Refer to the exhibit.
If the given configuration is applied to the object-group vpnservers, during which time period are
external users able to connect?
A.
From Friday at 6:00 p.m. until Monday at 8:00 a.m.
B.
From Monday at 8:00 a.m. until Friday at 6:00 p.m.
C.
From Friday at 6:01 p.m. until Monday at 8:01 a.m.
D.
From Monday at 8:01 a.m. until Friday at 5:59 p.m.
The correct answer is “D”, not “A”, since:
1) the time range defines “WEEKEND” hours
2) during which the ACL DENIES ALL access to the vpnservers
3) the ACL is applied on the OUTSIDE interface in the INCOMING direction
There are also two other versions of this question available on this pages:
http://www.aiotestking.com/cisco/which-time-period-are-external-users-able-to-connect-2/
and
http://www.aiotestking.com/cisco/which-time-period-are-external-users-able-to-connect/
and these are correct.
This answer is not correct.
In the example you can clearly see a “deny ip any”.
This means that when the group is applied, users are no longer able to connect.
Since the time it is applied is from Friday 6:00pm until Monday at 8:00am, it will not work during that time, which means that A is not the correct answer.
The correct answer should be D (from Monday 8:01am until Friday 5:59pm)
I agree with the above comments completely. Can you imagine if the exam calculator has been set for answer A as the correct one even though it clearly isn`t? That would be a shame.
Passed 300-208 exam with 960/1000 yesterday (The Passing Score is 846)! Got 57 questions including MAB and ISE-GUI Labs. MAB Lab is very easy but remember to save the CONFIG and the ISE-GUI Lab is not hard at all! I learned all exam questions from the valid 194q dumps here: http://www.passleader.com/300-208.html
Good Luck!
New 300-208 Exam Questions and Answers Updated Recently (11/Mar/2016):
NEW QUESTION 195
Which devices support download of environmental data and IP from Cisco ISE to SGT bindings in their SGFW implementation?
A. Cisco ASA devices
B. Cisco ISR G2 and later devices with ZBFW
C. Cisco ISR G3 devices with ZBFW
D. Cisco ASR devices with ZBFW
Answer: A
NEW QUESTION 196
In Cisco ISE 1.3, where is BYOD enabled with dual-SSID onboarding?
A. client provisioning policy
B. client provisioning resources
C. BYOD portal
D. guest portal
Answer: D
NEW QUESTION 197
Which description of the purpose of the Continue option in an authentication policy rule is true?
A. It allows Cisco ISE to check the list of rules in an authentication policy until there is a match.
B. It sends an authentication to the next subrule within the same authentication rule.
C. It allows Cisco ISE to proceed to the authorization policy regardless of authentication pass/fail.
D. It sends an authentication to the selected identity store.
E. It causes Cisco ISE to ignore the NAD because NAD will treat the Cisco ISE server as dead.
Answer: C
NEW QUESTION 198
How many days does Cisco ISE wait before it purges a session from the active session list if no RADIUS Accounting STOP message is received?
A. 1
B. 5
C. 10
D. 15
Answer: B
NEW QUESTION 199
A user configured a Cisco Identity Service Engine and switch to work with downloadable access list for wired dot1x users, though it is failing to work. Which command must be added to address the issue?
A. ip dhcp snooping
B. ip device tracking
C. dot1x pae authenticator
D. aaa authentication dot1x default group radius
Answer: B
NEW QUESTION 200
Which option is the correct format of username in MAB authentication?
A. host/LSB67.cisco.com
B. {email not allowed}
C. 10:41:7F:46:9F:89
D. CISCO\chris
Answer: C
NEW QUESTION 201
Refer to the exhibit. In a distributed deployment of Cisco ISE, which column in Figure 1 is used to fill in the Host Name field in Figure 2 to collect captures on Cisco ISE while authenticating the specific endpoint?
Image URL: w w w.200-120.info/wp-content/uploads/2016/03/2011.jpg (delete space!!!)
A. Server
B. Network Device
C. Endpoint ID
D. Identity
Answer: A
NEW QUESTION 202
Which ISE feature is used to facilitate a BYOD deployment?
A. self-service personal device registration and onboarding
B. Guest Service Sponsor Portal
C. Local Web Auth
D. Guest Identity Source Sequence
Answer: A
NEW QUESTION 203
What are two actions that can occur when an 802.1X-enabled port enters violation mode? (Choose two.)
A. The port is error disabled.
B. The port drops packets from any new device that sends traffic to the port.
C. The port generates a port resistance error.
D. The port attempts to repair the violation.
E. The port is placed in quarantine state.
F. The port is prevented from authenticating indefinitely.
Answer: AB
NEW QUESTION 204
Which option describes the purpose of configuring Native Supplicant Profile on the Cisco ISE?
A. It helps employees add and manage new devices by entering the MAC address for the device.
B. It is used to register personal devices on the network.
C. It enforces the use of MSCHAPv2 or EAP-TLS for 802.1X authentication.
D. It provides posture assessments and remediation for devices that are attempting to gain access to the corporate network.
Answer: C
NEW QUESTION 205
Which configuration is required in the Cisco ISE Authentication policy to allow Central Web Authentication?
A. Dot1x and if authentication failed continue
B. MAB and if user not found continue
C. MAB and if authentication failed continue
D. Dot1x and if user not found continue
Answer: B
NEW QUESTION 206
……
P.S. These New 300-208 Exam Questions Were Just Updated From The Real 300-208 Exam, You Can Get The Newest 300-208 Dumps In PDF And VCE From — http://bitly.com/300-208-exam (232q)
Good Luck !!!
>New 300-208 Exam Questions Updated Recently (1/Mar/2017):<
NEW QUESTION 288
An engineer must ensure that all client operating systems have the AnyConnect Agent for an upcoming posture implementation. Which two versions of OS does the AnyConnect posture agent support? (Choose two.)
A. Google Android
B. Ubuntu
C. Apple Mac OS X
D. Microsoft Windows
E. Red Hat Enterprise Linux
Answer: C
NEW QUESTION 289
Which command would be used in order to maintain a single open connection between a network access device and a tacacs server?
A. tacacs-server host timeout
B. tacacs-server host single-connection
C. tacacs-server host
D. tacacs-server host single-connection
Answer: D
NEW QUESTION 290
Refer to the exhibit. Which authentication method is being used?
Evaluating Identity Policy
15006 Matched Default Rule
15013 Selected Identity Store C LDAP_TESTE
22043 Current Identity Store does not support the authentication method; Skipping it
A. PEAP-MSCHAP
B. EAP-GTC
C. EAP-TLS
D. PEAP-TLS
Answer: C
NEW QUESTION 291
A security engineer has a new TrustSec project and must create a few static security group tag classifications as a proof of concept. Which two classifications can the tags be mapped to? (Choose two.)
A. VLAN
B. user ID
C. interface
D. switch ID
E. MAC address
Answer: AC
NEW QUESTION 292
NEW QUESTION 293
Which CoA type does a Cisco ISE PSN send to a network access device when a NAG agent reports the OS patch status of a noncompliant endpoint?
A. CoA-Terminate
B. CoA-PortBounce
C. CoA-Reauth
D. CoA-Remediate
Answer: B
NEW QUESTION 294
……
P.S. You Can Get The Newest 300-208 Dumps In PDF And VCE From — http://www.passleader.com/300-208.html (300q VCE and PDF)
Good Luck!
What’s more, part of that new 300Q 300-208 Dumps are available here:
https://1drv.ms/f/s!Aq3EkOX-B1yegR-ZeeCwg90H7vjB
Best Regards!