♥♥ 2017 NEW RECOMMEND ♥♥

Free VCE & PDF File for Cisco 300-208 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 300-208 Exam Dumps (PDF & VCE):
Available on: http://www.exam.com/300-208-dumps.html


Want to know Exambible ccnp security sisas 300 208 official cert guide Exam practice test features? Want to lear more about Cisco Implementing Cisco Secure Access Solutions (SISAS) certification experience? Study Printable Cisco 300 208 sisas answers to Latest ccnp security sisas 300 208 official cert guide questions at Exambible. Gat a success with an absolute guarantee to pass Cisco ccnp security sisas 300 208 official cert guide pdf (Implementing Cisco Secure Access Solutions (SISAS)) test on your first attempt.

Q11. The NAC Agent v4.9.x uses which ports and protocols to communicate with an ISE Policy Service Node? 

A. tcp/8905, http/80, ftp/21 

B. tcp/8905, http/80, https/443 

C. udp/8905, telnet/23, https/443 

D. udp/8906, http/80, https/443 

Answer:


Q12. In Cisco ISE, which probe must be enabled to collect profiling data using Device Sensor? 

A. RADIUS 

B. SNMPQuery 

C. SNMPTrap 

D. Network Scan 

E. Syslog 

Answer:


Q13. In this simulation, you are task to examine the various authentication events using the ISE GUI. For example, you should see events like Authentication succeeded. Authentication failed and etc... 

Which two statements are correct regarding the event that occurred at 2014-05-07 00:16:55.393? (Choose two.) 

A. The failure reason was user entered the wrong username. 

B. The supplicant used the PAP authentication method. 

C. The username entered was it1. 

D. The user was authenticated against the Active Directory then also against the ISE interal user database and both fails. 

E. The NAS switch port where the user connected to has a MAC address of 44:03:A7:62:41:7F 

F. The user is being authenticated using 802.1X. 

G. The user failed the MAB. 

H. The supplicant stopped responding to ISE which caused the failure. 

Answer: C,F 

Explanation: 

Event Details: 

Screen Shot 2015-06-23 at 5.45.07 PM Screen Shot 2015-06-23 at 5.45.16 PM 


Q14. Which two conditions are valid when configuring ISE for posturing? (Choose two.) 

A. Dictionary 

B. member Of 

C. Profile status 

D. File 

E. Service 

Answer: D,E 


Q15. Which three algorithms should be avoided due to security concerns? (Choose three.) 

A. DES for encryption 

B. SHA-1 for hashing 

C. 1024-bit RSA 

D. AES GCM mode for encryption 

E. HMAC-SHA-1 

F. 256-bit Elliptic Curve Diffie-Hellman 

G. 2048-bit Diffie-Hellman 

Answer: A,B,C 


Q16. Which three statements about the Cisco wireless IPS solution are true? (Choose three.) 

A. It enables stations to remain in power-save mode, except at specified intervals to receive data from the access point. 

B. It detects spoofed MAC addresses. 

C. It identifies potential RF jamming attacks. 

D. It protects against frame and device spoofing. 

E. It allows the WLC to failover because of congestion. 

Answer: B,C,D 


Q17. Where would a Cisco ISE administrator define a named ACL to use in an authorization policy? 

A. In the conditions of an authorization rule. 

B. In the attributes of an authorization rule. 

C. In the permissions of an authorization rule. 

D. In an authorization profile associated with an authorization rule. 

Answer:


Q18. Refer to the exhibit. 

The links outside the TrustSec area in the given SGA architecture are unprotected. On which two links does EAC take place? (Choose two.) 

A. between switch 2 and switch 3 

B. between switch 5 and host 2 

C. between host 1 and switch 1 

D. between the authentication server and switch 4 

E. between switch 1 and switch 2 

F. between switch 1 and switch 5 

Answer: A,B 


Q19. You are troubleshooting wired 802.1X authentications and see the following error: "Authentication failed: 22040 Wrong password or invalid shared secret." What should you inspect to determine the problem? 

A. RADIUS shared secret 

B. Active Directory shared secret 

C. Identity source sequence 

D. TACACS+ shared secret 

E. Certificate authentication profile 

Answer:


Q20. An organization has recently deployed ISE with Trustsec capable Cisco switches and would like to allow differentiated network access based on user groups. Which solution is most suitable for achieving these goals? 

A. Cyber Threat Defense for user group control by leveraging Netflow exported from the Cisco switches and identity information from ISE 

B. MACsec in Multiple-Host Mode in order to encrypt traffic at each hop of the network infrastructure 

C. Identity-based ACLs preconfigured on the Cisco switches with user identities provided by ISE 

D. Cisco Security Group Access Policies to control access based on SGTs assigned to different user groups 

Answer: