1. Home
  2. Cisco
  3. 300-208

Cisco 300-208 Online Practice Questions and Exam Preparation

300-208 Exam Details

  • Exam Code
    :300-208
  • Exam Name
    :Implementing Cisco Secure Access Solutions
  • Certification
    :Cisco Certifications
  • Vendor
    :Cisco
  • Total Questions
    :478 Q&As
  • Last Updated
    :Dec 11, 2021

Cisco 300-208 Online Questions & Answers

  • Question 201:

    A company wants to allow employees to register and manage their own devices that do not support NSP. Which portals enable this?

    A. MDM portals
    B. Client provisioning portals
    C. My devices portals
    D. BYOD Portals

  • Question 202:

    Which two options are advantages of using the Cisco IOS Device Sensor as compared to other profiling probes'? (Choose two.)

    A. uses RADIUS authentication messages to send gathered data to a Cisco ISE server
    B. provides DHCP information to a Cisco ISE server without using an IP helper address
    C. reduces the amount of traffic going to a Cisco ISE server
    D. collects switch CPU and RAM usage for monitoring purposes
    E. replaces all the other profiling probes

  • Question 203:

    The posture run-time services encapsulates this protocol services, and all the interactions that happen between the NAC Agents?

    A. SWISS
    B. MAB
    C. DOT1X
    D. DEFAULT

  • Question 204:

    Which statement about Cisco ISE BYOD is true?

    A. Dual SSID allows EAP-TLS only when connecting to the secured SSID.
    B. Single SSID does not require endpoints to be registered.
    C. Dual SSID allows BYOD for guest users.
    D. Single SSID utilizes open SSID to accommodate different types of users.
    E. Single SSID allows PEAP-MSCHAPv2 for native supplicant provisioning.

  • Question 205:

    What is the first Step for configuring Cisco ISE for the onboarding process?

    A. Configure the default action that must be taken when .in unsupported device attempts to connect and cannot be provisioned
    B. Create the native supplicant profile that is sent to the end user device.
    C. Configure different web portals based on a number of attributes available from the authentication request
    D. Configure the action that is taken when an unsupported device attempts to connect to a secure network

  • Question 206:

    Drag and drop the BYOD user experiences on an iPad on the left into the correct order on the right.

    Select and Place:

  • Question 207:

    gives port configuration and u need to answer it ,it is easy all I can give is an advice : remember that authentication to start it has to have?

    A. (config-if)# authentication port-control autodot1x pae authenticator
    B. (config-if)# authentication exeptiondot1x pae authenticator
    C. (config-if)# authentication downloaddot1x pae authenticator
    D. (config-if)# authentication channeldot1x pae authenticator

  • Question 208:

    CORRECT TEXT

    The Secure-X company has started to tested the 802.1X authentication deployment using the Cisco Catalyst 3560-X layer 3 switch and the Cisco ISEvl2 appliance. Each employee desktop will be connected to the 802.1X enabled switch port

    and will use the Cisco AnyConnect NAM 802.1X supplicant to log in and connect to the network.

    Your particular tasks in this simulation are to create a new identity source sequence named AD_internal which will first use the Microsoft Active Directory (AD1) then use the ISE Internal User database. Once the new identity source sequence

    has been configured, edit the existing DotlX authentication policy to use the new AD_internal identity source sequence.

    The Microsoft Active Directory (AD1) identity store has already been successfully configured, you just need to reference it in your configuration.

    In addition to the above, you are also tasked to edit the IT users authorization policy so IT users who successfully authenticated will get the permission of the existing IT_Corp authorization profile.

    Perform this simulation by accessing the ISE GUI to perform the following tasks:

    1.

    Create a new identity source sequence named AD_internal to first use the Microsoft Active Directory (AD1) then use the ISE Internal User database

    2.

    Edit the existing Dot1X authentication policy to use the new AD_internal identity source sequence:

    3.

    If authentication failed-reject the access request

    4.

    If user is not found in AD-Drop the request without sending a response

    5.

    If process failed-Drop the request without sending a response

    6.

    Edit the IT users authorization policy so IT users who successfully authenticated will get the permission of the existing IT_Corp authorization profile.

    To access the ISE GUI, click the ISE icon in the topology diagram. To verify your configurations, from the ISE GUI, you should also see the Authentication Succeeded event for the it1 user after you have successfully defined the DotlX authentication policy to use the Microsoft Active Directory first then use the ISE Internal User Database to authenticate the user. And in the Authentication Succeeded event, you should see the IT_Corp authorization profile being applied to the it1 user. If your configuration is not correct and ISE can't authenticate the user against the Microsoft Active Directory, you should see the Authentication Failed event instead for the it1 user.

    Note: If you make a mistake in the Identity Source Sequence configuration, please delete the Identity Source Sequence then re-add a new one. The edit Identity Source Sequence function is not implemented in this simulation.

    Correct Answer. Review the explanation for full configuration and solution.

  • Question 209:

    You configured wired 802.1X with EAP-TLS on Windows machines. The ISE authentication detail report shows "EAP-TLS failed SSL/TLS handshake because of an unknown CA in the client certificates chain." What is the most likely cause of this error?

    A. The ISE certificate store is missing a CA certificate.
    B. The Wireless LAN Controller is missing a CA certificate.
    C. The switch is missing a CA certificate.
    D. The Windows Active Directory server is missing a CA certificate.

  • Question 210:

    Which two options enable security group tags to the assigned to a session?

    A. Firewall
    B. DHCP
    C. ACL
    D. Source VLAN
    E. ISE

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 300-208 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.