Cisco 300-208 Online Practice Questions and Exam Preparation

Cisco 300-208 Online Questions & Answers

• Question 361:

  Which two are technologies that secure the control plane of the Cisco router? (Choose two.)

  A. Cisco IOS Flexible Packet Matching
  B. uRPF
  C. routing protocol authentication
  D. CPPr
  E. BPDU protection
  F. role-based access control
  C. routing protocol authentication
  D. CPPr

• Question 362:

  Which RADIUS attribute can you use to filter MAB requests in an 802.1X deployment?

  A. 2
  B. 31
  C. 1
  D. 6
  D. 6

• Question 363:

  SGt assignment when authentication is not available or SGT method for non authenticating devices?

  A. dynamic
  B. static
  C. SXP
  D. Default
  A. dynamic

• Question 364:

  When enabling the Cisco IOS IPS feature, which step should you perform to prevent rogue signature updates from being installed on the router?

  A. configure authentication and authorization for maintaining signature updates
  B. install a known RSA public key that correlates to a private key used by Cisco
  C. manually import signature updates from Cisco to a secure server, and then transfer files from the secure server to the router
  D. use the SDEE protocol for all signature updates from a known secure management station
  B. install a known RSA public key that correlates to a private key used by Cisco

• Question 365:

  Which three posture states can be used for authorization rules? (Choose three.)

  A. unknown
  B. known
  C. noncompliant
  D. quarantined
  E. compliant
  F. no access
  G. limited
  A. unknown
  C. noncompliant
  E. compliant

• Question 366:

  Which setting provides the best security for a WLAN and authenticates users against a centralized directory store?

  A. WPA2 AES-CCMP and 801.X authentication
  B. WPA2 AES-CCMP and PSK authentication
  C. WPA2 TKIP and PSK authentication
  D. WPA2 TKIP and 802.1X authentication
  A. WPA2 AES-CCMP and 801.X authentication

• Question 367:

  Which two statements about Cisco NAC Agents that are installed on clients that interact with the Cisco ISE profiler are true? (Choose two.)

  A. They send endpoint data to AAA servers.
  B. They collect endpoint attributes.
  C. They interact with the posture service to enforce endpoint security policies.
  D. They block access from the network through noncompliant endpoints.
  E. They store endpoints in the Cisco ISE with their profiles.
  F. They evaluate clients against posture policies, to enforce requirements.
  C. They interact with the posture service to enforce endpoint security policies.
  F. They evaluate clients against posture policies, to enforce requirements.

• Question 368:

  If an endpoint is marked noncompliant during that download, a CoA is sent and the device is forced to reauthenticate, providing a different result?

  A. quarantine
  B. exit
  C. default
  D. end
  A. quarantine

• Question 369:

  A network security engineer is considering configuring 802.1x port authentication such that a single host is allowed to be authenticated for data and another single host for voice. Which port authentication host mode can be used to achieve this configuration?

  A. single-host
  B. multihost
  C. multauth
  D. multidomain
  D. multidomain

• Question 370:

  An engineer must limit the configuration parameters that can be executed on the Cisco ASAs deployed throughout the network. Which command allows the engineer to complete this task?

  A. AAA-server tacacs1(inside) host 10.5.109.18 $3cr37 timeout2 ! aaa authorization command tacacs1
  B. AAA-server tacacs1(inside) host 10.5.109.18 $3cr37 timeout2 ! aaa authentication ssh console tacacs1
  C. AAA-server tacacs1(inside) host 10.5.109.18 $3cr37 timeout2 ! aaa authorization exec authentication-server
  D. AAA-server tacacs1(inside) host 10.5.109.18 $3cr37 timeout2 ! aaa authentication exclude ssh
  A. AAA-server tacacs1(inside) host 10.5.109.18 $3cr37 timeout2 ! aaa authorization command tacacs1