Cisco EXAM - 300-208 Implementing Cisco Secure Access Solutions (SISAS) Buy Full Product http://www.examskey.com/300-208.html Examskey Cisco 300-208 exam demo product is here for you to test the quality of the product. This Cisco 300-208 demo also ensures that we have this product ready unlike most companies, which arrange the product for you as you order These 300-208 exam questions are prepared by Cisco subject matter specialists. Hence these are most accurate version of the 300-208 exam questions that you can get in the market. We also offer bundle discount packages for every Cisco certification track, so you can buy all related exam questions in one convenient bundle. And for corporate clients we also offer bundles for Cisco certification exams at huge discount. Check out our 300-208 Exam Page and Cisco Certification Page for more details of these bundle packages.
Question: 1 Version: 9.0 A network administrator needs to implement a service that enables granular control of IOS commands that can be executed. Which AAA authentication method should be selected? A. TACACS+ B. RADIUS C. Windows Active Directory D. Generic LDAP Answer: A Question: 2 An administrator can leverage which attribute to assign privileges based on Microsoft Active Directory user groups? A. member of B. group C. class D. person Answer: A Question: 3 Cisco 802.1X phasing enables flexible deployments through the use of open, low-impact, and closed modes. What is a unique characteristic of the most secure mode? A. Granular ACLs applied prior to authentication B. Per user dacls applied after successful authentication C. Only EAPoL traffic allowed prior to authentication D. Adjustable 802.1X timers to enable successful authentication 2
Answer: C Question: 4 A network administrator must enable which protocol extension to utilize EAP-Chaining? A. EAP-FAST B. EAP-TLS C. MSCHAPv2 D. PEAP Answer: A Question: 5 In the command 'aaa authentication default group tacacs local', how is the word 'default' defined? A. Command set B. Group name C. Method list D. Login type Answer: C Question: 6 Changes were made to the ISE server while troubleshooting, and now all wireless certificate authentications are failing. Logs indicate an EAP failure. What is the most likely cause of the problem? A. EAP-TLS is not checked in the Allowed Protocols list B. Certificate authentication profile is not configured in the Identity Store C. MS-CHAPv2-is not checked in the Allowed Protocols list D. Default rule denies all traffic E. Client root certificate is not included in the Certificate Store 3
Answer: A Question: 7 The NAC Agent uses which port and protocol to send discovery packets to an ISE Policy Service Node? A. tcp/8905 B. udp/8905 C. http/80 D. https/443 Answer: B Question: 8 Which two conditions are valid when configuring ISE for posturing? (Choose two.) A. Dictionary B. member Of C. Profile status D. File E. Service Answer: D, E Question: 9 Refer to the exhibit. 4
Which three statements about the given configuration are true? (Choose three.) A. TACACS+ authentication configuration is complete. B. TACACS+ authentication configuration is incomplete. C. TACACS+ server hosts are configured correctly. D. TACACS+ server hosts are misconfigured. E. The TACACS+ server key is encrypted. F. The TACACS+ server key is unencrypted. Answer: B, C, F Question: 10 In AAA, what function does authentication perform? A. It identifies the actions that the user can perform on the device. B. It identifies the user who is trying to access a device. C. It identifies the actions that a user has previously taken. D. It identifies what the user can access. Answer: B Question: 11 Which identity store option allows you to modify the directory services that run on TCP/IP? A. Lightweight Directory Access Protocol B. RSA SecurID server C. RADIUS D. Active Directory 5
Answer: A Question: 12 Which term describes a software application that seeks connectivity to the network via a network access device? A. authenticator B. server C. supplicant D. WLC Answer: C Question: 13 The Secure-X company has recently successfully tested the 802.1X authentication deployment using the Cisco Catalyst switch and the Cisco ISEv1.2 appliance. Currently, each employee desktop is connected to an 802.1X enabled switch port and is able to use the Cisco AnyConnect NAM 802.1Xsupplicantto log in and connect to the network. Currently, a new testing requirement is to add a network printer to the Fa0/19 switch port and have it connect to the network. The network printer does not support 802.1X supplicant. The Fa0/19 switch port is now configured to use 802.1X authentication only. To support this network printer, the Fa0/19 switch port configuration needs to be edited to enable the network printer to authenticate using its MAC address. The network printer should also be on VLAN 9. Another network security engineer responsible for managing the Cisco ISE has already per-configured all the requirements on the Cisco ISE, including adding the network printer MAC address to the Cisco ISE endpoint database and etc... Your task in the simulation is to access the Cisco Catalyst Switch console then use the CLI to: Enable only the Cisco Catalyst Switch Fa0/19 switch port to authenticate the network printer using its MAC address and: Ensure that MAC address authentication processing is not delayed until 802.1Xfails Ensure that even if MAC address authentication passes, the switch will still perform 802.1X authentication if requested by a 802.1X supplicant Use the required show command to verify the MAC address authentication on the Fa0/19 is successful The switch enable password is Cisco 6
For the purpose of the simulation, to test the network printer, assume the network printer will be unplugged then plugged back into the Fa0/19 switch port after you have finished the required configurations on the Fa0/19 switch port. Note: For this simulation, you will not need and do not have access to the ISE GUI To access the switch CLI, click the Switch icon in the topology diagram itial configuration for fa 0/19 that is already done: Answer: In 7
AAA configuration has already been done for us. We need to configure mac address bypass on this port to achieve the goal stated in the question. To do this we simply need to add this command under the interface: mab Then do a shut/no shut on the interface. Verification: 8
THANKS FOR TRYING THE DEMO OF OUR PRODUCT Visit Our Site to Purchase the Full Set of Actual 300-208 Exam Questions With Answers. http://www.examskey.com/300-208.html We Also Provide Practice Exam Software That Simulates Real Exam Environment And Has Many Self-Assessment Features. Download Free Product Demo From: http://www.examskey.com/300-208.html Money Back Guarantee Check Out Our Customer Testimonials http://vimeo.com/102521210 9