Get Full Version of the Exam
http://www.EnsurePass.com/300-208.html

Question No.91

Which two statements about MAB are true? (Choose two.)

1. It requires a preexisting database of the MAC addresses of permitted devices.

2. It is unable to control network access at the edge.

3. If MAB fails, the device is unable to fall back to another authentication method.

4. It is unable to link the IP and MAC addresses of a device.

5. It is unable to authenticate individual users.

Correct Answer: AE

Question No.92

Which 802.1x command is needed for ACL to be applied on a switch port?

1. dot1x system-auth-control

2. dot1x pae authenticator

3. authentication port-control auto

4. radius-server vsa send authentication

5. aaa authorization network default group radius

Correct Answer: D

Question No.93

Within a BYOD environment, when employees add devices using the My Devices Portal, which Identity Group does Cisco ISE add the endpoints to?

1. Registered

2. Employee

3. Guest

4. Profiled

Correct Answer: D

Question No.94

In a basic ACS deployment consisting of two servers, for which three tasks is the primary server responsible? (Choose three.)

1. configuration

2. authentication

3. sensing

4. policy requirements

5. monitoring

6. repudiation

Correct Answer: ABD

Question No.95

Which two statements about Cisco NAC Agents that are installed on clients that interact with the Cisco ISE profiler are true? (Choose two.)

1. They send endpoint data to AAA servers.

2. They collect endpoint attributes.

3. They interact with the posture service to enforce endpoint security policies.

4. They block access from the network through noncompliant endpoints.

5. They store endpoints in the Cisco ISE with their profiles.

6. They evaluate clients against posture policies, to enforce requirements.

Correct Answer: CF

Question No.96

Which three features should be enabled as best practices for MAB? (Choose three.)

1. MD5

2. IP source guard

3. DHCP snooping

4. storm control

5. DAI

6. URPF

Correct Answer: BCE

Question No.97

Which redirect-URL is pushed by Cisco ISE for posture redirect for corporate users?

1. https://ise1.cisco.com:8443/portal/gateway?sessionId=0A00023D0000003A239F78CCamp;portal=28 3258a0-e96e-11e4-a30a- 005056bf01c9amp;action=cppamp;token=a1a6ea71ea8f410c2637e11ba534379e

2. https://ise1.cisco.com:8443/portal/gateway?sessionId=0A00023D0000003A239F78CCamp;portal=28 3258a0-e96e-11e4-a30a- 005056bf01c9amp;action=cwaamp;token=a1a6ea71ea8f410c2637e11ba534379e

3. https://ise1.cisco.com:8443/portal/gateway?sessionId=0A00023D0000003A239F78CCamp;portal=28 3258a0-e96e-11e4-a30a- 005056bf01c9amp;action=mdmamp;token=a1a6ea71ea8f410c2637e11ba534379e

4. https://ise1.cisco.com:8443/portal/gateway?sessionId=0A00023D0000003A239F78CCamp;portal=28 3258a0-e96e-11e4-a30a- 005056bf01c9amp;action=drwamp;token=a1a6ea71ea8f410c2637e11ba534379e

Correct Answer: A

Question No.98

By default, how many days does Cisco ISE wait before it purges the expired guest accounts?

A.	1
B.	10
C.	15
D.	20

Correct Answer: C

Question No.99

Which three components comprise the Cisco ISE profiler? (Choose three.)

1. the sensor, which contains one or more probes

2. the probe manager

3. a monitoring tool that connects to the Cisco ISE

4. the trigger, which activates ACLs

5. an analyzer, which uses configured policies to evaluate endpoints

6. a remitter tool, which fails over to redundant profilers

Correct Answer: ABE

Question No.100

You configured wired 802.1X with EAP-TLS on Windows machines. The ISE authentication detail report shows quot;EAP-TLS failed SSL/TLS handshake because of an unknown CA in the client certificates chain.quot; What is the most likely cause of this error?

1. The ISE certificate store is missing a CA certificate.

2. The Wireless LAN Controller is missing a CA certificate.

3. The switch is missing a CA certificate.

4. The Windows Active Directory server is missing a CA certificate.

Correct Answer: A

Get Full Version of the Exam
300-208 Dumps
300-208 VCE and PDF