300-208 Free Demo Practice Test Software

Posted by Dennis Ng
2
Education & Training
Mar 21, 2017
88 Views

Test Information:

Total Questions: 267

Test Number: 300-208

Vendor Name: CISCO

Cert Name :.CCNP SECURITY

Test Name:  IMPLEMENTING CISCO SECURE ACCESS SOLUTIONS (SISAS)

Official Site:http://www.examsboost.com

For More Details: https://www.examsboost.com/test/300-208/


Question: 1

 

A network administrator needs to implement a service that enables granular control of IOS commands that can be executed. Which AAA authentication method should be selected?

 

A. TACACS+

B. RADIUS

C. Windows Active Directory

D. Generic LDAP

 

Answer: A   

 

Question: 2

 

An administrator can leverage which attribute to assign privileges based on Microsoft Active Directory user groups?

 

A. member of

B. group

C. class

D. person

 

Answer: A   

 

Question: 3

 

Cisco 802.1X phasing enables flexible deployments through the use of open, low-impact, and closed modes. What is a unique characteristic of the most secure mode?

 

A. Granular ACLs applied prior to authentication

B. Per user dACLs applied after successful authentication

C. Only EAPoL traffic allowed prior to authentication

D. Adjustable 802.1X timers to enable successful authentication

 

Answer: C   

 

Question: 4

 

A network administrator must enable which protocol extension to utilize EAP-Chaining?

 

A. EAP-FAST

B. EAP-TLS

C. MSCHAPv2

D. PEAP

 

Answer: A   

 

Question: 5

 

In the command 'aaa authentication default group tacacs local', how is the word 'default' defined?

 

A. Command set

B. Group name

C. Method list

D. Login type

 

Answer: C   

 

Question: 6

 

Changes were made to the ISE server while troubleshooting, and now all wireless certificate authentications are failing. Logs indicate an EAP failure. What is the most likely cause of the problem?

 

A. EAP-TLS is not checked in the Allowed Protocols list

B. Certificate authentication profile is not configured in the Identity Store

C. MS-CHAPv2-is not checked in the Allowed Protocols list

D. Default rule denies all traffic

E. Client root certificate is not included in the Certificate Store

 

Answer: A   

 

Question: 7

 

The NAC Agent uses which port and protocol to send discovery packets to an ISE Policy Service Node?

 

Comments
avatar
Please sign in to add comment.
Advertise on APSense
This advertising space is available.
Post Your Ad Here
More Articles