[Free] 2019(Nov) EnsurePass Cisco 300-208 Dumps with VCE and PDF 111-120

Get Full Version of the Exam
http://www.EnsurePass.com/300-208.html

Question No.111

Which RADIUS attribute can be used to dynamically assign the Inactivity active timer for MAB users from the Cisco ISE node?

  1. radius-server timeout

  2. idle-timeout attribute

  3. session-timeout attribute

  4. termination-action attribute

Correct Answer: B

Explanation:

https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/identity-based-networking- services/config_guide_c17-663759.html

When the inactivity timer is enabled, the switch monitors the activity from authenticated endpoints. When the inactivity timer expires, the switch removes the authenticated session.

The inactivity timer for MAB can be statically configured on the switch port, or it can be dynamically assigned using the RADIUS Idle-Timeout attribute (Attribute 28).

Cisco recommends setting the timer using the RADIUS attribute because this approach lets gives you control over which endpoints are subject to this timer and the length of the timer for each class of endpoints.

For example, endpoints that are known to be quiet for long periods of time can be assigned a longer inactivity timer value than chatty endpoints.

Question No.112

You have configured a Cisco ISE1.2 deployment for self registration of guest users. What two options can you select from to determine when the account duration timer begins? (Choose two)

  1. Createtime

  2. Firstlogin

  3. Approvaltime

  4. Custom

  5. Starttime

Correct Answer: AB

Question No.113

Which three algorithms should be avoided due to security concerns? (Choose three.)

  1. DES for encryption

  2. SHA-1 for hashing

  3. 1024-bit RSA

  4. AES GCM mode for encryption

  5. HMAC-SHA-1

  6. 256-bit Elliptic Curve Diffie-Hellman

  7. 2048-bit Diffie-Hellman

Correct Answer: ABC

Question No.114

Which three personas can a Cisco ISE assume in a deployment? (Choose three.)

  1. connection

  2. authentication

  3. administration

  4. testing

  5. policy service

  6. monitoring

Correct Answer: CEF

Question No.115

Refer to the exhibit. Which two things must be verified if authentication is failing with this error message? (Choose two.)

image

  1. Cisco ISE EAP identity certificate is valid.

  2. CA cert chain of Cisco ISE EAP certificate is installed on the trusted certs store of the client machine.

  3. CA cert chain of the client certificate is installed on Cisco ISE.

  4. Cisco ISE HTTPS/admin certificate is valid.

  5. Cisco ISE server certificate is installed on the client.

Correct Answer: AB

Question No.116

Which two posture redirect ACLs and remediation DACLs must be pushed from Cisco ISE to a Cisco IOS switch if the endpoint must remediate itself? The ISE IP address is 10.201.228.76 and the IP address of the remediating server is 10.201.229.1. (Choose two.)

  1. ip access-l ex ACL-POSTURE-REDIRECT deny udp any any eq domain

    deny ip any host 10.201.228.76 permit tcp any any eq 80 permit tcp any any eq 443

  2. ip access-l ex ACL-POSTURE-REDIRECT deny udp any any eq domain

    deny ip any host 10.201.228.76 deny ip any host 10.201.229.1 permit tcp any any eq 80 permit tcp any any eq 443

  3. ip access-l ex ACL-POSTURE-REDIRECT deny udp any any eq domain

    permit ip any host 10.201.228.76 permit ip any host 10.201.229.1 deny ip any any

  4. POSTURE_REMEDIATION DACL permit udp any any eq domain permit tcp any host 10.201.228.76 permit tcp any any eq 80

    permit tcp any any eq 443

  5. POSTURE_REMEDIATION DACL permit udp any any eq domain deny tcp any host 10.201.228.76 permit tcp any any eq 80

    permit tcp any any eq 443 permit ip any host 10.210.229.1

  6. POSTURE_REMEDIATION DACL permit udp any any eq domain deny tcp any host 10.201.228.76 deny ip any host 10.210.229.1 permit tcp any any eq 80

permit tcp any any eq 443

Correct Answer: BD

Question No.117

Which attribute is needed for Cisco ISE to profile a device with HTTP probe?

  1. user-agent

  2. OUI

  3. host-name

  4. cdp-cache-platform

  5. dhcp-class-identifier

  6. sysDescr

Correct Answer: A

Question No.118

Which statement about the Cisco ISE BYOD feature is true?

  1. Use of SCEP/CA is optional.

  2. BYOD works only on wireless access.

  3. Cisco ISE needs to integrate with MDM to support BYOD.

  4. Only mobile endpoints are supported.

Correct Answer: A

Question No.119

Cisco 802.1X phasing enables flexible deployments through the use of open, low-impact, and closed modes. What is a unique characteristic of the most secure mode?

  1. Granular ACLs applied prior to authentication

  2. Per user dACLs applied after successful authentication

  3. Only EAPoL traffic allowed prior to authentication

  4. Adjustable 802.1X timers to enable successful authentication

Correct Answer: C

Question No.120

Which statement about IOS accounting is true?

  1. A named list of AAA methods must be defined.

  2. A named list of accounting methods must be defined.

  3. Authorization must be configured before accounting.

  4. A named list of tracking methods must be defined.

Correct Answer: C

Get Full Version of the Exam
300-208 Dumps
300-208 VCE and PDF