Questions Ask for cisco 300 208
The article at Testaimer.com going over http://www.testaimer.com/300-208-test is very comprehensive.
Q71. Which two identity store options allow you to authorize based on group membership? (Choose two).
A. Lightweight Directory Access Protocol
B. RSA SecurID server
C. RADIUS
D. Active Directory
Answer: A,D
Q72. Which two switchport commands enable MAB and allow non-802.1X capable devices to immediately run through the MAB process? (Choose two.)
A. authentication order mab dot1x
B. authentication order dot1x mab
C. no authentication timer
D. dot1x timeout tx-period
E. authentication open
F. mab
Answer: A,F
Q73. What are the initial steps to configure an ACS as a TACACS server?
A. 1. Choose Network Devices and AAA Clients > Network Resources.
2. Click Create.
B. 1. Choose Network Resources > Network Devices and AAA Clients.
2. Click Create.
C. 1. Choose Network Resources > Network Devices and AAA Clients.
2. Click Manage.
D. 1. Choose Network Devices and AAA Clients > Network Resources.
2. Click Install.
Answer: B
Q74. Which three personas can a Cisco ISE assume in a deployment? (Choose three.)
A. connection
B. authentication
C. administration
D. testing
E. policy service
F. monitoring
Answer: C,E,F
Q75. What EAP method supports mutual certificate-based authentication?
A. EAP-TTLS
B. EAP-MSCHAP
C. EAP-TLS
D. EAP-MD5
Answer: C
Q76. Which two statements about administrative access to the ACS Solution Engine are true? (Choose two.)
A. The ACS Solution Engine supports command-line connections through a serial-port connection.
B. For GUI access, an administrative GUI user must be created with the add-guiadmin command.
C. The ACS Solution Engine supports command-line connections through an Ethernet interface.
D. An ACL-based policy must be configured to allow administrative-user access.
E. GUI access to the ACS Solution Engine is not supported.
Answer: B,D
Q77. Which action must an administrator take after joining a Cisco ISE deployment to an Active Directory domain?
A. Choose an Active Directory user.
B. Configure the management IP address.
C. Configure replication.
D. Choose an Active Directory group.
Answer: D
Q78. Changes were made to the ISE server while troubleshooting, and now all wireless certificate authentications are failing. Logs indicate an EAP failure. What are the two possible causes of the problem? (Choose two.)
A. EAP-TLS is not checked in the Allowed Protocols list
B. Client certificate is not included in the Trusted Certificate Store
C. MS-CHAPv2-is not checked in the Allowed Protocols list
D. Default rule denies all traffic
E. Certificate authentication profile is not configured in the Identity Store
Answer: A,E
Q79. Refer to the exhibit.
The links outside the TrustSec area in the given SGA architecture are unprotected. On which two links does EAC take place? (Choose two.)
A. between switch 2 and switch 3
B. between switch 5 and host 2
C. between host 1 and switch 1
D. between the authentication server and switch 4
E. between switch 1 and switch 2
F. between switch 1 and switch 5
Answer: A,B
Q80. With which two appliance-based products can Cisco Prime Infrastructure integrate to perform centralized management? (Choose two.)
A. Cisco Managed Services Engine
B. Cisco Email Security Appliance
C. Cisco Wireless Location Appliance
D. Cisco Content Security Appliance
E. Cisco ISE
Answer: A,E