We provide real ccnp security sisas 300 208 official cert guide pdf exam questions and answers braindumps in two formats. Download PDF & Practice Tests. Pass Cisco ccnp security sisas 300 208 official cert guide Exam quickly & easily. The ccnp security sisas 300 208 official cert guide pdf PDF type is available for reading and printing. You can print more and practice many times. With the help of our Cisco 300 208 dumps dumps pdf and vce product and material, you can easily pass the 300 208 sisas exam.

Q1. The NAC Agent v4.9.x uses which ports and protocols to communicate with an ISE Policy Service Node? 

A. tcp/8905, http/80, ftp/21 

B. tcp/8905, http/80, https/443 

C. udp/8905, telnet/23, https/443 

D. udp/8906, http/80, https/443 


Q2. Refer to the exhibit. 

If the given configuration is applied to the object-group vpnservers, during which time period are external users able to connect? 

A. From Friday at 6:00 p.m. until Monday at 8:00 a.m. 

B. From Monday at 8:00 a.m. until Friday at 6:00 p.m. 

C. From Friday at 6:01 p.m. until Monday at 8:01 a.m. 

D. From Monday at 8:01 a.m. until Friday at 5:59 p.m. 


Q3. You discover that the Cisco ISE is failing to connect to the Active Directory server. Which option is a possible cause of the problem? 

A. NTP server time synchronization is configured incorrectly. 

B. There is a certificate mismatch between Cisco ISE and Active Directory. 

C. NAT statements required for Active Directory are configured incorrectly. 

D. The RADIUS authentication ports are being blocked by the firewall. 


Q4. Which two switchport commands enable MAB and allow non-802.1X capable devices to immediately run through the MAB process? (Choose two.) 

A. authentication order mab dot1x 

B. authentication order dot1x mab 

C. no authentication timer 

D. dot1x timeout tx-period 

E. authentication open 

F. mab 

Answer: A,F 

Q5. Which three statements about the Cisco ISE profiler are true? (Choose three.) 

A. It sends endpoint data to AAA servers. 

B. It collects endpoint attributes. 

C. It stores MAC addresses for endpoint systems. 

D. It monitors and polices router and firewall traffic. 

E. It matches endpoints to their profiles. 

F. It stores endpoints in the Cisco ISE database with their profiles. 

Answer: B,E,F 

Q6. Which term describes a software application that seeks connectivity to the network via a network access device? 

A. authenticator 

B. server 

C. supplicant 



Q7. Which condition triggers wireless authentication? A. NAS-Port-Type is set to IEEE 802.11. 

B. Framed-Compression is set to None. 

C. Service-Type is set to Framed. 

D. Tunnel-Type is set to VLAN. 



The Secure-X company has recently successfully tested the 802.1X authentication deployment using the Cisco Catalyst switch and the Cisco ISEv1.2 appliance. Currently, each employee desktop is connected to an 802.1X enabled switch port and is able to use the Cisco AnyConnect NAM 802.1Xsupplicantto log in and connect to the network. 

Currently, a new testing requirement is to add a network printer to the Fa0/19 switch port and have it connect to the network. The network printer does not support 802.1X supplicant. The Fa0/19 switch port is now configured to use 802.1X authentication only. 

To support this network printer, the Fa0/19 switch port configuration needs to be edited to enable the network printer to authenticate using its MAC address. The network printer should also be on VLAN 9. 

Another network security engineer responsible for managing the Cisco ISE has already per-configured all the requirements on the Cisco ISE, including adding the network printer MAC address to the Cisco ISE endpoint database and etc... 

Your task in the simulation is to access the Cisco Catalyst Switch console then use the CLI to: 

. Enable only the Cisco Catalyst Switch Fa0/19 switch port to authenticate the network printer using its MAC address and: 

. Ensure that MAC address authentication processing is not delayed until 802.1Xfails 

. Ensure that even if MAC address authentication passes, the switch will still perform 802.1X authentication if requested by a 802.1X supplicant 

. Use the required show command to verify the MAC address authentication on the Fa0/19 is successful 

The switch enable password is Cisco 

For the purpose of the simulation, to test the network printer, assume the network printer will be unplugged then plugged back into the Fa0/19 switch port after you have finished the required configurations on the Fa0/19 switch port. 

Note: For this simulation, you will not need and do not have access to the ISE GUI To access the switch CLI, click the Switch icon in the topology diagram 

Answer: Review the explanation for full configuration and solution. 

Q9. Which two are valid ISE posture conditions? (Choose two.) 

A. Dictionary 

B. memberOf 

C. Profile status 

D. File 

E. Service 

Answer: D,E 

Q10. Which three posture states can be used for authorization rules? (Choose three.) 

A. unknown 

B. known 

C. noncompliant 

D. quarantined 

E. compliant 

F. no access 

G. limited 

Answer: A,C,E