Before you write the Cisco CCNP Security (300-208) certification exam, you may have certain doubts in your mind regarding the pattern of the test, the types of questions asked in it, the difficulty level of the questions and time required to complete the questions. These Cisco Certified Network Professional Security (SISAS) sample questions and demo exam help you in removing these doubts and prepare you to take the test.
The best approach to pass your Cisco 300-208 exam is to challenge and improve your knowledge. To test your learning and identify improvement areas with actual exam format, we suggest you practice with Premium Cisco 300-208 Certification Practice Exam. The practice test is one of the most important elements of your Cisco Implementing Cisco Secure Access Solutions (SISAS) exam study strategy to discover your strengths and weaknesses, to improve your time management skills and to get an idea of the score you can expect.
Cisco 300-208 (SISAS) Sample Questions:
01. What shortcoming of the original RADIUS specification does CoA address?
a) Allows the AAA server to provide unsolicited authorization policy updates to AAA clients.
b) Allows co-authentication of the user and the endpoint.
c) Allows co-authorization on ingress device and egress device in Cisco TrustSec domain.
d) Change of address allows policy to follow user if they roam between wireless access points.
e) Allows RADIUS to be transported using TCP.
02. Which 802.1X mode uses a static pre-authentication ACL with a dynamically applied downloadable ACL after authentication?
a) Dynamic mode
b) Monitor mode
c) Multi-auth mode
d) Flexible enforcement mode
e) Low impact mode
03. What are three methods that Cisco ISE can use to perform authentication?
e) Active Directory
f) Web Authentication.
04. Which of the following is a benefit of EAP Chaining?
a) Multi-factor authentication
b) Two factor authentication
c) Specify user and machine details in authorization policy conditions
d) Outer EAP provides secure tunnel to protect inner EAP
e) Policy can consider both ingress identity and egress identity
05. Which of the following are roles that ISE plays in a Cisco TrustSec deployment?
a) Distribute tags with SXP
b) Manage SGACLs
c) Map SGTs to VLANs
d) Dynamically assign SGTs to endpoints
e) Manage UCS port profiles
06. What component of ISE organizes attributes and their possible values which are used to define context sensitive policy conditions?
a) Vendor specific attribute
b) Contextual database
07. Which of the following must be configured on the switch to support Central Web Authentication?
a) Traffic filter ACL
b) Web redirection ACL
e) HTTP and HTTPS services
f) Redirection URL
08. Which of the following profiling probe functions are implemented directly in the NAD via the IOS Device-Sensor feature?
e) CDP and LLDP
09. Which of the following Cisco ISE features is associated with endpoint remediation?
e) Guest services
10. Which element serves to maintain synchronization Cisco ISE and the NAD with respect to AAA activity for a particular endpoint?
a) MAC address
b) Common session ID
c) Endpoint handle
d) Security group tag
Answer: a, b, f
Answer: b, d
Answer: b, c, e
Answer: d, e, f
Note: If you find any error in these Cisco Implementing Cisco Secure Access Solutions (SISAS) sample questions, you can update us by write an email on firstname.lastname@example.org.