Cisco 300-208 Online Practice Questions and Exam Preparation

Cisco 300-208 Online Questions & Answers

• Question 81:

  The corporate security policy requires multiple elements to be matched in an authorization policy. Which elements can be combined to meet the requirement?

  A. Device registration status and device activation status
  B. Network access device and time condition
  C. User credentials and server certificate
  D. Built-in profile and custom profile
  B. Network access device and time condition

• Question 82:

  A user configured a Cisco Identity Service Engine and switch to work with downloadable access list for wired dot1x users, though it is failing to work. Which command must be added to address the issue?

  A. ip dhcp snooping
  B. ip device tracking
  C. dot1x pae authenticator
  D. aaa authentication dot1x default group radius
  B. ip device tracking

• Question 83:

  The switch 2960-x the below configuration: (sw-if)# switchport mode access (sw-if)# authentication port-control auto (sw-if)# dot1x pae authenticator After you connected unmanaged switch to the port dot1x failed, what is the problem ?

  A. missing command "mab"
  B. there is no Bpdu in the port
  C. eapol packet not erceived in the port
  D. missing command "authentication host-mode multi-host"
  E. missing command "authentication host-mode multi-auth
  A. missing command "mab"

• Question 84:

  Which action must an administrator take after joining a Cisco ISE deployment to an Active Directory domain?

  A. Choose an Active Directory user.
  B. Configure the management IP address.
  C. Configure replication.
  D. Choose an Active Directory group.
  D. Choose an Active Directory group.

• Question 85:

  Refer to the exhibit. You are troubleshooting RADIUS issues on the network and the debug radius command returns the given output. What is the most likely reason for the failure?

  

  A. An invalid username or password was entered.
  B. The RADIUS port is incorrect.
  C. The NAD is untrusted by the RADIUS server.
  D. The RADIUS server is unreachable.
  E. RADIUS shared secret does not match
  A. An invalid username or password was entered.

• Question 86:

  A user reports that a switch's RADIUS accounting packets are not being seen on the Cisco ISE Server. Which command is the user missing in the switch's configuration?

  A. radius-server vsa send accounting
  B. aaa accounting network default start-stop group radius
  C. aaa accounting resource default start-stop group radius
  D. aaa accounting exec default start-stop group radius
  A. radius-server vsa send accounting

• Question 87:

  Which ISE deployment mode is similar to the industry standard 802.1X behavior?

  A. Monitor mode
  B. Low-impact mode
  C. Policy mode
  D. Closed mode
  D. Closed mode

• Question 88:

  When configuring the Auto Update feature for Cisco IOS IPS, what is a recommended best practice?

  A. Synchronize the router's clock to the PC before configuring Auto Update.
  B. Clear the router's flash of unused signature files.
  C. Enable anonymous TFTP downloads from Cisco.com and specify the download frequency.
  D. Create the appropriate directory on the router's flash memory to store the downloaded signature files.
  E. Download the realm-cisco.pub.key file and update the public key stored on the router.
  A. Synchronize the router's clock to the PC before configuring Auto Update.

• Question 89:

  Which packets are allowed on a dot1x port with no authentication open before the port goes to an authorized state?

  A. DHCP, EAPOL, HTTP
  B. CDP, EAPOL, STP
  C. CDP, DHCP, DNS
  D. CDP, EAPOL, HTTP
  B. CDP, EAPOL, STP

• Question 90:

  Which two NAC agents support file remediation? (Choose two.)

  A. Web Agent for Macintosh
  B. NAC Agent for Windows
  C. NAC Agent for Macintosh
  D. Web Agent for UNIX
  E. Web Agent for Windows
  B. NAC Agent for Windows
  E. Web Agent for Windows