We provide real ccnp security sisas 300 208 official cert guide exam questions and answers braindumps in two formats. Download PDF & Practice Tests. Pass Cisco ccnp security sisas 300 208 official cert guide pdf Exam quickly & easily. The 300 208 dumps PDF type is available for reading and printing. You can print more and practice many times. With the help of our Cisco cisco 300 208 dumps pdf and vce product and material, you can easily pass the ccnp security sisas 300 208 official cert guide exam.

Q11. Which two profile attributes can be collected by a Cisco Catalyst Switch that supports Device Sensor? (Choose two.) 

A. LLDP agent information 

B. user agent 

C. DHCP options 

D. open ports 

E. operating system 

F. trunk ports 

Answer: A,C 


Q12. What implementation must be added to the WLC to enable 802.1X and CoA for wireless endpoints? 

A. the ISE 

B. an ACL 

C. a router 

D. a policy server 

Answer:


Q13. Where is client traffic decrypted in a controller-based wireless network protected with WPA2 Security? 

A. Access Point 

B. Switch 

C. Wireless LAN Controller 

D. Authentication Server 

Answer:


Q14. Which two Active Directory authentication methods are supported by Cisco ISE? (Choose two.) 

A. MS-CHAPv2 

B. PEAP 

C. PPTP 

D. EAP-PEAP 

E. PPP 

Answer: A,B 


Q15. Which two statements about Cisco NAC Agents that are installed on clients that interact with the Cisco ISE profiler are true? (Choose two.) 

A. They send endpoint data to AAA servers. 

B. They collect endpoint attributes. 

C. They interact with the posture service to enforce endpoint security policies. 

D. They block access from the network through noncompliant endpoints. 

E. They store endpoints in the Cisco ISE with their profiles. 

F. They evaluate clients against posture policies, to enforce requirements. 

Answer: C,F 


Q16. With which two appliance-based products can Cisco Prime Infrastructure integrate to perform centralized management? (Choose two.) 

A. Cisco Managed Services Engine 

B. Cisco Email Security Appliance 

C. Cisco Wireless Location Appliance 

D. Cisco Content Security Appliance 

E. Cisco ISE 

Answer: A,E 


Q17. Which three algorithms should be avoided due to security concerns? (Choose three.) 

A. DES for encryption 

B. SHA-1 for hashing 

C. 1024-bit RSA 

D. AES GCM mode for encryption 

E. HMAC-SHA-1 

F. 256-bit Elliptic Curve Diffie-Hellman 

G. 2048-bit Diffie-Hellman 

Answer: A,B,C 


Q18. A user is on a wired connection and the posture status is noncompliant. 

Which state will their EPS session be placed in? 

A. disconnected 

B. limited 

C. no access 

D. quarantined 

Answer:


Q19. In this simulation, you are task to examine the various authentication events using the ISE GUI. For example, you should see events like Authentication succeeded. Authentication failed and etc... 

Which two statements are correct regarding the event that occurred at 2014-05-07 00:16:55.393? (Choose two.) 

A. The failure reason was user entered the wrong username. 

B. The supplicant used the PAP authentication method. 

C. The username entered was it1. 

D. The user was authenticated against the Active Directory then also against the ISE interal user database and both fails. 

E. The NAS switch port where the user connected to has a MAC address of 44:03:A7:62:41:7F 

F. The user is being authenticated using 802.1X. 

G. The user failed the MAB. 

H. The supplicant stopped responding to ISE which caused the failure. 

Answer: C,F 

Explanation: 

Event Details: 

Screen Shot 2015-06-23 at 5.45.07 PM Screen Shot 2015-06-23 at 5.45.16 PM 


Q20. In a basic ACS deployment consisting of two servers, for which three tasks is the primary server responsible? (Choose three.) 

A. configuration 

B. authentication 

C. sensing 

D. policy requirements 

E. monitoring 

F. repudiation 

Answer: A,B,D