300-208 Exam Questions - Online Test

300-208 Premium VCE File

Learn More 100% Pass Guarantee - Dumps Verified - Instant Download
150 Lectures, 20 Hours

Cause all that matters here is passing the Cisco ccnp security sisas 300 208 official cert guide pdf exam. Cause all that you need is a high score of ccnp security sisas 300 208 official cert guide Implementing Cisco Secure Access Solutions (SISAS) exam. The only one thing you need to do is downloading Ucertify ccnp security sisas 300 208 official cert guide exam study guides now. We will not let you down with our money-back guarantee.

Q1. In an 802.1X authorization process, a network access device provides which three functions? (Choose three.) 

A. Filters traffic prior to authentication 

B. Passes credentials to authentication server 

C. Enforces policy provided by authentication server 

D. Hosts a central web authentication page 

E. Confirms supplicant protocol compliance 

F. Validates authentication credentials 

Answer: A,B,C 

Q2. What is a requirement for posture administration services in Cisco ISE? 

A. at least one Cisco router to store Cisco ISE profiling policies 

B. Cisco NAC Agents that communicate with the Cisco ISE server 

C. an ACL that points traffic to the Cisco ISE deployment 

D. the advanced license package must be installed 

Answer: D 

Q3. Which functionality does the Cisco ISE self-provisioning flow provide? 

A. It provides support for native supplicants, allowing users to connect devices directly to the network. 

B. It provides the My Devices portal, allowing users to add devices to the network. 

C. It provides support for users to install the Cisco NAC agent on enterprise devices. 

D. It provides self-registration functionality to allow guest users to access the network. 

Answer: A 

Q4. An organization has recently deployed ISE with the latest models of Cisco switches, and it plans to deploy Trustsec to secure its infrastructure. The company also wants to allow different network access policies for different user groups (e.g., administrators). Which solution is needed to achieve these goals? 

A. Cisco Security Group Access Policies in order to use SGACLs to control access based on SGTs assigned to different users 

B. MACsec in Multiple-Host Mode in order to open or close a port based on a single authentication 

C. Identity-based ACLs on the switches with user identities provided by ISE 

D. Cisco Threat Defense for user group control by leveraging Netflow exported from the switches and login information from ISE 

Answer: A 

Q5. What are the initial steps to configure an ACS as a TACACS server? 

A. 1. Choose Network Devices and AAA Clients > Network Resources. 

2. Click Create. 

B. 1. Choose Network Resources > Network Devices and AAA Clients. 

2. Click Create. 

C. 1. Choose Network Resources > Network Devices and AAA Clients. 

2. Click Manage. 

D. 1. Choose Network Devices and AAA Clients > Network Resources. 

2. Click Install. 

Answer: B 

Q6. A network engineer is configuring HTTP based CWA on a switch. Which three configuration elements are required? (Choose three.) 

A. HTTP server enabled 

B. Radius authentication on the port with MAB 

C. Redirect access-list 

D. Redirect-URL 

E. HTTP secure server enabled 

F. Radius authentication on the port with 802.1x 

G. Pre-auth port based access-list 

Answer: A,B,C 

Q7. Which statement about Cisco ISE BYOD is true? 

A. Dual SSID allows EAP-TLS only when connecting to the secured SSID. 

B. Single SSID does not require endpoints to be registered. 

C. Dual SSID allows BYOD for guest users. 

D. Single SSID utilizes open SSID to accommodate different types of users. 

E. Single SSID allows PEAP-MSCHAPv2 for native supplicant provisioning. 

Answer: E 

Q8. Refer to the exhibit. 

Which URL must you enter in the External Webauth URL field to configure Cisco ISE CWA correctly? 

A. https://ip_address:8443/guestportal/Login.action 

B. https://ip_address:443/guestportal/Welcome.html 

C. https://ip_address:443/guestportal/action=cpp 

D. https://ip_address:8905/guestportal/Sponsor.action 

Answer: A 

Q9. From which location can you run reports on endpoint profiling? 

A. Reports > Operations > Catalog > Endpoint 

B. Operations > Reports > Catalog > Endpoint 

C. Operations > Catalog > Reports > Endpoint 

D. Operations > Catalog > Endpoint 

Answer: B 

Q10. The NAC Agent uses which port and protocol to send discovery packets to an ISE Policy Service Node? 

A. tcp/8905 

B. udp/8905 

C. http/80 

D. https/443 

Answer: B