Get all latest (August) Cisco 300-208 Actual Test 81-90

Ensurepass

 

QUESTION 81

Which three are required steps to enable SXP on a Cisco ASA? (Choose three).

 

A.

configure AAA authentication

B.

configure password

C.

issue the aaa authorization command aaa-server group command

D.

configure a peer

E.

configure TACACS

F.

issue the cts sxp enable command

Correct Answer: BDF

 

 

QUESTION 82

Which three network access devices allow for static security group tag assignment? (Choose three.)

 

A.

intrusion prevention system

B.

access layer switch

C.

data center access switch

D.

load balancer

E.

VPN concentrator

F.

wireless LAN controller

 

Correct Answer: BCE

 

 

QUESTION 83

Which option is required for inline security group tag propagation?

 

A.

Cisco Secure Access Control System

B.

hardware support

C.

Security Group Tag Exchange Protocol (SXP) v4

D.

Cisco Identity Services Engine

 

Correct Answer: B

 

 

QUESTION 84

Which two fields are characteristics of IEEE 802.1AE frame? (Choose two.)

 

A.

destination MAC address

B.

source MAC address

C.

802.1AE header in EtherType

D.

security group tag in EtherType

E.

integrity check value

F.

CRC/FCS

 

Correct Answer: CE

 

 

QUESTION 85

Which two options are valid for configuring IEEE 802.1AE MACSec between switches in a TrustSec network? (Choose two.)

 

A.

manually on links between supported switches

B.

in the Cisco Identity Services Engine

C.

in the global configuration of a TrustSec non-seed switch

D.

dynamically on links between supported switches

E.

in the Cisco Secure Access Control System

F.

in the global configuration of a TrustSec seed switch

 

Correct Answer: AD

 

 

QUESTION 86

Which three pieces of information can be found in an authentication detail report? (Choose three.)

 

A.

DHCP vendor ID

B.

user agent string

C.

the authorization rule matched by the endpoint

D.

the EAP method the endpoint is using

E.

the RADIUS username being used

F.

failed posture requirement

 

Correct Answer: CDE

 

 

QUESTION 87

Certain endpoints are missing DHCP profiling data. Which option describes what can be used to determine if DHCP requests from clients are reaching Cisco ISE?

 

A.

output of show interface gigabitEthernet 0 from the CLI

B.

output of debug logging all 7 from the CLI

C.

output of show logging application profiler.log from the CLI

D.

the TCP dump diagnostic tool through the GUI

E.

the posture troubleshooting diagnostic tool through the GUI

 

Correct Answer: D

 

 

QUESTION 88

Which debug command on a Cisco WLC shows the reason that a client session was terminated?

 

A.

debug dot11 state enable

B.

debug dot1x packet enable

C.

debug client mac addr

D.

debug dtls event enable

E.

debug ap enable cisco ap

 

Correct Answer: C

 

 

QUESTION 89

Which two identity databases are supported when PEAP-MSCHAPv2 is used as EAP type? (Choose two.)

 

A.

Windows Active Directory

B.

LDAP

C.

RADIUS token server

D.

internal endpoint store

E.

internal user store

F.

certificate authentication profile

G.

RSA SecurID

Correct Answer: AE

 

 

QUESTION 90

Which two Cisco Catalyst switch interface commands allow only a single voice device and a single data device to be connected to the IEEE 802.1X-enabled interface? (Choose two.)

 

A.

authentication host-mode single-host

B.

authentication host-mode multi-domain

C.

authentication host-mode multi-host

D.

authentication host-mode multi-auth

 

Correct Answer: AB

 

Free VCE & PDF File for Cisco 300-208 Real Exam

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …

Comments are closed.