♥♥ 2017 NEW RECOMMEND ♥♥

Free VCE & PDF File for Cisco 300-208 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 300-208 Exam Dumps (PDF & VCE):
Available on: http://www.exam.com/300-208-dumps.html


Want to know Examcollection ccnp security sisas 300 208 official cert guide Exam practice test features? Want to lear more about Cisco SISAS Implementing Cisco Secure Access Solutions (SISAS) certification experience? Study Virtual Cisco ccnp security sisas 300 208 official cert guide answers to Regenerate 300 208 sisas questions at Examcollection. Gat a success with an absolute guarantee to pass Cisco cisco 300 208 (SISAS Implementing Cisco Secure Access Solutions (SISAS)) test on your first attempt.

P.S. Virtual 300-208 questions pool are available on Google Drive, GET MORE: https://drive.google.com/open?id=1yGEdwxIKhFIrcjJSl9zh7C6TjZ5L9Txo


New Cisco 300-208 Exam Dumps Collection (Question 2 - Question 11)

Q1. Which statement about IOS accounting is true?

A. A named list of AAA methods must be defined.

B. A named list of accounting methods must be defined.

C. Authorization must be configured before accounting.

D. A named list of tracking methods must be defined.

Answer: C


Q2. Which three are required steps to enable SXP on a Cisco ASA? (Choose three).

A. configure AAA authentication

B. configure password

C. issue the aaa authorization command aaa-server group command

D. configure a peer

E. configure TACACS

F. issue the cts sxp enable command

Answer: B,D,F


Q3. Where is dynamic SGT classification configured?

A. Cisco ISE

B. NAD

C. supplicant

D. RADIUS proxy

Answer: A


Q4. What is a required configuration step for an 802.1X capable switch to support dynamic VLAN and ACL assignments?

A. Configure the VLAN assignment.

B. Configure the ACL assignment.

C. Configure 802.1X authenticator authorization.

D. Configure port security on the switch port.

Answer: C


Q5. Which three algorithms should be avoided due to security concerns? (Choose three.)

A. DES for encryption

B. SHA-1 for hashing

C. 1024-bit RSA

D. AES GCM mode for encryption

E. HMAC-SHA-1

F. 256-bit Elliptic Curve Diffie-Hellman

G. 2048-bit Diffie-Hellman

Answer: A,B,C


Q6. What attribute could be obtained from the SNMP query probe?

A. FQDN

B. CDP

C. DHCP class identifier

D. User agent

Answer: B


Q7. In AAA, what function does authentication perform?

A. It identifies the actions that the user can perform on the device.

B. It identifies the user who is trying to access a device.

C. It identifies the actions that a user has previously taken.

D. It identifies what the user can access.

Answer: B


Q8. Which RADIUS attribute is used primarily to differentiate an IEEE 802.1x request from a Cisco MAB request?

A. RADIUS Attribute (5) NAS-Port

B. RADIUS Attribute (6) Service-Type

C. RADIUS Attribute (7) Framed-Protocol

D. RADIUS Attribute (61) NAS-Port-Type

Answer: B


Q9. Which RADIUS attribute can be used to dynamically assign the Inactivity active timer for MAB users from the Cisco ISE node?

A. radius-server timeout

B. idle-timeout attribute

C. session-timeout attribute

D. termination-action attribute

Answer: B

Explanation: Explanation/Reference: https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/identity-based- networking-services/

config_guide_c17-663759.html

When the inactivity timer is enabled, the switch monitors the activity from authenticated endpoints.

When the inactivity timer expires, the switch removes the authenticated session.

The inactivity timer for MAB can be statically configured on the switch port, or it can be dynamically assigned using the RADIUS Idle-Timeout attribute (Attribute 28).

Cisco recommends setting the timer using the RADIUS attribute because this approach lets gives you control over which endpoints are subject to this timer and the length of the timer for each class of endpoints.

For example, endpoints that are known to be quiet for long periods of time can be assigned a longer inactivity timer value than chatty endpoints.


Q10. In Cisco ISE, which probe must be enabled to collect profiling data using Device Sensor?

A. RADIUS

B. SNMPQuery

C. SNMPTrap

D. Network Scan

E. Syslog

Answer: A


100% Regenerate Cisco 300-208 Questions & Answers shared by Thedumpscentre, Get HERE: http://www.thedumpscentre.com/300-208-dumps/ (New 287 Q&As)