Proper study guides for Updated Cisco Implementing Cisco Secure Access Solutions (SISAS) certified begins with Cisco 300-208 preparation products which designed to deliver the Verified 300-208 questions by making you pass the 300-208 test at your first time. Try the free 300-208 demo right now.

2017 Mar 300-208 actual exam

Q1. An organization has recently deployed ISE with Trustsec capable Cisco switches and would like to allow differentiated network access based on user groups. Which solution is most suitable for achieving these goals? 

A. Cyber Threat Defense for user group control by leveraging Netflow exported from the Cisco switches and identity information from ISE 

B. MACsec in Multiple-Host Mode in order to encrypt traffic at each hop of the network infrastructure 

C. Identity-based ACLs preconfigured on the Cisco switches with user identities provided by ISE 

D. Cisco Security Group Access Policies to control access based on SGTs assigned to different user groups 


Q2. An administrator can leverage which attribute to assign privileges based on Microsoft Active Directory user groups? 

A. member of 

B. group 

C. class 

D. person 


Q3. What EAP method supports mutual certificate-based authentication? 






Q4. You enabled the guest session limit feature on the Cisco ISE. However, end users report that the same guest can log in from multiple devices simultaneously. 

Which configuration is missing on the network access device? 

A. RADIUS authentication 

B. RADIUS accounting 

C. DHCP required 

D. AAA override 


Q5. Which two switchport commands enable MAB and allow non-802.1X capable devices to immediately run through the MAB process? (Choose two.) 

A. authentication order mab dot1x 

B. authentication order dot1x mab 

C. no authentication timer 

D. dot1x timeout tx-period 

E. authentication open 

F. mab 

Answer: A,F 

Replace 300-208 free download:

Q6. What is the first step that occurs when provisioning a wired device in a BYOD scenario? 

A. The smart hub detects that the physically connected endpoint requires configuration and must use MAB to authenticate. 

B. The URL redirects to the Cisco ISE Guest Provisioning portal. 

C. Cisco ISE authenticates the user and deploys the SPW package. 

D. The device user attempts to access a network URL. 


Q7. Which advanced authentication setting is needed to allow an unknown device to utilize Central WebAuth? 

A. If Authentication failed > Continue 

B. If Authentication failed > Drop 

C. If user not found > Continue 

D. If user not found > Reject 


Q8. When MAB is configured, how often are ports reauthenticated by default? 

A. every 60 seconds 

B. every 90 seconds 

C. every 120 seconds 

D. never 


Q9. In Cisco ISE, which two actions can be taken based on matching a profiler policy? (Choose two). 

A. exception 

B. network scan (NMAP) 

C. delete endpoint 

D. automatically remediate 

E. create matching identity group 

Answer: A,B 

Q10. Which identity store option allows you to modify the directory services that run on TCP/IP? 

A. Lightweight Directory Access Protocol 

B. RSA SecurID server 


D. Active Directory