Cisco 300-208 Online Practice Questions and Exam Preparation

Cisco 300-208 Online Questions & Answers

• Question 221:

  Which two statements about MAB are true? (Choose two.)

  A. It requires a preexisting database of the MAC addresses of permitted devices.
  B. It is unable to control network access at the edge.
  C. If MAB fails, the device is unable to fall back to another authentication method.
  D. It is unable to link the IP and MAC addresses of a device.
  E. It is unable to authenticate individual users.
  A. It requires a preexisting database of the MAC addresses of permitted devices.
  E. It is unable to authenticate individual users.

• Question 222:

  Which command is needed to enable dotlx globally on the switch?

  A. aaa authentication dotlx default group radius
  B. dotlx system-auth-control
  C. dotlx pae authenticator
  D. authentication port-control auto
  B. dotlx system-auth-control

• Question 223:

  Which valid external identity source can be used with Cisco ISE?

  A. IPsec vpn authentication
  B. smart card
  C. local user name and password
  D. TACACS+ token
  B. smart card

• Question 224:

  An engineer has implemented 802. 1X on a cisco 2960x switch with this port configuration:

  

  When a non-managed network switch is connected 802. 1x fails which reason for this failure is true?

  A. The mab command is missing.
  B. The authentication host-mode multi-auth command is miss
  C. EAPOL frames are not being forwarded
  D. BPDU frames are not being sent.
  E. The authentication host-mode multi-host command is miss.
  E. The authentication host-mode multi-host command is miss.

• Question 225:

  An engineer is designing a BYOD environment utilizing Cisco ISE for devices that do not support native supplicants. Which portals must the security engineer configure to accomplish this task?

  A. Client Provisioning Portals
  B. BYOD Portals
  C. My Devices Portals
  D. MDM Portals
  C. My Devices Portals

• Question 226:

  Where is client traffic decrypted in a controller-based wireless network protected with WPA2 Security?

  A. Access Point
  B. Switch
  C. Wireless LAN Controller
  D. Authentication Server
  A. Access Point

• Question 227:

  A network administrator is seeing a posture status "unknown' for a single corporate mac address but unknown machines are reported as `complaint'. Which option is the reason for machine being reported `unknown'.

  A. Posture service disabled on cisco ISE
  B. Posture policy does not support the OS
  C. Posture agent not installed on the machine
  D. Posture compliance condition is missing on the machine
  C. Posture agent not installed on the machine

• Question 228:

  You enabled the guest session limit feature on the Cisco ISE. However, end users report that the same guest can log in from multiple devices simultaneously. Which configuration is missing on the network access device?

  A. RADIUS authentication
  B. RADIUS accounting
  C. DHCP required
  D. AAA override
  B. RADIUS accounting

• Question 229:

  Which statement about single-SSID environment is true?

  A. It allows for the wired and wireless adapters to be provisioned in any order.
  B. It provides access to the guest SSID after the device has completed provisioning with the provisioning SSID.
  C. It uses the same SSID for certificate enrollment, provisioning, and secure network access.
  D. It can use the Fast SSID Change feature to improve performance.
  C. It uses the same SSID for certificate enrollment, provisioning, and secure network access.

• Question 230:

  Which protocol is EAP encapsulated in for communications between the authenticator and the authentication server?

  A. EAP-MD5
  B. IPsec
  C. EAPOL
  D. RADIUS
  D. RADIUS