Download Implementing Cisco Secure Access Solutions (SISAS).prep4sure.300-208.2018-08-04.1e.186q.vcex

Download Exam

File Info

Exam Implementing Cisco Secure Access Solutions
Number 300-208
File Name Implementing Cisco Secure Access Solutions (SISAS).prep4sure.300-208.2018-08-04.1e.186q.vcex
Size 5.9 Mb
Posted August 04, 2018
Downloads 52

How to open VCEX & EXAM Files?

Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.

Coupon: EXAM_HUB

Discount: 20%


Demo Questions

Question 1
During client provisioning on a Mac OS X system, the client system fails to renew its IP address. Which change can you make to the agent profile to correct the problem?

  • A: Enable the Agent IP Refresh feature.
  • B: Enable the Enable VLAN Detect Without UI feature.
  • C: Enable CRL checking.
  • D: Edit the Discovery Host parameter to use an IP address instead of an FQDN.

Question 2
Where is dynamic SGT classification configured?

  • A: Cisco ISE
  • B: NAD
  • C: supplicant
  • D: RADIUS proxy

Question 3
What is the function of the SGACL policy matrix on a Cisco TrustSec domain with SGT Assignment?

  • A: It determines which access policy to apply to the endpoint.
  • B: It determines which switches are trusted within the TrustSec domain.
  • C: It determines the path the SGT of the packet takes when entering the Cisco TrustSec domain.
  • D: It lists all servers that are permitted to participate in the TrustSec domain.
  • E: It lists all hosts that are permitted to participate in the TrustSec domain.

Question 4
You are configuring SGA on a network device that is unable to perform SGT tagging. How can the device propagate SGT information?

  • A: The device can use SXP to pass IP-address-to-SGT mappings to a TrustSec-capable hardware peer.
  • B: The device can use SXP to pass MAC-address-to-STG mappings to a TrustSec-capable hardware peer.
  • C: The device can use SXP to pass MAC-address-to-IP mappings to a TrustSec-capable hardware peer.
  • D: The device can propagate SGT information in an encapsulated security payload.
  • E: The device can use a GRE tunnel to pass the SGT information to a TrustSec-capable hardware peer.

Question 5
Refer to the exhibit. 


The links outside the TrustSec area in the given SGA architecture are unprotected. On which two links does EAC take place? (Choose two.)

  • A: between switch 2 and switch 3
  • B: between switch 5 and host 2
  • C: between host 1 and switch 1
  • D: between the authentication server and switch 4
  • E: between switch 1 and switch 2
  • F: between switch 1 and switch 5

Question 6
Which three host modes support MACsec? (Choose three.)

  • A: multidomain authentication host mode
  • B: multihost mode
  • C: multi-MAC host mode
  • D: single-host mode
  • E: dual-host mode
  • F: multi-auth host mode

Question 7
You are troubleshooting wired 802.1X authentications and see the following error: "Authentication failed: 22040 Wrong password or invalid shared secret." 
What should you inspect to determine the problem?

  • A: RADIUS shared secret
  • B: Active Directory shared secret
  • C: Identity source sequence
  • D: TACACS+ shared secret
  • E: Certificate authentication profile

Question 8
Refer to the exhibit. 

You are troubleshooting RADIUS issues on the network and the debug radius command returns the given output. What is the most likely reason for the failure?

  • A: An invalid username or password was entered.
  • B: The RADIUS port is incorrect.
  • C: The NAD is untrusted by the RADIUS server.
  • D: The RADIUS server is unreachable.
  • E: RADIUS shared secret does not match

Question 9
What are two possible reasons why a scheduled nightly backup of ISE to a FTP repository would fail? (Choose two.)

  • A: ISE attempted to write the backup to an invalid path on the FTP server.
  • B: The ISE and FTP server clocks are out of sync.
  • C: The username and password for the FTP server are invalid.
  • D: The server key is invalid or misconfigured.
  • E: TCP port 69 is disabled on the FTP server.

Question 10
Which two statements about MAB are true? (Choose two.)

  • A: It requires a preexisting database of the MAC addresses of permitted devices.
  • B: It is unable to control network access at the edge.
  • C: If MAB fails, the device is unable to fall back to another authentication method.
  • D: It is unable to link the IP and MAC addresses of a device.
  • E: It is unable to authenticate individual users.



You can buy ProfExam with a 20% discount..

Get Now!


Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen


Use VCE Exam Simulator to open VCE files