[Free] 2019(Nov) EnsurePass Cisco 300-208 Dumps with VCE and PDF 11-20

Get Full Version of the Exam
http://www.EnsurePass.com/300-208.html

Question No.11

When RADIUS NAC and AAA Override are enabled for WLC on a Cisco ISE, which two statements about RADIUS NAC are true? (Choose two.)

  1. It will return an access-accept and send the redirection URL for all users.

  2. It establishes secure connectivity between the RADIUS server and the ISE.

  3. It allows the ISE to send a CoA request that indicates when the user is authenticated.

  4. It is used for posture assessment, so the ISE changes the user profile based on posture result.

  5. It allows multiple users to authenticate at the same time.

Correct Answer: CD

Question No.12

Which three statements about the Cisco wireless IPS solution are true? (Choose three.)

  1. It enables stations to remain in power-save mode, except at specified intervals to receive data

    from the access point.

  2. It detects spoofed MAC addresses.

  3. It identifies potential RF jamming attacks.

  4. It protects against frame and device spoofing.

  5. It allows the WLC to failover because of congestion.

Correct Answer: BCD

Question No.13

Which three options can be pushed from Cisco ISE server as part of a successful 802.1x authentication? (Choose three)

  1. authentication order

  2. posture status

  3. authentication priority

  4. vlan

  5. DACL

  6. re-authentication timer

Correct Answer: DEF

Question No.14

Which advanced option within a WLAN must be enabled to trigger central web authentication for wireless users?

  1. AAA override

  2. Static IP tunnelling

  3. Diagnostic channel

  4. DHCP server

Correct Answer: A

Question No.15

Certain endpoints are missing DHCP profiling data. Which option describes what can be used to determine if DHCP requests from clients are reaching Cisco ISE?

  1. output of show interface gigabitEthernet 0 from the CLI

  2. output of debug logging all 7 from the CLI

  3. output of show logging application profiler.log from the CLI

  4. the TCP dump diagnostic tool through the GUI

  5. the posture troubleshooting diagnostic tool through the GUI

Correct Answer: D

Question No.16

Refer to the exhibit. Which statement about the authentication protocol used in the configuration is true?

image

  1. There is separate authentic and authorization request packet.

  2. The authentication request contains only a password.

  3. The authentication and authorization requests are grouped in a single packet.

  4. The authentication request contains only a username.

Correct Answer: B

Question No.17

A network administrator must enable which protocol to utilize EAP-Chaining?

  1. EAP-FAST

  2. EAP-TLS

  3. MSCHAPv2

  4. PEAP

Correct Answer: A

Question No.18

A security engineer has a new TrustSec project and must create a few static security group tag classifications as a proof of concept. Which two classifications can the tags be mapped to? (Choose two.)

  1. VLAN

  2. user ID

  3. interface

  4. switch ID

  5. MAC address

Correct Answer: AC

Explanation:

In static classification the tag maps to some thing (an IP, subnet, VLAN, or interface) rather than relying on an authorization from the Cisco ISE.

This process of assigning the SGT is defined as quot;classification.quot; These classifications are thentransported deeper into the network for policy enforcement

Question No.19

Which statement about Cisco Management Frame Protection is true?

  1. It enables stations to remain in power-save mode, except at specified intervals to receive data from the access point.

  2. It detects spoofed MAC addresses.

  3. It identifies potential RF jamming attacks.

  4. It protects against frame and device spoofing.

Correct Answer: D

Question No.20

What is the default posture status for non-agent capable devices, such as Linux and iDevices?

  1. Unknown

  2. Validated

  3. Default

  4. Compliant

Correct Answer: D

Get Full Version of the Exam
300-208 Dumps
300-208 VCE and PDF

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.