Exam Code: 300-208 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Implementing Cisco Secure Access Solutions (SISAS)
Certification Provider: Cisco
Free Today! Guaranteed Training- Pass 300-208 Exam.
2021 Jul cbt 300-208 sisas:
Q101. Which two options are valid for configuring IEEE 802.1AE MACSec between switches in a TrustSec network? (Choose two.)
A. manually on links between supported switches
B. in the Cisco Identity Services Engine
C. in the global configuration of a TrustSec non-seed switch
D. dynamically on links between supported switches
E. in the Cisco Secure Access Control System
F. in the global configuration of a TrustSec seed switch
Q102. Which setting provides the best security for a WLAN and authenticates users against a centralized directory store?
A. WPA2 AES-CCMP and 801.X authentication
B. WPA2 AES-CCMP and PSK authentication
C. WPA2 TKIP and PSK authentication
D. WPA2 TKIP and 802.1X authentication
Q103. Security Group Access requires which three syslog messages to be sent to Cisco ISE? (Choose three.)
Q104. Which identity store option allows you to modify the directory services that run on TCP/IP?
A. Lightweight Directory Access Protocol
B. RSA SecurID server
D. Active Directory
Q105. Which command in the My Devices Portal can restore a previously lost device to the network?
Most up-to-date robertshaw 300-208 instructions:
Q106. Which RADIUS attribute is used primarily to differentiate an IEEE 802.1x request from a Cisco MAB request?
A. RADIUS Attribute (5) NAS-Port
B. RADIUS Attribute (6) Service-Type
C. RADIUS Attribute (7) Framed-Protocol
D. RADIUS Attribute (61) NAS-Port-Type
Q107. ORRECT TEXT
The Secure-X company has recently successfully tested the 802.1X authentication deployment using the Cisco Catalyst switch and the Cisco ISEv1.2 appliance. Currently, each employee desktop is connected to an 802.1X enabled switch port and is able to use the Cisco AnyConnect NAM 802.1Xsupplicantto log in and connect to the network.
Currently, a new testing requirement is to add a network printer to the Fa0/19 switch port and have it connect to the network. The network printer does not support 802.1X supplicant. The Fa0/19 switch port is now configured to use 802.1X authentication only.
To support this network printer, the Fa0/19 switch port configuration needs to be edited to enable the network printer to authenticate using its MAC address. The network printer should also be on VLAN 9.
Another network security engineer responsible for managing the Cisco ISE has already per-configured all the requirements on the Cisco ISE, including adding the network printer MAC address to the Cisco ISE endpoint database and etc...
Your task in the simulation is to access the Cisco Catalyst Switch console then use the CLI to:
. Enable only the Cisco Catalyst Switch Fa0/19 switch port to authenticate the network printer using its MAC address and:
. Ensure that MAC address authentication processing is not delayed until 802.1Xfails
. Ensure that even if MAC address authentication passes, the switch will still perform 802.1X authentication if requested by a 802.1X supplicant
. Use the required show command to verify the MAC address authentication on the Fa0/19 is successful
The switch enable password is Cisco
For the purpose of the simulation, to test the network printer, assume the network printer will be unplugged then plugged back into the Fa0/19 switch port after you have finished the required configurations on the Fa0/19 switch port.
Note: For this simulation, you will not need and do not have access to the ISE GUI To access the switch CLI, click the Switch icon in the topology diagram
Answer: Review the explanation for full configuration and solution.
Q108. Which three personas can a Cisco ISE assume in a deployment? (Choose three.)
E. policy service
Q109. Which method does Cisco prefer to securely deploy guest wireless access in a BYOD implementation?
A. deploying a dedicated Wireless LAN Controller in a DMZ
B. configuring a guest SSID with WPA2 Enterprise authentication
C. configuring guest wireless users to obtain DHCP centrally from the corporate DHCP server
D. disabling guest SSID broadcasting
Q110. Which two Cisco ISE administration options are available in the Default Posture Status setting? (Choose two.)