The Secret of 300 208 sisas

Testking offers free demo for cisco 300 208 exam. "Implementing Cisco Secure Access Solutions (SISAS)", also known as ccnp security sisas 300 208 official cert guide exam, is a Cisco Certification. This set of posts, Passing the Cisco ccnp security sisas 300 208 official cert guide pdf exam, will help you answer those questions. The 300 208 dumps Questions & Answers covers all the knowledge points of the real exam. 100% real Cisco 300 208 sisas exams and revised by experts!

The article at going over is very comprehensive.

Q61. Which profiling capability allows you to gather and forward network packets to an analyzer? 

A. collector 

B. spanner 

C. retriever 

D. aggregator 


Q62. Which three algorithms should be avoided due to security concerns? (Choose three.) 

A. DES for encryption 

B. SHA-1 for hashing 

C. 1024-bit RSA 

D. AES GCM mode for encryption 


F. 256-bit Elliptic Curve Diffie-Hellman 

G. 2048-bit Diffie-Hellman 

Answer: A,B,C 

Q63. You are configuring SGA on a network device that is unable to perform SGT tagging. How can the device propagate SGT information? 

A. The device can use SXP to pass IP-address-to-SGT mappings to a TrustSec-capable hardware peer. 

B. The device can use SXP to pass MAC-address-to-STG mappings to a TrustSec-capable hardware peer. 

C. The device can use SXP to pass MAC-address-to-IP mappings to a TrustSec-capable hardware peer. 

D. The device can propagate SGT information in an encapsulated security payload. 

E. The device can use a GRE tunnel to pass the SGT information to a TrustSec-capable hardware peer. 


Q64. Cisco ISE distributed deployments support which three features? (Choose three.) 

A. global implementation of the profiler service CoA 

B. global implementation of the profiler service in Cisco ISE 

C. configuration to send system logs to the appropriate profiler node 

D. node-specific probe configuration 

E. server-specific probe configuration 

F. NetFlow probes 

Answer: A,C,D 

Q65. Which two services are included in the Cisco ISE posture service? (Choose two.) 

A. posture administration 

B. posture run-time 

C. posture monitoring 

D. posture policing 

E. posture catalog 

Answer: A,B 

Q66. Which three statements about the Cisco ISE profiler are true? (Choose three.) 

A. It sends endpoint data to AAA servers. 

B. It collects endpoint attributes. 

C. It stores MAC addresses for endpoint systems. 

D. It monitors and polices router and firewall traffic. 

E. It matches endpoints to their profiles. 

F. It stores endpoints in the Cisco ISE database with their profiles. 

Answer: B,E,F 

Q67. When RADIUS NAC and AAA Override are enabled for a WLC on a Cisco ISE, which two statements about RADIUS NAC are true? (Choose two.) 

A. It returns an access-accept and sends the redirection URL for all users. 

B. It establishes secure connectivity between the RADIUS server and the Cisco ISE. 

C. It allows the Cisco ISE to send a CoA request that indicates when the user is authenticated. 

D. It is used for posture assessment, so the Cisco ISE changes the user profile based on posture result. 

E. It allows multiple users to authenticate at the same time. 

Answer: C,D 

Q68. Which time allowance is the minimum that can be configured for posture reassessment interval? 

A. 5 minutes 

B. 20 minutes 

C. 60 minutes 

D. 90 minutes 


Q69. What implementation must be added to the WLC to enable 802.1X and CoA for wireless endpoints? 

A. the ISE 

B. an ACL 

C. a router 

D. a policy server 


Q70. Which Cisco ISE feature can differentiate a corporate endpoint from a personal device? 

A. EAP chaining 

B. PAC files 

C. authenticated in-band provisioning 

D. machine authentication