An administrator can leverage which attribute to assign privileges based on Microsoft Active
Directory user groups?
A.
member of
B.
group
C.
class
D.
person
An administrator can leverage which attribute to assign privileges based on Microsoft Active
Directory user groups?
An administrator can leverage which attribute to assign privileges based on Microsoft Active
Directory user groups?
A.
member of
B.
group
C.
class
D.
person
New 300-208 Questions and Answers (Updated on September/4/2017), and New 300-208 PDF and VCE Dumps: https://www.braindump2go.com/300-208.html (300Q&As Version), covers all new questions here in step with the cisco official test center! Share some new questions:
QUESTION
An engineer must ensure that all client operating systems have the AnyConnect Agent for an upcoming posture implementation.
Which two versions of OS does the AnyConnect posture agent support? (Choose two.)
A. Google Android
B. Ubuntu
C. Apple Mac OS X
D. Microsoft Windows
E. Red Hat Enterprise Linux
Answer: C
QUESTION
Which command would be used in order to maintain a single open connection between a network access device and a tacacs server?
A. tacacs-server host timeout
B. tacacs-server host single-connection
C. tacacs-server host
D. tacacs-server host single-connection
Answer: D
QUESTION
Refer to the exhibit. Which authentication method is being used?
A. PEAP-MSCHAP
B. EAP-GTC
C. EAP-TLS
D. PEAP-TLS
Answer: C
QUESTION
A security engineer has a new TrustSec project and must create a few static security group tag classifications as a proof of concept.
Which two classifications can the tags be mapped to? (Choose two.)
A. VLAN
B. user ID
C. interface
D. switch ID
E. MAC address
Answer: AC
QUESTION
Which CoA type does a Cisco ISE PSN send to a network access device when a NAG agent reports the OS patch status of a noncompliant endpoint?
A. CoA-Terminate
B. CoA-PortBounce
C. CoA-Reauth
D. CoA-Remediate
Answer: B
2018 January New Updated 300-208 Exam Questions:
QUESTION
Which three host modes support MACsec? (Choose three.)
A. multidomain authentication host mode
B. multihost mode
C. multi-MAC host mode
D. single-host mode
E. dual-host mode
F. multi-auth host mode
Answer: ABD
QUESTION
You are troubleshooting wired 802.1X authentications and see the following error: “Authentication failed: 22040 Wrong password or invalid shared secret.” What should you inspect to determine the problem?
A. RADIUS shared secret
B. Active Directory shared secret
C. Identity source sequence
D. TACACS+ shared secret
E. Certificate authentication profile
Answer: A
QUESTION
Refer to the exhibit. You are troubleshooting RADIUS issues on the network and the debug radius command returns the given output. What is the most likely reason for the failure?
A. An invalid username or password was entered.
B. The RADIUS port is incorrect.
C. The NAD is untrusted by the RADIUS server.
D. The RADIUS server is unreachable.
E. RADIUS shared secret does not match
Answer: A
QUESTION
Which devices support download of environmental data and IP from Cisco ISE to SGT bindings in their SGFW implementation?
A. Cisco ASA devices
B. Cisco ISR G2 and later devices with ZBFW
C. Cisco ISR G3 devices with ZBFW
D. Cisco ASR devices with ZBFW
Answer: A
QUESTION
In Cisco ISE 1.3, where is BYOD enabled with dual-SSID onboarding?
A. client provisioning policy
B. client provisioning resources
C. BYOD portal
D. guest portal
Answer: D
QUESTION
Which description of the purpose of the Continue option in an authentication policy rule is true?
A. It allows Cisco ISE to check the list of rules in an authentication policy until there is a match.
B. It sends an authentication to the next subrule within the same authentication rule.
C. It allows Cisco ISE to proceed to the authorization policy regardless of authentication pass/fail.
D. It sends an authentication to the selected identity store.
E. It causes Cisco ISE to ignore the NAD because NAD will treat the Cisco ISE server as dead.
Answer: C
QUESTION
How many days does Cisco ISE wait before it purges a session from the active session list if no RADIUS Accounting STOP message is received?
A. 1
B. 5
C. 10
D. 15
Answer: B
QUESTION
A user configured a Cisco Identity Service Engine and switch to work with downloadable access list for wired dot1x users, though it is failing to work. Which command must be added to address the issue?
A. ip dhcp snooping
B. ip device tracking
C. dot1x pae authenticator
D. aaa authentication dot1x default group radius
Answer: B
QUESTION
Refer to the exhibit. In a distributed deployment of Cisco ISE, which column in Figure 1 is used to fill in the Host Name field in Figure 2 to collect captures on Cisco ISE while authenticating the specific endpoint?
A. Server
B. Network Device
C. Endpoint ID
D. Identity
Answer: A
QUESTION
Which ISE feature is used to facilitate a BYOD deployment?
A. self-service personal device registration and onboarding
B. Guest Service Sponsor Portal
C. Local Web Auth
D. Guest Identity Source Sequence
Answer: A
More: http://www.examcollections.info/?s=300-208
Exam failed last week. 15-20 new question, something about SWISS protocol, anyone has new dump?