Which two Cisco Catalyst switch interface commands allow only a single voice device and a single
data device to be connected to the IEEE 802.1X-enabled interface? (Choose two.)
A.
authentication host-mode single-host
B.
authentication host-mode multi-domain
C.
authentication host-mode multi-host
D.
authentication host-mode multi-auth
Explanation:
But why? The command authentication host-mode single-host allows one and only one device to be authenticated, and never more than one device. The only correct answer is B. I don’t know why this question should have two answers, because the word “only” in the question prevents answer C and D to be correct.
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960/software/release/12-2_55_se/configuration/guide/scg_2960/sw8021x.html
802.1x Host Mode
You can configure an 802.1x port for single-host or for multiple-hosts mode. In single-host mode (see Figure 1-1), only one client can be connected to the 802.1x-enabled switch port. The switch detects the client by sending an EAPOL frame when the port link state changes to the up state. If a client leaves or is replaced with another client, the switch changes the port link state to down, and the port returns to the unauthorized state.
>New 300-208 Exam Questions Updated Recently (1/Mar/2017):<
NEW QUESTION 288
An engineer must ensure that all client operating systems have the AnyConnect Agent for an upcoming posture implementation. Which two versions of OS does the AnyConnect posture agent support? (Choose two.)
A. Google Android
B. Ubuntu
C. Apple Mac OS X
D. Microsoft Windows
E. Red Hat Enterprise Linux
Answer: C
NEW QUESTION 289
Which command would be used in order to maintain a single open connection between a network access device and a tacacs server?
A. tacacs-server host timeout
B. tacacs-server host single-connection
C. tacacs-server host
D. tacacs-server host single-connection
Answer: D
NEW QUESTION 290
Refer to the exhibit. Which authentication method is being used?
Evaluating Identity Policy
15006 Matched Default Rule
15013 Selected Identity Store C LDAP_TESTE
22043 Current Identity Store does not support the authentication method; Skipping it
A. PEAP-MSCHAP
B. EAP-GTC
C. EAP-TLS
D. PEAP-TLS
Answer: C
NEW QUESTION 291
A security engineer has a new TrustSec project and must create a few static security group tag classifications as a proof of concept. Which two classifications can the tags be mapped to? (Choose two.)
A. VLAN
B. user ID
C. interface
D. switch ID
E. MAC address
Answer: AC
NEW QUESTION 292
NEW QUESTION 293
Which CoA type does a Cisco ISE PSN send to a network access device when a NAG agent reports the OS patch status of a noncompliant endpoint?
A. CoA-Terminate
B. CoA-PortBounce
C. CoA-Reauth
D. CoA-Remediate
Answer: B
NEW QUESTION 294
……
>P.S. These New 300-208 Exam Questions Were Just Updated From The Real 300-208 Exam, You Can Get The Newest 300-208 Dumps In PDF And VCE From — http://www.passleader.com/300-208.html (300q VCE and PDF)<
What’s more, part of that new 300Q 300-208 Dumps are available here:
https://1drv.ms/f/s!Aq3EkOX-B1yegR-ZeeCwg90H7vjB
Best Regards!