We provide real cisco 300 208 exam questions and answers braindumps in two formats. Download PDF & Practice Tests. Pass Cisco cisco 300 208 Exam quickly & easily. The cisco 300 208 PDF type is available for reading and printing. You can print more and practice many times. With the help of our Cisco cisco 300 208 dumps pdf and vce product and material, you can easily pass the cisco 300 208 exam.

P.S. Practical 300-208 torrent are available on Google Drive, GET MORE: https://drive.google.com/open?id=1yGEdwxIKhFIrcjJSl9zh7C6TjZ5L9Txo

New Cisco 300-208 Exam Dumps Collection (Question 2 - Question 11)

Question No: 2

Which two fields are characteristics of IEEE 802.1AE frame? (Choose two.)

A. destination MAC address

B. source MAC address

C. 802.1AE header in EtherType

D. security group tag in EtherType

E. integrity check value


Answer: C,E

Question No: 3

When using a DHCP probe in a Cisco ISE deployment, which type of request triggers an endpoint to be reprofiled?

A. DHCP Inform




Answer: D

Question No: 4

Which two attributes are delivered by the DHCP probe to the Cisco ISE? (Choose two.)

A. dhcp-client-identifier

B. framed-IP-address

C. host-name

D. calling-station-ID

E. MAC address

Answer: A,C

Question No: 5

A security engineer has configured a switch port in 802. 1X closed mode. Which protocol is allowed to pass through before a device is authenticated?

A. Bootps





Answer: D

Question No: 6

What endpoint operating system provides native support for the SPW?

A. Apple iOS

B. Android OS

C. Windows 8

D. Mac OS X

Answer: A

Question No: 7

Which supplicants(s) and server(s) are capable of supporting EAP-CHAINING?

A. Cisco AnyConnect NAM and Cisco Access Control Server

B. Cisco Secure Services Client and Cisco Access Control Server

C. Cisco AnyConnect NAM and Cisco Identity Service Engine

D. Windows Native Supplicant and Cisco Identity Service Engine

Answer: C

Question No: 8

Which two are best practices to implement profiling services in a distributed environment? (Choose two)

A. use of device sensor feature

B. configuration to send syslogs to the appropriate profiler node

C. netflow probes enabled on central nodes

D. node-specific probe configuration

E. global enablement of the profiler service

Answer: B,D

Explanation: https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_prof_pol.html#wp134 0515

You can deploy the Cisco ISE profiler service either in a standalone environment (on a single node), or in a distributed environment (on multiple nodes).

Depending on the type of your deployment and the license you have installed, the profiler service of Cisco ISE can run on a single node or on multiple nodes.

You need to install either the base license to take advantage of the basic services or the advanced license to take advantage of all the services of Cisco ISE.

The ISE distributed deployment includes support for the following:

u2022 The Deployment Nodes page supports the infrastructure for the distributed nodes in the distributed


u2022 A node specific configuration of probesu2014The Probe Config page allows you to configure the probe per node.

u2022 Global Implementation of the profiler Change of Authorization (CoA).

u2022 Configuration to allow syslogs to be sent to the appropriate profiler node.

Question No: 9

Which two attributes must match between two Cisco ASA devices to properly enable high availability? (Choose two.)

A. model, interface configuration, and RAM

B. major and minor software release

C. tcp dead-peer detection protocol

D. 802.1x authentication identity

Answer: A,B

Question No: 10

Which RADIUS attribute can be used to dynamically assign the Inactivity active timer for MAB users from the Cisco ISE node?

A. radius-server timeout

B. idle-timeout attribute

C. session-timeout attribute

D. termination-action attribute

Answer: B

Explanation: Explanation/Reference: https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/identity-based- networking-services/


When the inactivity timer is enabled, the switch monitors the activity from authenticated endpoints.

When the inactivity timer expires, the switch removes the authenticated session.

The inactivity timer for MAB can be statically configured on the switch port, or it can be dynamically assigned using the RADIUS Idle-Timeout attribute (Attribute 28).

Cisco recommends setting the timer using the RADIUS attribute because this approach lets gives you control over which endpoints are subject to this timer and the length of the timer for each class of endpoints.

For example, endpoints that are known to be quiet for long periods of time can be assigned a longer inactivity timer value than chatty endpoints.

Question No: 11

What are the initial steps to configure an ACS as a TACACS server?

A. 1. Choose Network Devices and AAA Clients > Network Resources.2. Click Create.

B. 1. Choose Network Resources > Network Devices and AAA Clients.2. Click Create.

C. 1. Choose Network Resources > Network Devices and AAA Clients.2. Click Manage.

D. 1. Choose Network Devices and AAA Clients > Network Resources.2. Click Install.

Answer: B

P.S. Easily pass 300-208 Exam with Allfreedumps Practical Dumps & pdf vce, Try Free: https://www.allfreedumps.com/300-208-dumps.html (310 New Questions)