[2017 New] Exam 300-208 PDF Free Instant Download From Lead2pass (1-25)

2017 July Cisco Official New Released 300-208 Dumps in Lead2pass.com!

100% Free Download! 100% Pass Guaranteed!

Lead2pass provides 100% pass 300-208 exam questions and answers for your Cisco 300-208 exam. We provide Cisco 300-208 exam questions from Lead2pass dumps and answers for the training of 300-208 practice test.

Following questions and answers are all new published by Cisco Official Exam Center: https://www.lead2pass.com/300-208.html

QUESTION 1
How frequently does the Profiled Endpoints dashlet refresh data?

A.    every 30 seconds
B.    every 60 seconds
C.    every 2 minutes
D.    every 5 minutes

Answer: B

QUESTION 2
Which command in the My Devices Portal can restore a previously lost device to the network?

A.    Reset
B.    Found
C.    Reinstate
D.    Request

Answer: C

QUESTION 3
What is the first step that occurs when provisioning a wired device in a BYOD scenario?

A.    The smart hub detects that the physically connected endpoint requires configuration and must use
MAB to authenticate.
B.    The URL redirects to the Cisco ISE Guest Provisioning portal.
C.    Cisco ISE authenticates the user and deploys the SPW package.
D.    The device user attempts to access a network URL.

Answer: A

QUESTION 4
Which three features should be enabled as best practices for MAB? (Choose three.)

A.    MD5
B.    IP source guard
C.    DHCP snooping
D.    storm control
E.    DAI
F.    URPF

Answer: BCE

QUESTION 5
When MAB is configured, how often are ports reauthenticated by default?

A.    every 60 seconds
B.    every 90 seconds
C.    every 120 seconds
D.    never

Answer: D

QUESTION 6
What is a required step when you deploy dynamic VLAN and ACL assignments?

A.    Configure the VLAN assignment.
B.    Configure the ACL assignment.
C.    Configure Cisco IOS Software 802.1X authenticator authorization.
D.    Configure the Cisco IOS Software switch for ACL assignment.

Answer: C

QUESTION 7
Which model does Cisco support in a RADIUS change of authorization implementation?

A.    push
B.    pull
C.    policy
D.    security

Answer: A

QUESTION 8
You are finding that the 802.1X-configured ports are going into the error-disable state. Which command will show you the reason why the port is in the error-disable state, and which command will automatically be re-enabled after a specific amount of time? (Choose two.)

A.    show error-disable status
B.    show error-disable recovery
C.    show error-disable flap-status
D.    error-disable recovery cause security-violation
E.    error-disable recovery cause dot1x
F.    error-disable recovery cause l2ptguard

Answer: BD

QUESTION 9
Which of these is a configurable Cisco IOS feature that triggers notifications if an attack attempts to exhaust critical router resources and if preventative controls have been bypassed or are not working correctly?

A.    Control Plane Protection
B.    Management Plane Protection
C.    CPU and memory thresholding
D.    SNMPv3

Answer: C

QUESTION 10
Which administrative role has permission to assign Security Group Access Control Lists?

A.    System Admin
B.    Network Device Admin
C.    Policy Admin
D.    Identity Admin

Answer: C

QUESTION 11
Refer to the exhibit. If the given configuration is applied to the object-group vpnservers, during which time period are external users able to connect?

 

A.    From Friday at 6:00 p.m. until Monday at 8:00 a.m.
B.    From Monday at 8:00 a.m. until Friday at 6:00 p.m.
C.    From Friday at 6:01 p.m. until Monday at 8:01 a.m.
D.    From Monday at 8:01 a.m. until Friday at 5:59 p.m.

Answer: D

QUESTION 12
Which set of commands allows IPX inbound on all interfaces?

A.    ASA1(config)# access-list IPX-Allow ethertype permit ipx
ASA1(config)# access-group IPX-Allow in interface global
B.    ASA1(config)# access-list IPX-Allow ethertype permit ipx
ASA1(config)# access-group IPX-Allow in interface inside
C.    ASA1(config)# access-list IPX-Allow ethertype permit ipx
ASA1(config)# access-group IPX-Allow in interface outside
D.    ASA1(config)# access-list IPX-Allow ethertype permit ipx
ASA1(config)# access-group IPX-Allow out interface global

Answer: A

QUESTION 13
Which command enables static PAT for TCP port 25?

A.    nat (outside,inside) static 209.165.201.3 209.165.201.226 eq smtp
B.    nat static 209.165.201.3 eq smtp
C.    nat (inside,outside) static 209.165.201.3 service tcp smtp smtp
D.    static (inside,outside) 209.165.201.3 209.165.201.226 netmask 255.255.255.255

Answer: C

QUESTION 14
Which command is useful when troubleshooting AAA Authentication between a Cisco router and the AAA server?

A.    test aaa-server test cisco cisco123 all new-code
B.    test aaa group7 tacacs+ auth cisco123 new-code
C.    test aaa group tacacs+ cisco cisco123 new-code
D.    test aaa-server tacacs+ group7 cisco cisco123 new-code

Answer: C

QUESTION 15
In a multi-node ISE deployment, backups are not working on the MnT node. Which ISE CLI option would help mitigate this issue?

A.    repository
B.    ftp-url
C.    application-bundle
D.    collector

Answer: A

QUESTION 16
Which command can check a AAA server authentication for server group Group1, user cisco, and password cisco555 on a Cisco ASA device?

A.    ASA# test aaa-server authentication Group1 username cisco password cisco555
B.    ASA# test aaa-server authentication group Group1 username cisco password cisco555
C.    ASA# aaa-server authorization Group1 username cisco password cisco555
D.    ASA# aaa-server authentication Group1 roger cisco555

Answer: A

QUESTION 17
Which statement about system time and NTP server configuration with Cisco ISE is true?

A.    The system time and NTP server settings can be configured centrally on the Cisco ISE.
B.    The system time can be configured centrally on the Cisco ISE, but NTP server settings must be configured
individually on each ISE node.
C.    NTP server settings can be configured centrally on the Cisco ISE, but the system time must be configured
individually on each ISE node.
D.    The system time and NTP server settings must be configured individually on each ISE node.

Answer: D

QUESTION 18
Wireless client supplicants attempting to authenticate to a wireless network are generating excessive log messages. Which three WLC authentication settings should be disabled? (Choose three.)

A.    RADIUS Server Timeout
B.    RADIUS Aggressive-Failover
C.    Idle Timer
D.    Session Timeout
E.    Client Exclusion
F.    Roaming

Answer: BCD

QUESTION 19
Which two authentication stores are supported to design a wireless network using PEAP EAP- MSCHAPv2 as the authentication method? (Choose two.)

A.    Microsoft Active Directory
B.    ACS
C.    LDAP
D.    RSA Secure-ID
E.    Certificate Server

Answer: AB

QUESTION 20
What is another term for 802.11i wireless network security?

A.    802.1x
B.    WEP
C.    TKIP
D.    WPA
E.    WPA2

Answer: E

QUESTION 21
Which two EAP types require server side certificates? (Choose two.)

A.    EAP-TLS
B.    PEAP
C.    EAP-MD5
D.    LEAP
E.    EAP-FAST
F.    MSCHAPv2

Answer: AB

QUESTION 22
Where is client traffic decrypted in a controller-based wireless network protected with WPA2 Security?

A.    Access Point
B.    Switch
C.    Wireless LAN Controller
D.    Authentication Server

Answer: A

QUESTION 23
Which setting provides the best security for a WLAN and authenticates users against a centralized directory store?

A.    WPA2 AES-CCMP and 801.X authentication
B.    WPA2 AES-CCMP and PSK authentication
C.    WPA2 TKIP and PSK authentication
D.    WPA2 TKIP and 802.1X authentication

Answer: A

QUESTION 24
What is a feature of Cisco WLC and IPS synchronization?

A.    Cisco WLC populates the ACLs to prevent repeat intruder attacks.
B.    The IPS automatically send shuns to Cisco WLC for an active host block.
C.    Cisco WLC and IPS synchronization enables faster wireless access.
D.    IPS synchronization uses network access points to provide reliable monitoring.

Answer: B

QUESTION 25
Which two components are required to connect to a WLAN network that is secured by EAP-TLS authentication? (Choose two.)

A.    Kerberos authentication server
B.    AAA/RADIUS server
C.    PSKs
D.    CA server

Answer: BD

Lead2pass is the leader in 300-208 certification test questions with training materials for Cisco 300-208 exam dumps. Lead2pass Cisco training tools are constantly being revised and updated. We 100% guarantee Cisco 300-208 exam questions with quality and reliability which will help you pass Cisco 300-208 exam.

300-208 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDM1I1WlhIdHJZNjA

2017 Cisco 300-208 exam dumps (All 300 Q&As) from Lead2pass:

https://www.lead2pass.com/300-208.html [100% Exam Pass Guaranteed]