Download New Updated (Spring 2015) Cisco 300-208 Actual Tests 21-30

By | April 22, 2015

Ensurepass

 

QUESTION 21

An organization has recently deployed ISE with the latest models of Cisco switches, and it plans to deploy Trustsec to secure its infrastructure. The company also wants to allow different network access policies for different user groups (e.g., administrators). Which solution is needed to achieve these goals?

 

A.

Cisco Security Group Access Policies in order to use SGACLs to control access based on SGTs assigned to different users

B.

MACsec in Multiple-Host Mode in order to open or close a port based on a single authentication

C.

Identity-based ACLs on the switches with user identities provided by ISE

D.

Cisco Threat Defense for user group control by leveraging Netflow exported from the switches and login information from ISE

 

Correct Answer: A

 

 

 

 

 

 

QUESTION 22

Security Group Access requires which three syslog messages to be sent to Cisco ISE? (Choose three.)

 

A.

IOS-7-PROXY_DROP

B.

AP-1-AUTH_PROXY_DOS_ATTACK

C.

MKA-2-MACDROP

D.

AUTHMGR-5-MACMOVE

E.

ASA-6-CONNECT_BUILT

F.

AP-1-AUTH_PROXY_FALLBACK_REQ

 

Correct Answer: BDF

 

 

QUESTION 23

Which administrative role has permission to assign Security Group Access Control Lists?

 

A.

System Admin

B.

Network Device Admin

C.

Policy Admin

D.

Identity Admin

 

Correct Answer: C

 

 

QUESTION 24

Refer to the exhibit. If the given configuration is applied to the object-group vpnservers, during which time period are external users able to connect?

 

clip_image002

 

A.

From Friday at 6:00 p.m. until Monday at 8:00 a.m.

B.

From Monday at 8:00 a.m. until Friday at 6:00 p.m.

C.

From Friday at 6:01 p.m. until Monday at 8:01 a.m.

D.

From Monday at 8:01 a.m. until Friday at 5:59 p.m.

 

Correct Answer: D

 

 

QUESTION 25

Which set of commands allows IPX inbound on all interfaces?

 

A.

ASA1(config)# access-list IPX-Allow ethertype permit ipx

ASA1(config)# access-group IPX-Allow in interface global

B.

ASA1(config)# access-list IPX-Allow ethertype permit ipx

ASA1(config)# access-group IPX-Allow in interface inside

C.

ASA1(config)# access-list IPX-Allow ethertype permit ipx

ASA1(config)# access-group IPX-Allow in interface outside

D.

ASA1(config)# access-list IPX-Allow ethertype permit ipx

ASA1(config)# access-group IPX-Allow out interface global

 

Correct Answer: A

 

 

QUESTION 26

Which command enables static PAT for TCP port 25?

 

A.

nat (outside,inside) static 209.165.201.3 209.165.201.226 eq smtp

B.

nat static 209.165.201.3 eq smtp

C.

nat (inside,outside) static 209.165.201.3 service tcp smtp smtp

D.

static (inside,outside) 209.165.201.3 209.165.201.226 netmask 255.255.255.255

 

Correct Answer: C

 

 

QUESTION 27

Which command is useful when troubleshooting AAA Authentication between a Cisco router and the AAA server?

 

A.

test aaa-server test cisco cisco123 all new-code

B.

test aaa group7 tacacs+ auth cisco123 new-code

C.

test aaa group tacacs+ cisco cisco123 new-code

D.

test aaa-server tacacs+ group7 cisco cisco123 new-code

 

Correct Answer: C

 

 

QUESTION 28

In a multi-node ISE deployment, backups are not working on the MnT node. Which ISE CLI option would help mitigate this issue?

 

A.

repository

B.

ftp-url

C.

application-bundle

D.

collector

 

Correct Answer: A

 

 

QUESTION 29

Which command can check a AAA server authentication for server group Group1, user cisco, and password cisco555 on a Cisco ASA device?

 

A.

ASA# test aaa-server authentication Group1 username cisco password cisco555

B.

ASA# test aaa-server authentication group Group1 username cisco password cisco555

C.

ASA# aaa-server authorization Group1 username cisco password cisco555

D.

ASA# aaa-server authentication Group1 roger cisco555

 

Correct Answer: A

 

 

 

QUESTION 30

Which statement about system time and NTP server configuration with Cisco ISE is true?

 

A.

The system time and NTP server settings can be configured centrally on the Cisco ISE.

B.

The system time can be configured centrally on the Cisco ISE, but NTP server settings must be configured individually on each ISE node.

C.

NTP server settings can be configured centrally on the Cisco ISE, but the system time must be configured individually on each ISE node.

D.

The system time and NTP server settings must be configured individually on each ISE node.

 

Correct Answer: D

 

Free VCE & PDF File for Cisco 300-208 Real Exam

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …