Cisco 300-208 Online Practice Questions and Exam Preparation

Cisco 300-208 Online Questions & Answers

• Question 281:

  When you add a new PSN for guest access services, which two options must be enabled under deployment settings? (Choose two.)

  A. Admin
  B. Monitoring
  C. Policy Service
  D. Session Services
  E. Profiling
  C. Policy Service
  D. Session Services

• Question 282:

  An engineer of company A will be sending guest credentials through SMS to conference participants. Which portal must be used to create them?

  A. SMS
  B. Sponsor
  C. Guest
  D. User
  B. Sponsor

• Question 283:

  An organization has recently deployed ISE with Trustsec capable Cisco switches and would like to allow differentiated network access based on user groups. Which solution is most suitable for achieving these goals?

  A. Cyber Threat Defense for user group control by leveraging Netflow exported from the Cisco switches and identity information from ISE
  B. MACsec in Multiple-Host Mode in order to encrypt traffic at each hop of the network infrastructure
  C. Identity-based ACLs preconfigured on the Cisco switches with user identities provided by ISE
  D. Cisco Security Group Access Policies to control access based on SGTs assigned to different user groups
  D. Cisco Security Group Access Policies to control access based on SGTs assigned to different user groups

• Question 284:

  Which technology performs CoA support Posture Service?

  A. External root CA
  B. Cisco ACS
  C. Cisco ISE
  D. Internal root CA
  C. Cisco ISE

• Question 285:

  What is the default posture status for non-agent capable devices, such as Linux and iDevices?

  A. Unknown
  B. Validated
  C. Default
  D. Compliant
  D. Compliant

• Question 286:

  Scenario:

  Currently, many users are expehecing problems using their AnyConnect NAM supplicant to login to the network. The rr desktop support staff have already examined and vehfed the AnyConnect NAM configuration is correct. In this simulation,

  you are tasked to examine the various ISE GUI screens to determine the ISE current configurations to help isolate the problems. Based on the current ISE configurations, you will need to answer three multiple choice questions.

  To access the ISE GUI, click on the ISE icon in the topology diagram to access the ISE GUI. Not all the ISE GUI screen are operational in this simulation and some of the ISE GUI operations have been reduced in this simulation. Not all the

  links on each of the ISE GUI screen works, if some of the links are not working on a screen, click Home to go back to the Home page first. From the Home page, you can access all the required screens. To view some larger GUI screens, use

  the simulation window scroll bars. Some of the larger GUI screens only shows partially but will include all information required to complete this simulation.

  

  Which two of the following statements are correct? (Choose two.)

  A. The ISE is not able to successfully connect to the hq-srv.secure-x. local AD server.
  B. The ISE internal endpoints database is used authenticate any users not in the Active Directory domain.
  C. The ISE internal user database has two accounts enabled: student and test that maps to the Employee user identity group.
  D. Guest_Portal_Sequence is a built-in identity source sequence.
  B. The ISE internal endpoints database is used authenticate any users not in the Active Directory domain.
  D. Guest_Portal_Sequence is a built-in identity source sequence.

• Question 287:

  Which Cisco IOS IPS feature allows to you remove one or more actions from all active signatures based on the attacker and/or target address criteria, as well as the event risk rating criteria?

  A. signature event action filters
  B. signature event action overrides
  C. signature attack severity rating
  D. signature event risk rating
  A. signature event action filters

• Question 288:

  Refer to the exhibit. Which two things must be verified if authentication is failing with this error message? (Choose two.)

  

  A. Cisco ISE EAP identity certificate is valid.
  B. CA cert chain of Cisco ISE EAP certificate is installed on the trusted certs store of the client machine.
  C. CA cert chain of the client certificate is installed on Cisco ISE.
  D. Cisco ISE HTTPS/admin certificate is valid.
  E. Cisco ISE server certificate is installed on the client.
  A. Cisco ISE EAP identity certificate is valid.
  E. Cisco ISE server certificate is installed on the client.

• Question 289:

  Refer to the exhibit. Which URL must you enter in the External Webauth URL field to configure Cisco ISE CWA correctly?

  

  A. https://ip_address:8443/guestportal/Login.action
  B. https://ip_address:443/guestportal/Welcome.html
  C. https://ip_address:443/guestportal/action=cpp
  D. https://ip_address:8905/guestportal/Sponsor.action
  A. https://ip_address:8443/guestportal/Login.action

• Question 290:

  Refer to the exhibit. Which statement describes this switch configuration?

  

  A. 802.1x is disabled on the switch port and all traffic is allowed as normal without restriction.
  B. The switch port begins in the unauthorized state and does not allow EAPOL, Cisco Discovery Protocol, and STP traffic.
  C. The switch port begins in the unauthorized state and allows only EAPOL, Cisco Discovery Protocol, and STP traffic.
  D. 802.1x is enabled on the switch port and the switch port ignores all traffic.
  C. The switch port begins in the unauthorized state and allows only EAPOL, Cisco Discovery Protocol, and STP traffic.