

C. NAT statements required for Active Directory are configured incorrectly. 

D. The RADIUS authentication ports are being blocked by the firewall. 

Answer:

Q8. Which condition triggers wireless authentication? A. NAS-Port-Type is set to IEEE 802.11. 

B. Framed-Compression is set to None. 

C. Service-Type is set to Framed. 

D. Tunnel-Type is set to VLAN. 

Answer:

Q9. Your guest-access wireless network is experiencing degraded performance and excessive latency due to user saturation. Which type of rate limiting can you implement on your network to correct the problem? 

A. per-device 

B. per-policy 

C. per-access point 

D. per-controller 

E. per-application 

Answer:

Q10. Refer to the exhibit. 

Which three statements about the given configuration are true? (Choose three.) 

A. TACACS+ authentication configuration is complete. 

B. TACACS+ authentication configuration is incomplete. 

C. TACACS+ server hosts are configured correctly. 

D. TACACS+ server hosts are misconfigured. 

E. The TACACS+ server key is encrypted. 

F. The TACACS+ server key is unencrypted. 

Answer: B,C,F