300-208
Free trial
Verified
Question 1
Which EAP method uses a modified version of the MS-CHAP authentication protocol?
- A: EAP-POTP
- B: EAP-TLS
- C: LEAP
- D: EAP-MD5
Question 2
Under which circumstance would an inline posture node be deployed?
- A: When the NAD does not support CoA
- B: When the NAD cannot support the number of connected endpoints
- C: When a PSN is overloaded
- D: To provide redundancy for a PSN
Question 3
Which Cisco ISE 1.x protocol can be used to control admin access to network access devices?
- A: TACACS+
- B: RADIUS
- C: EAP
- D: Kerberos
Question 4
Which identity store option allows you to modify the directory services that run on TCP/IP?
- A: Lightweight Directory Access Protocol
- B: RSA SecurID server
- C: RADIUS
- D: Active Directory
Question 5
Which two profile attributes can be collected by a Cisco Catalyst Switch that supports Device Sensor? (Choose two.)
- A: LLDP agent information
- B: user agent
- C: DHCP options
- D: open ports
- E: operating system
- F: trunk ports
Question 6
Which protocol sends authentication and accounting in different requests?
- A: RADIUS
- B: TACACS+
- C: EAP-Chaining
- D: PEAP
- E: EAP-TLS
Question 7
Which feature of Cisco ASA allows VPN users to be postured against Cisco ISE without requiring an inline posture node?
- A: RADIUS Change of Authorization
- B: device tracking
- C: DHCP snooping
- D: VLAN hopping
Question 8
Which functionality does the Cisco ISE self-provisioning flow provide?
- A: It provides support for native supplicants, allowing users to connect devices directly to the network.
- B: It provides the My Devices portal, allowing users to add devices to the network.
- C: It provides support for users to install the Cisco NAC agent on enterprise devices.
- D: It provides self-registration functionality to allow guest users to access the network.
Question 9
What is the function of the SGACL policy matrix on a Cisco TrustSec domain with SGT Assignment?
- A: It determines which access policy to apply to the endpoint.
- B: It determines which switches are trusted within the TrustSec domain.
- C: It determines the path the SGT of the packet takes when entering the Cisco TrustSec domain.
- D: It lists all servers that are permitted to participate in the TrustSec domain.
- E: It lists all hosts that are permitted to participate in the TrustSec domain.
Question 10
Which three host modes support MACsec? (Choose three.)
- A: multidomain authentication host mode
- B: multihost mode
- C: multi-MAC host mode
- D: single-host mode
- E: dual-host mode
- F: multi-auth host mode
Question 11
When you select Centralized Web Auth in the ISE Authorization Profile, which two components host the web authentication portal? (Choose two.)
- A: ISE
- B: the WLC
- C: the access point
- D: the switch
- E: the endpoints
Question 12
What is the default posture status for non-agent capable devices, such as Linux and iDevices?
- A: Unknown
- B: Validated
- C: Default
- D: Compliant
Question 13
Which statement about a distributed Cisco ISE deployment is true?
- A: It can support up to two monitoring Cisco ISE nodes for high availability.
- B: It can support up to three load-balanced Administration ISE nodes.
- C: Policy Service ISE nodes can be configured in a redundant failover configuration.
- D: The Active Directory servers of Cisco ISE can be configured in a load-balanced configuration.
Question 14
Which three features should be enabled as best practices for MAB? (Choose three.)
- A: MD5
- B: IP source guard
- C: DHCP snooping
- D: storm control
- E: DAI
- F: URPF
Question 15
In this simulation, you are task to examine the various authentication events using the ISE GUI. For example, you should see events like Authentication succeeded. Authentication failed and etc...
Which four statements are correct regarding the event that occurred at 2014-05-07 00:19:07.004? (Choose four.)
- A: The IT_Corp authorization profile were applied.
- B: The it1 user was matched to the IT_Corp authorization policy.
- C: The it1 user supplicant used the PEAP (EAP-MSCHAPv2) authentication method.
- D: The it1 user was authenticated using MAB.
- E: The it1 user was successfully authenticated against AD1 identity store.
- F: The it1 user machine has been profiled as a Microsoft-Workstation.
- G: The it1 user machine has passed all the posture assessement tests.
Question 16
In this simulation, you are task to examine the various authentication events using the ISE GUI. For example, you should see events like Authentication succeeded. Authentication failed and etc...
Which two statements are correct regarding the event that occurred at 2014-05-07 00:16:55.393? (Choose two.)
- A: The failure reason was user entered the wrong username.
- B: The supplicant used the PAP authentication method.
- C: The username entered was it1.
- D: The user was authenticated against the Active Directory then also against the ISE interal user database and both fails.
- E: The NAS switch port where the user connected to has a MAC address of 44:03:A7:62:41:7F
- F: The user is being authenticated using 802.1X.
- G: The user failed the MAB.
- H: The supplicant stopped responding to ISE which caused the failure.
Question 17
Which components must be selected for a client provisioning policy to do a Posture check on the Cisco ISE?
- A: Configuration Wizard, Wizard Profile
- B: Agent, Profile, Compliance Module
- C: Operating System, Posture Requirements
- D: Remediation Actions, Posture Requirements
That’s the end of your free questions
You’ve reached the preview limit for 300-208Consider upgrading to gain full access!
Free preview mode
Enjoy the free questions and consider upgrading to gain full access!