Exam Deatils

  • Exam Code
    :300-208
  • Exam Name
    :Implementing Cisco Secure Access Solutions
  • Certification
    :CCNP Security
  • Vendor
    :Cisco
  • Total Questions
    :446 Q&As
  • Last Updated
    :Apr 18, 2019

Cisco CCNP Security 300-208 Questions & Answers

  • Question 1:

    A company has implemented a dual SSID BYOD design. A provisioning SSID is used for user registration, and an employee SSID is used for company network access. Which controller option must be enabled to allow a user to switch immediately from the provisioning SSID to the employee SSID after registration has been completed?

    A. AAA override

    B. User Idle Timeout

    C. Fast SSID Change

    D. AP Fallback

  • Question 2:

    A user configured a Cisco Identity Service Engine and switch to work with downloadable access list for wired dot1x users, though it is failing to work. Which command must be added to address the issue?

    A. ip dhcp snooping

    B. ip device tracking

    C. dot1x pae authenticator

    D. aaa authentication dot1x default group radius

  • Question 3:

    A network engineer is configuring HTTP based CWA on a switch. Which three configuration elements are required? (Choose three.)

    A. HTTP server enabled

    B. Radius authentication on the port with MAB

    C. Redirect access-list

    D. Redirect-URL

    E. HTTP secure server enabled

    F. Radius authentication on the port with 802.1x

    G. Pre-auth port based access-list

  • Question 4:

    What attribute could be obtained from the SNMP query probe?

    A. FQDN

    B. CDP

    C. DHCP class identifier

    D. User agent

  • Question 5:

    Which option is the code field of n EAP packet?

    A. one byte and 1=request, 2=response 3=failure 4=success

    B. two byte and 1=request, 2=response, 3=success, 4=failure

    C. two byte and 1=request 2=response 3=failure 4=success

    D. one byte and 1=request 2=response 3=success 4=failure

  • Question 6:

    When performing NAT, which of these is a limitation you need to account for?

    A. exhaustion of port number translations

    B. embedded IP addresses

    C. security payload identifiers

    D. inability to provide mutual connectivity to networks with overlapping address spaces

  • Question 7:

    Security Group Access requires which three syslog messages to be sent to Cisco ISE? (Choose three.)

    A. IOS-7-PROXY_DROP

    B. AP-1-AUTH_PROXY_DOS_ATTACK

    C. MKA-2-MACDROP

    D. AUTHMGR-5-MACMOVE

    E. ASA-6-CONNECT_BUILT

    F. AP-1-AUTH_PROXY_FALLBACK_REQ

  • Question 8:

    Which Cisco IOS IPS risk rating component uses a low value of 75, a medium value of 100, a high value of 150, and a mission-critical value of 200?

    A. Signature Fidelity Rating

    B. Attack Severity Rating

    C. Target Value Rating

    D. Attack Relevancy Rating

    E. Promiscuous Delta

    F. Watch List Rating

  • Question 9:

    Which three statements describe differences between TACACS+ and RADIUS? (Choose three.)

    A. RADIUS encrypts the entire packet, while TACACS+ encrypts only the password.

    B. TACACS+ encrypts the entire packet, while RADIUS encrypts only the password.

    C. RADIUS uses TCP, while TACACS+ uses UDP.

    D. TACACS+ uses TCP, while RADIUS uses UDP.

    E. RADIUS uses ports 1812 and 1813, while TACACS+ uses port 49.

    F. TACACS+ uses ports 1812 and 1813, while RADIUS uses port 49

  • Question 10:

    Which feature enables the Cisco ISE DHCP profiling capabilities to determine and enforce authorization policies on mobile devices?

    A. disabling the DHCP proxy option

    B. DHCP option 42

    C. DHCP snooping

    D. DHCP spoofing

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 300-208 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.