300-208 exam is also named Cisco Cisco 300-208 exam which is any Cisco certification exam. Cisco 300-208 certification is a passport for you to related professions. Having a 300-208 certification inside hand, you will enjoy any promising future. It can be a essential step for you to choose an efficient preparation materials. Examcollection is really a premier choice for you for you to lay a good foundation to the Cisco 300-208 preparation.
2021 Mar 300-208 exam answers
Q31. Which two profile attributes can be collected by a Cisco Catalyst Switch that supports Device Sensor? (Choose two.)
A. LLDP agent information
B. user agent
C. DHCP options
D. open ports
E. operating system
F. trunk ports
Answer: A,C
Q32. When you select Centralized Web Auth in the ISE Authorization Profile, which two components host the web authentication portal? (Choose two.)
A. ISE
B. the WLC
C. the access point
D. the switch
E. the endpoints
Answer: B,D
Q33. In the command 'aaa authentication default group tacacs local', how is the word 'default' defined?
A. Command set
B. Group name
C. Method list
D. Login type
Answer: C
Q34. The NAC Agent uses which port and protocol to send discovery packets to an ISE Policy Service Node?
A. tcp/8905
B. udp/8905
C. http/80
D. https/443
Answer: B
Q35. ORRECT TEXT
The Secure-X company has recently successfully tested the 802.1X authentication deployment using the Cisco Catalyst switch and the Cisco ISEv1.2 appliance. Currently, each employee desktop is connected to an 802.1X enabled switch port and is able to use the Cisco AnyConnect NAM 802.1Xsupplicantto log in and connect to the network.
Currently, a new testing requirement is to add a network printer to the Fa0/19 switch port and have it connect to the network. The network printer does not support 802.1X supplicant. The Fa0/19 switch port is now configured to use 802.1X authentication only.
To support this network printer, the Fa0/19 switch port configuration needs to be edited to enable the network printer to authenticate using its MAC address. The network printer should also be on VLAN 9.
Another network security engineer responsible for managing the Cisco ISE has already per-configured all the requirements on the Cisco ISE, including adding the network printer MAC address to the Cisco ISE endpoint database and etc...
Your task in the simulation is to access the Cisco Catalyst Switch console then use the CLI to:
. Enable only the Cisco Catalyst Switch Fa0/19 switch port to authenticate the network printer using its MAC address and:
. Ensure that MAC address authentication processing is not delayed until 802.1Xfails
. Ensure that even if MAC address authentication passes, the switch will still perform 802.1X authentication if requested by a 802.1X supplicant
. Use the required show command to verify the MAC address authentication on the Fa0/19 is successful
The switch enable password is Cisco
For the purpose of the simulation, to test the network printer, assume the network printer will be unplugged then plugged back into the Fa0/19 switch port after you have finished the required configurations on the Fa0/19 switch port.
Note: For this simulation, you will not need and do not have access to the ISE GUI To access the switch CLI, click the Switch icon in the topology diagram
Answer: Review the explanation for full configuration and solution.
Up to the minute 300-208 testing engine:
Q36. You are troubleshooting wired 802.1X authentications and see the following error: "Authentication failed: 22040 Wrong password or invalid shared secret." What should you inspect to determine the problem?
A. RADIUS shared secret
B. Active Directory shared secret
C. Identity source sequence
D. TACACS+ shared secret
E. Certificate authentication profile
Answer: A
Q37. What is a required step when you deploy dynamic VLAN and ACL assignments?
A. Configure the VLAN assignment.
B. Configure the ACL assignment.
C. Configure Cisco IOS Software 802.1X authenticator authorization.
D. Configure the Cisco IOS Software switch for ACL assignment.
Answer: C
Q38. Which three statements describe differences between TACACS+ and RADIUS? (Choose three.)
A. RADIUS encrypts the entire packet, while TACACS+ encrypts only the password.
B. TACACS+ encrypts the entire packet, while RADIUS encrypts only the password.
C. RADIUS uses TCP, while TACACS+ uses UDP.
D. TACACS+ uses TCP, while RADIUS uses UDP.
E. RADIUS uses ports 1812 and 1813, while TACACS+ uses port 49.
F. TACACS+ uses ports 1812 and 1813, while RADIUS uses port 49
Answer: B,D,E
Q39. Which RADIUS attribute is used primarily to differentiate an IEEE 802.1x request from a Cisco MAB request?
A. RADIUS Attribute (5) NAS-Port
B. RADIUS Attribute (6) Service-Type
C. RADIUS Attribute (7) Framed-Protocol
D. RADIUS Attribute (61) NAS-Port-Type
Answer: B
Q40. What are the initial steps to configure an ACS as a TACACS server?
A. 1. Choose Network Devices and AAA Clients > Network Resources.
2. Click Create.
B. 1. Choose Network Resources > Network Devices and AAA Clients.
2. Click Create.
C. 1. Choose Network Resources > Network Devices and AAA Clients.
2. Click Manage.
D. 1. Choose Network Devices and AAA Clients > Network Resources.
2. Click Install.
Answer: B