[2017 New] 2017 Updated Lead2pass Cisco 300-208 Exam Questions (76-100)

2017 July Cisco Official New Released 300-208 Dumps in Lead2pass.com!

100% Free Download! 100% Pass Guaranteed!

Our PDF dumps of 300-208 exam is designed to ensure everything which you need to pass your exam successfully. At Lead2pass, we have a completely customer oriented policy. We invite the professionals who have rich experience and expert knowledge of the IT certification industry to guarantee the PDF details precisely and logically. Our customers’ time is a precious concern for us. This requires us to provide you the products that can be utilized most efficiently.

Following questions and answers are all new published by Cisco Official Exam Center: https://www.lead2pass.com/300-208.html

QUESTION 76
Which two are technologies that secure the control plane of the Cisco router? (Choose two.)

A.    Cisco IOS Flexible Packet Matching
B.    uRPF
C.    routing protocol authentication
D.    CPPr
E.    BPDU protection
F.    role-based access control

Answer: CD

QUESTION 77
What is the result of configuring the command dotlx system-auth-control on a Cisco Catalyst switch?

A.    enables the switch to operate as the 802.1X supplicant
B.    globally enables 802.1X on the switch
C.    globally enables 802.1X and defines ports as 802.1X-capable
D.    places the configuration sub-mode into dotix-auth mode, in which you can identify the authentication
server parameters

Answer: B

QUESTION 78
Cisco IOS IPS uses which alerting protocol with a pull mechanism for getting IPS alerts to the network management application?

A.    HTTPS
B.    SMTP
C.    SNMP
D.    syslog
E.    SDEE
F.    POP3

Answer: E

QUESTION 79
When enabling the Cisco IOS IPS feature, which step should you perform to prevent rogue signature updates from being installed on the router?

A.    configure authentication and authorization for maintaining signature updates
B.    install a known RSA public key that correlates to a private key used by Cisco
C.    manually import signature updates from Cisco to a secure server, and then transfer files from
the secure server to the router
D.    use the SDEE protocol for all signature updates from a known secure management station

Answer: B

QUESTION 80
When is it most appropriate to choose IPS functionality based on Cisco IOS software?

A.    when traffic rates are low and a complete signature is not required
B.    when accelerated, integrated performance is required using hardware ASIC-based IPS inspections
C.    when integrated policy virtualization is required
D.    when promiscuous inspection meets security requirements

Answer: A

QUESTION 81
Which Cisco IOS IPS risk rating component uses a low value of 75, a medium value of 100, a high value of 150, and a mission-critical value of 200?

A.    Signature Fidelity Rating
B.    Attack Severity Rating
C.    Target Value Rating
D.    Attack Relevancy Rating
E.    Promiscuous Delta
F.    Watch List Rating

Answer: C

QUESTION 82
Which two of these are potential results of an attacker performing a DHCP server spoofing attack? (Choose two.)

A.    DHCP snooping
B.    DoS
C.    confidentiality breach
D.    spoofed MAC addresses
E.    switch ports being converted to an untrusted state

Answer: BC

QUESTION 83
When Cisco IOS IPS signatures are being tuned, how is the Target Value Rating assigned?

A.    It is calculated from the Event Risk Rating.
B.    It is calculated from a combination of the Attack Severity Rating and Signature Fidelity Rating
C.    It is manually set by the administrator.
D.    It is set based upon SEAP functions.

Answer: C

QUESTION 84
When performing NAT, which of these is a limitation you need to account for?

A.    exhaustion of port number translations
B.    embedded IP addresses
C.    security payload identifiers
D.    inability to provide mutual connectivity to networks with overlapping address spaces

Answer: B

QUESTION 85
Which two answers are potential results of an attacker that is performing a DHCP server spoofing attack? (Choose two.)

A.    ability to selectively change DHCP options fields of the current DHCP server, such as the giaddr field.
B.    DoS
C.    excessive number of DHCP discovery requests
D.    ARP cache poisoning on the router
E.    client unable to access network resources

Answer: BE

QUESTION 86
When configuring NAT, which three protocols that are shown may have limitations or complications when using NAT? (Choose three.)

A.    Kerberos
B.    HTTPS
C.    NTP
D.    SIP
E.    FTP
F.    SQL

Answer: ADE

QUESTION 87
Which state is a Cisco IOS IPS signature in if it does not take an appropriate associated action even if it has been successfully compiled?

A.    retired
B.    disabled
C.    unsupported
D.    inactive

Answer: B

QUESTION 88
Which statement best describes inside policy based NAT?

A.    Policy NAT rules are those that determine which addresses need to be translated per the enterprise
security policy
B.    Policy NAT consists of policy rules based on outside sources attempting to communicate with
inside endpoints.
C.    These rules use source addresses as the decision for translation policies.
D.    These rules are sensitive to all communicating endpoints.

Answer: A

QUESTION 89
When is it feasible for a port to be both a guest VLAN and a restricted VLAN?

A.    this configuration scenario is never be implemented
B.    when you have configured the port for promiscuous mode
C.    when private VLANs have been configured to place each end device into different subnets
D.    when you want to allow both types of users the same services

Answer: D

QUESTION 90
In an 802.1X environment, which feature allows for non-802.1X-supported devices such as printers and fax machines to authenticate?

A.    multiauth
B.    WebAuth
C.    MAB
D.    802.1X guest VLAN

Answer: C

QUESTION 91
Which RADIUS attribute is used primarily to differentiate an IEEE 802.1x request from a Cisco MAB request?

A.    RADIUS Attribute (5) NAS-Port
B.    RADIUS Attribute (6) Service-Type
C.    RADIUS Attribute (7) Framed-Protocol
D.    RADIUS Attribute (61) NAS-Port-Type

Answer: B

QUESTION 92
Which authorization method is the Cisco best practice to allow endpoints access to the Apple App store or Google Play store with Cisco WLC software version 7.6 or newer?

A.    dACL
B.    DNS ACL
C.    DNS ACL defined in Cisco ISE
D.    redirect ACL

Answer: B

QUESTION 93
Which time allowance is the minimum that can be configured for posture reassessment interval?

A.    5 minutes
B.    20 minutes
C.    60 minutes
D.    90 minutes

Answer: C

QUESTION 94
Which advanced authentication setting is needed to allow an unknown device to utilize Central WebAuth?

A.    If Authentication failed > Continue
B.    If Authentication failed > Drop
C.    If user not found > Continue
D.    If user not found > Reject

Answer: C

QUESTION 95
Which option restricts guests from connecting more than one device at a time?

A.    Guest Portal policy > Set Device registration portal limit
B.    Guest Portal Policy > Set Allow only one guest session per user
C.    My Devices Portal > Set Maximum number of devices to register
D.    Multi-Portal Policy > Guest users should be able to do device registration

Answer: B

QUESTION 96
In Cisco ISE, which two actions can be taken based on matching a profiler policy? (Choose two).

A.    exception
B.    network scan (NMAP)
C.    delete endpoint
D.    automatically remediate
E.    create matching identity group

Answer: AB

QUESTION 97
Which statement about the Cisco ISE BYOD feature is true?

A.    Use of SCEP/CA is optional.
B.    BYOD works only on wireless access.
C.    Cisco ISE needs to integrate with MDM to support BYOD.
D.    Only mobile endpoints are supported.

Answer: A

QUESTION 98
What user rights does an account need to join ISE to a Microsoft Active Directory domain?

A.    Create and Delete Computer Objects
B.    Domain Admin
C.    Join and Leave Domain
D.    Create and Delete User Objects

Answer: A

QUESTION 99
A network administrator must enable which protocol to utilize EAP-Chaining?

A.    EAP-FAST
B.    EAP-TLS
C.    MSCHAPv2
D.    PEAP

Answer: A

QUESTION 100
The corporate security policy requires multiple elements to be matched in an authorization policy. Which elements can be combined to meet the requirement?

A.    Device registration status and device activation status
B.    Network access device and time condition
C.    User credentials and server certificate
D.    Built-in profile and custom profile

Answer: B

If you want to get more 300-208 exam preparation material, you can download the free 300-208 braindumps in PDF files on Lead2pass. It would be great helpful for your exam. All the 300-208 dumps are updated and cover every aspect of the examination. Welcome to choose.

300-208 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDM1I1WlhIdHJZNjA

2017 Cisco 300-208 exam dumps (All 300 Q&As) from Lead2pass:

https://www.lead2pass.com/300-208.html [100% Exam Pass Guaranteed]