Want to Pass 300-208 Exam In Next HOURS? Download Now →
January 8, 2019

How to pass ccnp security sisas 300 208 official cert guide in Jan 2019


Free Instant Download NEW 300-208 Exam Dumps (PDF & VCE):
Available on: https://www.certshared.com/exam/300-208/


P.S. Refined 300-208 bootcamp are available on Google Drive, GET MORE: https://drive.google.com/open?id=1JgMMGZemfjZpkIcsxrJP-8UJhYUjHYco


New Cisco 300-208 Exam Dumps Collection (Question 1 - Question 10)

Q1. Which feature of Cisco ASA allows VPN users to be postured against Cisco ISE without requiring an inline posture node?

A. RADIUS Change of Authorization

B. device tracking

C. DHCP snooping

D. VLAN hopping

Answer: A


Q2. In AAA, what function does authentication perform?

A. It identifies the actions that the user can perform on the device.

B. It identifies the user who is trying to access a device.

C. It identifies the actions that a user has previously taken.

D. It identifies what the user can access.

Answer: B


Q3. What are the initial steps to configure an ACS as a TACACS server?

A. 1. Choose Network Devices and AAA Clients > Network Resources.2. Click Create.

B. 1. Choose Network Resources > Network Devices and AAA Clients.2. Click Create.

C. 1. Choose Network Resources > Network Devices and AAA Clients.2. Click Manage.

D. 1. Choose Network Devices and AAA Clients > Network Resources.2. Click Install.

Answer: B


Q4. Which profiling capability allows you to gather and forward network packets to an analyzer?

A. collector

B. spanner

C. retriever

D. aggregator

Answer: A


Q5. Which three algorithms should be avoided due to security concerns? (Choose three.)

A. DES for encryption

B. SHA-1 for hashing

C. 1024-bit RSA

D. AES GCM mode for encryption

E. HMAC-SHA-1

F. 256-bit Elliptic Curve Diffie-Hellman

G. 2048-bit Diffie-Hellman

Answer: A,B,C


Q6. Which model does Cisco support in a RADIUS change of authorization implementation?

A. push

B. pull

C. policy

D. security

Answer: A


Q7. Which RADIUS attribute can be used to dynamically assign the Inactivity active timer for MAB users from the Cisco ISE node?

A. radius-server timeout

B. idle-timeout attribute

C. session-timeout attribute

D. termination-action attribute

Answer: B

Explanation: Explanation/Reference: https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/identity-based- networking-services/

config_guide_c17-663759.html

When the inactivity timer is enabled, the switch monitors the activity from authenticated endpoints.

When the inactivity timer expires, the switch removes the authenticated session.

The inactivity timer for MAB can be statically configured on the switch port, or it can be dynamically assigned using the RADIUS Idle-Timeout attribute (Attribute 28).

Cisco recommends setting the timer using the RADIUS attribute because this approach lets gives you control over which endpoints are subject to this timer and the length of the timer for each class of endpoints.

For example, endpoints that are known to be quiet for long periods of time can be assigned a longer inactivity timer value than chatty endpoints.


Q8. What steps must you perform to deploy a CA-signed identity certificate on an ISE device?

A. 1. Download the CA server certificate and install it on ISE.2. Generate a signing request and save it as a file.3. Access the CA server and submit the CA request.4. Install the issued certificate on the ISE.

B. 1. Download the CA server certificate and install it on ISE.2. Generate a signing request and save it as a file.3. Access the CA server and submit the CSR.4. Install the issued certificate on the CA server.

C. 1. Generate a signing request and save it as a file.2. Download the CA server certificate and install it on ISE.3. Access the ISE server and submit the CA request.4. Install the issued certificate on the CA server.

D. 1. Generate a signing request and save it as a file.2. Download the CA server certificate and install it on ISE.3. Access the CA server and submit the CSR.4. Install the issued certificate on the ISE.

Answer: D


Q9. When RADIUS NAC and AAA Override are enabled for WLC on a Cisco ISE, which two statements about RADIUS NAC are true? (Choose two.)

A. It will return an access-accept and send the redirection URL for all users.

B. It establishes secure connectivity between the RADIUS server and the ISE.

C. It allows the ISE to send a CoA request that indicates when the user is authenticated.

D. It is used for posture assessment, so the ISE changes the user profile based on posture result.

E. It allows multiple users to authenticate at the same time.

Answer: C,D


Q10. Which statement about Cisco Management Frame Protection is true?

A. It enables stations to remain in power-save mode, except at specified intervals to receive data from the access point.

B. It detects spoofed MAC addresses.

C. It identifies potential RF jamming attacks.

D. It protects against frame and device spoofing.

Answer: D


Recommend!! Get the Refined 300-208 dumps in VCE and PDF From Thedumpscentre, Welcome to download: http://www.thedumpscentre.com/300-208-dumps/ (New 310 Q&As Version)