[Free] 2019(Nov) EnsurePass Cisco 300-208 Dumps with VCE and PDF 101-110

Get Full Version of the Exam
http://www.EnsurePass.com/300-208.html

Question No.101

Which method does Cisco prefer to securely deploy guest wireless access in a BYOD implementation?

  1. deploying a dedicated Wireless LAN Controller in a DMZ

  2. configuring a guest SSID with WPA2 Enterprise authentication

  3. configuring guest wireless users to obtain DHCP centrally from the corporate DHCP server

  4. disabling guest SSID broadcasting

Correct Answer: A

Question No.102

Which statement about a distributed Cisco ISE deployment is true?

  1. It can support up to two monitoring Cisco ISE nodes for high availability.

  2. It can support up to three load-balanced Administration ISE nodes.

  3. Policy Service ISE nodes can be configured in a redundant failover configuration.

  4. The Active Directory servers of Cisco ISE can be configured in a load-balanced configuration.

Correct Answer: A

Question No.103

What are two methods of enforcement with SGTs?

  1. SG-ACLs on switches.

  2. SG-ACLs on routers.

  3. SG-Firewalls.

  4. SG-Appliances.

  5. SGTs are not enforced.

Correct Answer: AC

Question No.104

Which two options are valid for configuring IEEE 802.1AE MACSec between switches in a TrustSec network? (Choose two.)

  1. manually on links between supported switches

  2. in the Cisco Identity Services Engine

  3. in the global configuration of a TrustSec non-seed switch

  4. dynamically on links between supported switches

  5. in the Cisco Secure Access Control System

  6. in the global configuration of a TrustSec seed switch

Correct Answer: AD

Question No.105

The corporate security policy requires multiple elements to be matched in an authorization policy. Which elements can be combined to meet the requirement?

  1. Device registration status and device activation status

  2. Network access device and time condition

  3. User credentials and server certificate

  4. Built-in profile and custom profile

Correct Answer: B

Question No.106

Security Group Access requires which three syslog messages to be sent to Cisco ISE? (Choose three.)

  1. IOS-7-PROXY_DROP

  2. AP-1-AUTH_PROXY_DOS_ATTACK

  3. MKA-2-MACDROP

  4. AUTHMGR-5-MACMOVE

  5. ASA-6-CONNECT_BUILT

  6. AP-1-AUTH_PROXY_FALLBACK_REQ

Correct Answer: BDF

Question No.107

What are three ways that an SGT can be assigned to network traffic?

  1. Manual binding of the IP address to an SGT

  2. Manually configured on the switch port

  3. Dynamically assigned by the network access device

  4. Dynamically assigned by the 802.1X authorization result

  5. Manually configured in the NAC agent profile

  6. Dynamically assigned by the AnyConnect network access manager

Correct Answer: ABD

Question No.108

Which option is the code field of n EAP packet?

  1. one byte and 1=request, 2=response 3=failure 4=success

  2. two byte and 1=request, 2=response, 3=success, 4=failure

  3. two byte and 1=request 2=response 3=failure 4=success

  4. one byte and 1=request 2=response 3=success 4=failure

Correct Answer: D

Question No.109

Which time allowance is the minimum that can be configured for posture reassessment interval?

  1. 5 minutes

  2. 20 minutes

  3. 60 minutes

  4. 90 minutes

Correct Answer: C

Question No.110

In the command #39;aaa authentication default group tacacs local#39;, how is the word #39;default#39; defined?

  1. Command set

  2. Group name

  3. Method list

  4. Login type

Correct Answer: C

Get Full Version of the Exam
300-208 Dumps
300-208 VCE and PDF