Exam Deatils

  • Exam Code
  • Exam Name
    :Implementing Cisco Secure Access Solutions
  • Certification
  • Vendor
  • Total Questions
    :478 Q&As
  • Last Updated
    :Dec 11, 2021

Cisco CCNP 300-208 Questions & Answers

  • Question 1:

    Which advantage is provided by using Active Directory as an external identity source?

    A. It supports SAML for single sign-on.

    B. It uses EAP chaining with EAP-FAST to authenticate users and computers.

    C. It supports two factor-authentication using a PIN and a token.

    D. It uses EAP chaining with EAP-TLS to authentication users and computers.

  • Question 2:

    An engineer has implemented 802. 1X on a cisco 2960x switch with this port configuration:

    When a non-managed network switch is connected 802. 1x fails which reason for this failure is true?

    A. The mab command is missing.

    B. The authentication host-mode multi-auth command is miss

    C. EAPOL frames are not being forwarded

    D. BPDU frames are not being sent.

    E. The authentication host-mode multi-host command is miss.

  • Question 3:

    Which option must be configured on the cisco ISE authentication policy for unknown MAC addresses/identities for success authentication?

    A. reject

    B. drop

    C. continue

    D. pass

  • Question 4:

    Which keying mechanism is used with downlink MACsec?

    A. MACsec Key Agreement (MKA)

    B. Galogs Counter Mode

    C. Transport Layer Security

    D. Security Association Protocol

  • Question 5:

    Departments within the same company want to be able to create temporary accounts for visitors. Which type of ISE account must be created to allow each department to create temporary accounts?

    A. guest

    B. sponsor

    C. admin

    D. contractor

  • Question 6:

    Why would a Cisco ISE not receive profiling data?

    A. RADIUS accounting is not enabled.

    B. SNMP version is not matched.

    C. RADIUS authentication is not enabled.

    D. SNMP community is not matched.

  • Question 7:

    When using CA for identity source, which method can be used to provide real-time certificate validation?

    A. X.509

    B. PKI

    C. OCSP

    D. CRL

  • Question 8:

    Which two options can be pushed from Cisco ISE server as part of successful 802.1x authentication?

    A. Reauthentication timer

    B. DACL

    C. Vlan

    D. Authentication order

    E. Posture status

    F. Authentication priority

  • Question 9:

    Which two types of client provisioning resources are used for BYOD implementations? (Choose two.)

    A. user agent

    B. Cisco NAC agent

    C. native supplicant profiles

    D. device sensor

    E. software provisioning wizards

  • Question 10:

    Which protocol sends authentication and accounting in different requests?


    B. TACACS+

    C. EAP-Chaining

    D. PEAP

    E. EAP-TLS

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 300-208 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.