Updated Cisco 300-208 PDF & VCE Free Download Now

Implementing Cisco Secure Access Solutions: 300-208 Exam
300-208 Questions & Answers
Exam Code: 300-208
Exam Name: Implementing Cisco Secure Access Solutions
Q & A: 93 Q&As

QUESTION 1
How frequently does the Profiled Endpoints dashlet refresh data?
A. every 30 seconds
B. every 60 seconds
C. every 2 minutes
D. every 5 minutes
Answer: B

QUESTION 2
Which command in the My Devices Portal can restore a previously lost device to the network?
A. Reset
B. Found
C. Reinstate
D. Request
Answer: C

QUESTION 3
What is the first step that occurs when provisioning a wired device in a BYOD scenario?
A. The smart hub detects that the physically connected endpoint requires configuration and must use
MAB to authenticate.
B. The URL redirects to the Cisco ISE Guest Provisioning portal.
C. Cisco ISE authenticates the user and deploys the SPW package.
D. The device user attempts to access a network URL.
Answer: A

QUESTION 4
Which three features should be enabled as best practices for MAB? (Choose three.)
A. MD5
B. IP source guard
C. DHCP snooping
D. storm control
E. DAI
F. URPF
Answer: BCE

QUESTION 5
When MAB is configured, how often are ports reauthenticated by default?
A. every 60 seconds
B. every 90 seconds
C. every 120 seconds
D. never
Answer: D

QUESTION 6
What is a required step when you deploy dynamic VLAN and ACL assignments?
A. Configure the VLAN assignment.
B. Configure the ACL assignment.
C. Configure Cisco IOS Software 802.1X authenticator authorization.
D. Configure the Cisco IOS Software switch for ACL assignment.
Answer: C

QUESTION 7
Which model does Cisco support in a RADIUS change of authorization implementation?
A. push
B. pull
C. policy
D. security
Answer: A

QUESTION 8
An organization has recently deployed ISE with the latest models of Cisco switches, and it plans
to deploy Trustsec to secure its infrastructure. The company also wants to allow different network
access policies for different user groups (e.g., administrators). Which solution is needed to
achieve these goals?
A. Cisco Security Group Access Policies in order to use SGACLs to control access based on SGTs
assigned to different users
B. MACsec in Multiple-Host Mode in order to open or close a portbased on a single authentication
C. Identity-based ACLs on the switches with user identities provided by ISE
D. Cisco Threat Defense for user group control by leveraging Netflow exported from the switches and
login information from ISE
Answer: A

QUESTION 9
Security Group Access requires which three syslog messages to be sent to Cisco ISE? (Choose
three.)
A. IOS-7-PROXY_DROP
B. AP-1-AUTH_PROXY_DOS_ATTACK
C. MKA-2-MACDROP
D. AUTHMGR-5-MACMOVE
E. ASA-6-CONNECT_BUILT
F. AP-1-AUTH_PROXY_FALLBACK_REQ 
Answer: BDF

QUESTION 10
Which administrative role has permission to assign Security Group Access Control Lists?
A. System Admin
B. Network Device Admin
C. Policy Admin
D. Identity Admin
Answer: C

QUESTION 11
Which set of commands allows IPX inbound on all interfaces?
A. ASA1(config)# access-list IPX-Allow ethertype permit ipx
ASA1(config)# access-group IPX-Allow in interface global
B. ASA1(config)# access-list IPX-Allow ethertype permit ipx
ASA1(config)# access-group IPX-Allow in interface inside
C. ASA1(config)# access-list IPX-Allow ethertype permit ipx
ASA1(config)# access-group IPX-Allow in interface outside
D. ASA1(config)# access-list IPX-Allow ethertype permit ipx
ASA1(config)# access-group IPX-Allow out interface global
Answer: A

QUESTION 12
Which command enables static PAT for TCP port 25?
A. nat (outside,inside) static 209.165.201.3 209.165.201.226 eq smtp
B. nat static 209.165.201.3 eq smtp
C. nat (inside,outside) static 209.165.201.3 service tcp smtp smtp
D. static (inside,outside) 209.165.201.3 209.165.201.226 netmask 255.255.255.255
Answer: C

QUESTION 13
Which command is useful when troubleshooting AAA Authentication between a Cisco router and
the AAA server?
A. test aaa-server test cisco cisco123 all new-code
B. test aaa group7 tacacs+ auth cisco123 new-code
C. test aaa group tacacs+ cisco cisco123 new-code
D. test aaa-server tacacs+ group7 cisco cisco123 new-code
Answer: C

…go to http://www.lead2pass.com/300-208.html to download the full version Q&As.

try_now