Which AAA authentication method should be selected?

A network administrator needs to implement a service that enables granular control of IOS
commands that can be executed. Which AAA authentication method should be selected?

A network administrator needs to implement a service that enables granular control of IOS
commands that can be executed. Which AAA authentication method should be selected?

A.
TACACS+

B.
RADIUS

C.
Windows Active Directory

D.
Generic LDAP

Show Hint

Leave a Reply 27

Your email address will not be published. Required fields are marked *

PG

PG

this dump is it still valid ?

Reply

Terry

Terry

As of December 18th 2015 i can confirm this is no longer valid.

There are now ISE1.3 and ISE 2.0 questions present.

Reply

Ivo

Ivo

I did this exam today too and can confirm that Terry`s comment is correct. All official training material constantly mentioned that exam is based on version 1.2 but now all the questions are different and based on 1.3 and 2.0. I believe Cisco should have changed the exam number as a result of that otherwise the exam is a farce.

Reply

Mee Yoki

Mee Yoki

Passed 300-208 exam with 960/1000 yesterday (The Passing Score is 846)! Got 57 questions including MAB and ISE-GUI Labs. MAB Lab is very easy but remember to save the CONFIG and the ISE-GUI Lab is not hard at all! I learned all exam questions from the valid 194q dumps here: http://www.passleader.com/300-208.html

Good Luck!

Reply

izirider

izirider

could you please share the passleader new dumps .
my exam is scheduled for tomorow !!

Reply

Pongo

Pongo

This is false ! Passleader 300-208 it’s not up to date ….

Mee yoki work for Passleader 😉

Reply

albert

albert

true Passleader 194 Q is invalid

I wrote today and failed

Reply

fadmour

fadmour

Passleader 194q is the same of other vendor 174q
and all of them are invalid,
exam-collection just release a new dump with 211q but is not verified if it’s valid or no.

Reply

mondie

mondie

Failed the exam. I read oficial cert guide twice, cbtnuggets videos and some materials from cisco sites and after this I tried these questions. Some of them were in the exam, but there is a lot of new questions. I have no idea if pass leader dump below is valid, i did not see it

Reply

papero23

papero23

Also failed the exam with 794 instead of 846 points. I try my best but there were a lot of new questions about ISE 1.3 and 2.0 Questions on this site are out of date. There were questions about TACACS implementation on ISE (on ISE 1.2 and below RADIUS is the only “language of love” between NAD and ISE). Neither Cisco Official Cert guide nor CBT Nuggets talks about TACACS implementation on ISE since they both work with ISE 1.2
You have done a good work, but can you please update soon questions on this website?

Reply

josef

josef

Has someone news about exam? Is it true about totaly renewed exam (questions cover ISE v2.0, implement TACACS on ISE, etc…) ? i study from this site. Is it enought? THNX

Reply

fadmour

fadmour

please can any one share the passleader for the 300-208.
email is : [email protected]

thanx in advance

Reply

Joe

Joe

Wrote the exam today. Only 4 questions from here. Also used 4 other well-know (paid-for) sources. No good either.

Reply

Niko

Niko

Hi, I’ve passed 300-208 SISAS exam. It was my second try. Prepare for this questions which I haven’t seen in any cert dump / VCE file:

==========
QUESTIONS:
==========
1. After how many days will ISE purge expired guest user accounts.
Possible answers: 1 day, 10 days, 15 days, …

2. After what time will ISE purge authentication session without receiving RADIUS Accounting Stop message.
Possible answers: 1 day, x days, y days…

3. ISE 2.0 TACACS – Screenshot with TACACS Shell Profile with configured default privilege level 9 and maximum privilege level 10. Question is what commands is user allowed to execute.
Possible options: Configure t, privilege 10, show run, exit,…

4. ISE 2.0. TACACS – Screenshot with TACACS Command Set with entries with wildcards used:
1. permit ping .*
2. permit conf t
3. permit s*w .*
4. deny xxx
5. deny always yyy

Question is what commands is user allowed to execute.
Possible options: Show ip int brief, show ver, configure term, ping 10.20.0.1, …

5. BYOD – what components are needed in client provisioning.
I don’t remember possible answers, I think there was Wizard, Agent, Supplicant profile, etc…

6. ISE 1.3 Client Certificates: What 2 options are awailable to take with certificate.
Possible options: Export, Delete, Revoke, Unrevoke, …

7. ISE 1.3 Sponsor portal: What actions are available for sponsor to take with user accounts.
I don’t remember possible answers.

8. ISE 2.0 – what URL will ISE use to redirect user to CWA portal.
Possible options (Check all possible portal URLs in ISE Authorization profile. The difference is in “action=” cwa / mdm / cpp / nsp / cwa&type=drw):
For a Hotspot Guest portal:
https://ip:port/guestportal/gateway?sessionID=SessionIdValue&portal=PortalID&action=cwa&type=drw

For a Mobile Device Management (MDM) portal:
https://ip:port/mdmportal/gateway?sessionID=SessionIdValue&portal=PortalID&action=mdm

10. What is the main attribute which is used by ISE to distinguish MAB from Dot1x auth.
Possible options: RADIUS Service-Type 6 (Call-Check), Service-Type 8 (Framed IP), Service-Type 25 (Class), … As I remember, there are only Service Type number codes (6, 8, 25, …) no names – so learn this numbers also.

11. Redirect ACL & Downloadable ACL on Catalyst SW. There were options with different access lists permitting and/or denying access to ISE IP and/or remetiation server IP. Question was what access list combination (redirect ACL + dACL) is correct for redirect to portal & remediation server.

12. How many bits have TrustSec SGT:
Possible options: 16, 32, etc…

13. MacSec 802.1AE – Questions regarding keying – Connectivity Association Key (CAK). What is it used for.

As you can see, several questions was regarding Sponsor portal, guest portal, guest users. Some questions were about MacSec 802.1AE and TrustSec. There was simlet where you should configure MAB and correct authentication methods order (MAB > dot1x) only on Catalyst SW, not ISE. Another simlet was about editing ISE Authentication & Authorization policy and also troubleshooting output from ISE Live Log.

Reply

hhj

hhj

hi,Niko!
thanks for your sharing , i know these are the questions in 300-208, but i don’t really confirm the answers , Can you list the answers you think under the questions ,

Reply

hhj

hhj

Can you list the correct answers of these questions,thanks a lot .

Reply

zozo

zozo

!!!!!!!!!!!!Attention ExamCollection false advertising!!!!!

The dump 300-208 211q is a fake !! on Website there are 211 question but after buy and download there are only 174, it’s a old dump.

Reply

David Won

David Won

New 300-208 Exam Questions and Answers Updated Recently (11/Mar/2016):

NEW QUESTION 195
Which devices support download of environmental data and IP from Cisco ISE to SGT bindings in their SGFW implementation?

A. Cisco ASA devices
B. Cisco ISR G2 and later devices with ZBFW
C. Cisco ISR G3 devices with ZBFW
D. Cisco ASR devices with ZBFW

Answer: A

NEW QUESTION 196
In Cisco ISE 1.3, where is BYOD enabled with dual-SSID onboarding?

A. client provisioning policy
B. client provisioning resources
C. BYOD portal
D. guest portal

Answer: D

NEW QUESTION 197
Which description of the purpose of the Continue option in an authentication policy rule is true?

A. It allows Cisco ISE to check the list of rules in an authentication policy until there is a match.
B. It sends an authentication to the next subrule within the same authentication rule.
C. It allows Cisco ISE to proceed to the authorization policy regardless of authentication pass/fail.
D. It sends an authentication to the selected identity store.
E. It causes Cisco ISE to ignore the NAD because NAD will treat the Cisco ISE server as dead.

Answer: C

NEW QUESTION 198
How many days does Cisco ISE wait before it purges a session from the active session list if no RADIUS Accounting STOP message is received?
A. 1
B. 5
C. 10
D. 15

Answer: B

NEW QUESTION 199
A user configured a Cisco Identity Service Engine and switch to work with downloadable access list for wired dot1x users, though it is failing to work. Which command must be added to address the issue?

A. ip dhcp snooping
B. ip device tracking
C. dot1x pae authenticator
D. aaa authentication dot1x default group radius

Answer: B

NEW QUESTION 200
Which option is the correct format of username in MAB authentication?

A. host/LSB67.cisco.com
B. {email not allowed}
C. 10:41:7F:46:9F:89
D. CISCO\chris

Answer: C

NEW QUESTION 201
Refer to the exhibit. In a distributed deployment of Cisco ISE, which column in Figure 1 is used to fill in the Host Name field in Figure 2 to collect captures on Cisco ISE while authenticating the specific endpoint?
Image URL: http://www.200-120.info/wp-content/uploads/2016/03/2011.jpg

A. Server
B. Network Device
C. Endpoint ID
D. Identity

Answer: A

NEW QUESTION 202
Which ISE feature is used to facilitate a BYOD deployment?

A. self-service personal device registration and onboarding
B. Guest Service Sponsor Portal
C. Local Web Auth
D. Guest Identity Source Sequence

Answer: A

NEW QUESTION 203
What are two actions that can occur when an 802.1X-enabled port enters violation mode? (Choose two.)

A. The port is error disabled.
B. The port drops packets from any new device that sends traffic to the port.
C. The port generates a port resistance error.
D. The port attempts to repair the violation.
E. The port is placed in quarantine state.
F. The port is prevented from authenticating indefinitely.

Answer: AB

NEW QUESTION 204
Which option describes the purpose of configuring Native Supplicant Profile on the Cisco ISE?

A. It helps employees add and manage new devices by entering the MAC address for the device.
B. It is used to register personal devices on the network.
C. It enforces the use of MSCHAPv2 or EAP-TLS for 802.1X authentication.
D. It provides posture assessments and remediation for devices that are attempting to gain access to the corporate network.

Answer: C

NEW QUESTION 205
Which configuration is required in the Cisco ISE Authentication policy to allow Central Web Authentication?

A. Dot1x and if authentication failed continue
B. MAB and if user not found continue
C. MAB and if authentication failed continue
D. Dot1x and if user not found continue

Answer: B

NEW QUESTION 206
……

P.S. These New 300-208 Exam Questions Were Just Updated From The Real 300-208 Exam, You Can Get The Newest 300-208 Dumps In PDF And VCE From — http://bitly.com/300-208-exam (232q)

Good Luck !!!

Reply

David Won

David Won

New 300-208 Exam Questions and Answers Updated Recently (11/Mar/2016):

NEW QUESTION 195
Which devices support download of environmental data and IP from Cisco ISE to SGT bindings in their SGFW implementation?

A. Cisco ASA devices
B. Cisco ISR G2 and later devices with ZBFW
C. Cisco ISR G3 devices with ZBFW
D. Cisco ASR devices with ZBFW

Answer: A

NEW QUESTION 196
In Cisco ISE 1.3, where is BYOD enabled with dual-SSID onboarding?

A. client provisioning policy
B. client provisioning resources
C. BYOD portal
D. guest portal

Answer: D

NEW QUESTION 197
Which description of the purpose of the Continue option in an authentication policy rule is true?

A. It allows Cisco ISE to check the list of rules in an authentication policy until there is a match.
B. It sends an authentication to the next subrule within the same authentication rule.
C. It allows Cisco ISE to proceed to the authorization policy regardless of authentication pass/fail.
D. It sends an authentication to the selected identity store.
E. It causes Cisco ISE to ignore the NAD because NAD will treat the Cisco ISE server as dead.

Answer: C

NEW QUESTION 198
How many days does Cisco ISE wait before it purges a session from the active session list if no RADIUS Accounting STOP message is received?
A. 1
B. 5
C. 10
D. 15

Answer: B

NEW QUESTION 199
A user configured a Cisco Identity Service Engine and switch to work with downloadable access list for wired dot1x users, though it is failing to work. Which command must be added to address the issue?

A. ip dhcp snooping
B. ip device tracking
C. dot1x pae authenticator
D. aaa authentication dot1x default group radius

Answer: B

NEW QUESTION 200
Which option is the correct format of username in MAB authentication?

A. host/LSB67.cisco.com
B. {email not allowed}
C. 10:41:7F:46:9F:89
D. CISCO\chris

Answer: C

NEW QUESTION 201
Refer to the exhibit. In a distributed deployment of Cisco ISE, which column in Figure 1 is used to fill in the Host Name field in Figure 2 to collect captures on Cisco ISE while authenticating the specific endpoint?
Image URL: w w w.200-120.info/wp-content/uploads/2016/03/2011.jpg (delete space)

A. Server
B. Network Device
C. Endpoint ID
D. Identity

Answer: A

NEW QUESTION 202
Which ISE feature is used to facilitate a BYOD deployment?

A. self-service personal device registration and onboarding
B. Guest Service Sponsor Portal
C. Local Web Auth
D. Guest Identity Source Sequence

Answer: A

NEW QUESTION 203
What are two actions that can occur when an 802.1X-enabled port enters violation mode? (Choose two.)

A. The port is error disabled.
B. The port drops packets from any new device that sends traffic to the port.
C. The port generates a port resistance error.
D. The port attempts to repair the violation.
E. The port is placed in quarantine state.
F. The port is prevented from authenticating indefinitely.

Answer: AB

NEW QUESTION 204
Which option describes the purpose of configuring Native Supplicant Profile on the Cisco ISE?

A. It helps employees add and manage new devices by entering the MAC address for the device.
B. It is used to register personal devices on the network.
C. It enforces the use of MSCHAPv2 or EAP-TLS for 802.1X authentication.
D. It provides posture assessments and remediation for devices that are attempting to gain access to the corporate network.

Answer: C

NEW QUESTION 205
Which configuration is required in the Cisco ISE Authentication policy to allow Central Web Authentication?

A. Dot1x and if authentication failed continue
B. MAB and if user not found continue
C. MAB and if authentication failed continue
D. Dot1x and if user not found continue

Answer: B

NEW QUESTION 206
……

P.S. These New 300-208 Exam Questions Were Just Updated From The Real 300-208 Exam, You Can Get The Newest 300-208 Dumps In PDF And VCE From — http://bitly.com/300-208-exam (232q)

Good Luck !!!

Reply

Danilo

Danilo

David, Do you have the all questions?
thanks for sharing!!!

Reply

Beware-244Q

Beware-244Q

Beware of 244Q from any Source! They just took 120 questions for the old 174Q and REPEATED it multiple times. They also took some 30+ VPN questions from old 300-209 questions.

Reply

IZI

IZI

Hi all,

for the NEW QUESTION 204:

i think that the naswer is B .

cisco CONF GUIDE ISE 2.0 : definition of Native suplicant profile ” You can create native supplicant profiles to enable users to bring their own devices into the Cisco ISE network “

Reply

Antony

Antony

this dump is it still valid ?

Reply

Mehran

Mehran

[Update]

New 300-208 Exam Questions Updated Recently (1/Mar/2017):

NEW QUESTION 288
An engineer must ensure that all client operating systems have the AnyConnect Agent for an upcoming posture implementation. Which two versions of OS does the AnyConnect posture agent support? (Choose two.)

A. Google Android
B. Ubuntu
C. Apple Mac OS X
D. Microsoft Windows
E. Red Hat Enterprise Linux

Answer: C

NEW QUESTION 289
Which command would be used in order to maintain a single open connection between a network access device and a tacacs server?

A. tacacs-server host timeout
B. tacacs-server host single-connection
C. tacacs-server host
D. tacacs-server host single-connection

Answer: D

NEW QUESTION 290
Refer to the exhibit. Which authentication method is being used?
Evaluating Identity Policy
15006 Matched Default Rule
15013 Selected Identity Store C LDAP_TESTE
22043 Current Identity Store does not support the authentication method; Skipping it

A. PEAP-MSCHAP
B. EAP-GTC
C. EAP-TLS
D. PEAP-TLS

Answer: C

NEW QUESTION 291
A security engineer has a new TrustSec project and must create a few static security group tag classifications as a proof of concept. Which two classifications can the tags be mapped to? (Choose two.)

A. VLAN
B. user ID
C. interface
D. switch ID
E. MAC address

Answer: AC

NEW QUESTION 292

NEW QUESTION 293
Which CoA type does a Cisco ISE PSN send to a network access device when a NAG agent reports the OS patch status of a noncompliant endpoint?

A. CoA-Terminate
B. CoA-PortBounce
C. CoA-Reauth
D. CoA-Remediate

Answer: B

NEW QUESTION 294

P.S. These New 300-208 Exam Questions Were Just Updated From The Real 300-208 Exam, You Can Get The Newest 300-208 Dumps In PDF And VCE From — http://www.passleader.com/300-208.html (300q VCE and PDF)

Good Luck!

Reply