Share your SECURE Experience
Cisco has made changes for the Security exams by replacing the old CCSP with the new CCNP Security Certification with 4 modules: Secure, Firewall, IPS and VPN. In fact, the old CCSP and the new CCNP Security are very similar. Many candidates have requested us to put up materials for these new exams but it is a time-consuming work. In the mean time, we created the “Share your experience” for the SECURE exam. We really hope anyone who read securitytut, 9tut, digitaltut, certprepare, networktut and voicetut contribute to these sections as your experience is invaluable for CCNP Security learners to complete their goals.
Please share with us your experience after taking the SECURE 642-637 exam, your materials, the way you learned, your recommendations…
Passed the 300-208. The answers are really questionable to me hehehe
@Shienchan, did you use any dumps? what did you use? are they valid? Please, provide a little bit more info.
QUESTION 388
Which description of SXP is true?
A. applies SGT along every hop in the network path
B. propagates SGT on a device upon which SGT inline tagging is unsupported
C. removes SGT from every in the network path
D. propagates SGT on a device which inline tagging is supported
Answer: D
In my opinion, the correct answer should be answer B
“Therefore network devices that do not have the hardware support use a protocol called SXP (SGT Exchange Protocol). SXP is used to share the SGT to IP address mapping. This allows the SGT propagation to continue to the next device in the path.”
QUESTION 418
Which characteristic of static SGT classification is true?
A. uses MAB
B. maps a tag to an IP address
C. maps a tag to a MAC address
D. uses web authentication
Answer: A
Correct answer is B !
QUESTION 424
Which action do you take to restrict network access for endpoints that are not posture compliant?
A. Configure a dACL on the NAD.
B. Configure client provisioning services on the Cisco ISE Server
C. Assign a dynamic VLAN on the NAD.
D. Define the policy by configuring a standard profile.s
Answer: C
Answer A cannot be validated because the dACL is not configured on the NAD but on Cisco ISE
What is the purpose of configuring Native Supplicant Profile on the Cisco ISE?
A.It provides posture assessments and remediation for devices that are attempting to gain access to the corporate network.
B.It is used to register personal devices on the network.
C.It enforces the use of MSCHAPv2 or EAP-TLS for 802 1X authentication
D.It helps employees add and manage new devices by entering the MAC address for the device.
Answer: B
Answer C cannot be validated because Native Supplicant Profile only allows PEAP and EAP-TLS protocols. MSCHAPv2 is the Inner Method of PEAP
QUESTION 424
Which action do you take to restrict network access for endpoints that are not posture compliant?
A. Configure a dACL on the NAD.
B. Configure client provisioning services on the Cisco ISE Server
C. Assign a dynamic VLAN on the NAD.
D. Define the policy by configuring a standard profile.s
Answer: C????
@Shienchan
please share the dumps used for passing. thanks
@ccpnexam
Did you find out what D&Ds and SIM are on the exam recently?
Congratulations!
Passed the 300-208 exam recently!
A lot of new questions in my 300-208 test, old version dumps are not valid enough for passing now.
I mainly learned the PassLeader 300-208 dumps (502q version), stable and valid enough for passing!
Good luck!
By the way:
PassLeader 300-208 dumps FYI:
od.lk/fl/NjFfMTUyNjc0NV8
(502q~~~NEW VERSION DUMPS!!!)
Good Luck!!!
[(copy that link and open it in your web browser!!!)]
+1
More:
1. PassLeader 300-206 dumps FYI:
od.lk/fl/NjFfMTUyNjc0M18
(486q~~~NEW VERSION DUMPS!!!)
~~~~~~~~~~~~~~~~~~~~~~~~~
2. PassLeader 300-209 dumps FYI:
od.lk/fl/NjFfMTUyNjc0N18
(454q~~~NEW VERSION DUMPS!!!)
~~~~~~~~~~~~~~~~~~~~~~~~~
3. PassLeader 300-210 dumps FYI:
od.lk/fl/NjFfMTUyNjc0OV8
(508q~~~NEW VERSION DUMPS!!!)
~~~~~~~~~~~~~~~~~~~~~~~~~
Good Luck!!!
[(copy those links and open them in your web browser!!!)]
Justin Ward IS FAKE FAKE FAKE
Justin Ward IS FAKE FAKE FAKE
someone here had the valid dumps?
The new PassLeader 300-208 dumps (Oct/2019 Updated) now are available, here are part of 300-208 exam questions (FYI):
od.lk/fl/NjFfMTUyNjc0NV8
(508q~~~NEW VERSION DUMPS!!!)
Good Luck!!!
[(copy that link and open it in your web browser!!!)]
More:
1. PassLeader 300-206 dumps FYI:
od.lk/fl/NjFfMTUyNjc0M18
(486q~~~NEW VERSION DUMPS!!!)
~~~~~~~~~~~~~~~~~~~~~~~~~
2. PassLeader 300-209 dumps FYI:
od.lk/fl/NjFfMTUyNjc0N18
(454q~~~NEW VERSION DUMPS!!!)
~~~~~~~~~~~~~~~~~~~~~~~~~
3. PassLeader 300-210 dumps FYI:
od.lk/fl/NjFfMTUyNjc0OV8
(508q~~~NEW VERSION DUMPS!!!)
~~~~~~~~~~~~~~~~~~~~~~~~~
Good Luck!!!
[(copy those links and open them in your web browser!!!)]
QUESTION 388
Which description of SXP is true?
A. applies SGT along every hop in the network path
B. propagates SGT on a device upon which SGT inline tagging is unsupported
C. removes SGT from every in the network path
D. propagates SGT on a device which inline tagging is supported
Answer: D
In my opinion, the correct answer should be answer B
“Therefore network devices that do not have the hardware support use a protocol called SXP (SGT Exchange Protocol). SXP is used to share the SGT to IP address mapping. This allows the SGT propagation to continue to the next device in the path.”
QUESTION 418
Which characteristic of static SGT classification is true?
A. uses MAB
B. maps a tag to an IP address
C. maps a tag to a MAC address
D. uses web authentication
Answer: A
Correct answer is B !
QUESTION 424
Which action do you take to restrict network access for endpoints that are not posture compliant?
A. Configure a dACL on the NAD.
B. Configure client provisioning services on the Cisco ISE Server
C. Assign a dynamic VLAN on the NAD.
D. Define the policy by configuring a standard profile.s
Answer: C
Answer A cannot be validated because the dACL is not configured on the NAD but on Cisco ISE
QUESTION 424
Which action do you take to restrict network access for endpoints that are not posture compliant?
A. Configure a dACL on the NAD.
B. Configure client provisioning services on the Cisco ISE Server
C. Assign a dynamic VLAN on the NAD.
D. Define the policy by configuring a standard profile.s
Answer: C????…………………….
I believe C is the correct answer
hello everyone
I’m studying SITCS 300-210, Is there anyone willing to take this exam?
@Daniel Baker thanks for sharing this I’ve got the same
Did you pass ccnp sec already?
Hey guys,
Someone have dumps to ccnp 300-206.
@GAREN
Yes – I’m no track to take the SITCS exam.
Does anyone know what D&Ds and SIMs are on exam 300-208 recently?
Anybody can share the PL502 ? No spammer from seller pls.
Found the file from CCNP_SWITCH , Thanks !!
@PassNextTime,
Do you have any additional feedbacks ? Is the PL accurate in terms of the questions asked ?
Which option describes the purpose of configuring Native Supplicant Profile on the Cisco ISE?
A. It helps employees add and manage new devices by entering the MAC address for the device. B. It is used to register personal devices on the network
C. It enforces the use of MSCHAPv2 or EAP-TLS for 802.1X authentication
D. It provides posture assessments and remediation for devices that are attempting to gain access to the corporate network.
Answer: C
Some dumps Answer is B.
Any one who can help verify this please ?
@KB B is a correct answer.
Has anyone taken 300-208 exam recently? Please share your experience and let us know if PL 502 and GIO 316 are correct dumps. Also please let us know if Labs, Simulation and drag and drops were in the exam and which one? Your help will be appreciated.
Do you guys know if there is any other forum where students share their experience more frequently for 300-208 exam?
The 300-208 has 508 Q&A now, please share the new dump.
Thanks
Hi, all!
The new PassLeader 300-208 dumps (Nov/2019 Updated) now are available, here are part of 300-208 exam questions (FYI):
od.lk/fl/NjFfMTUyNjc0NV8
(508q~~~NEW VERSION DUMPS!!!)
Good Luck!!!
[(copy that link and open it in your web browser!!!)]
What’s More:
1. PassLeader 300-206 dumps FYI:
od.lk/fl/NjFfMTUyNjc0M18
(486q~~~NEW VERSION DUMPS!!!)
~~~~~~~~~~~~~~~~~~~~~~~~~
2. PassLeader 300-209 dumps FYI:
od.lk/fl/NjFfMTUyNjc0N18
(454q~~~NEW VERSION DUMPS!!!)
~~~~~~~~~~~~~~~~~~~~~~~~~
3. PassLeader 300-210 dumps FYI:
od.lk/fl/NjFfMTUyNjc0OV8
(508q~~~NEW VERSION DUMPS!!!)
~~~~~~~~~~~~~~~~~~~~~~~~~
Good Luck!!!
[(copy those links and open them in your web browser!!!)]
Gudbjarni Gudmundsson IS SPAMMER SPAMMER
Gudbjarni Gudmundsson IS SPAMMER SPAMMER
Which guest service requires session services to be enabled on a cisco ISE node?
A.administration service
B.monitoring service
C.posture service
D.profiling service
Answer: C
In some dumps, answer is A.
Any one who can help me verify this pls?
What steps must you perform to deploy a CA-signed identity certificate on an ISE device?
A. 1. Download the CA server certificate and install it on ISE.
2. Generate a signing request and save it as a file.
3. Access the CA server and submit the CA request.
4. Install the issued certificate on the ISE.
B. 1. Download the CA server certificate and install it on ISE.
2. Generate a signing request and save it as a file.
3. Access the CA server and submit the CSR.
4. Install the issued certificate on the CA server.
C. 1. Generate a signing request and save it as a file.
2. Download the CA server certificate and install it on ISE.
3. Access the ISE server and submit the CA request.
4. Install the issued certificate on the CA server.
D. 1. Generate a signing request and save it as a file.
2. Download the CA server certificate and install it on ISE.
3. Access the CA server and submit the CSR.
4. Install the issued certificate on the ISE.
Some dumps say Ans is A, while others say it is D.
Please help me rectify this?
Can anybody share the PL 300-209 with 454Q ? Thanks !!
Answer is D.
My CCNP Security just expired after 9 years as I was too busy to renew. Looking to redo the cert before they change to the new exams, anybody can share the latest PL for the CCNP Security Track ? Espeically 300-209
@KB C is correct answer for the following question. See the explanation below
Which guest service requires session services to be enabled on a cisco ISE node?
A.administration service
B.monitoring service
C.posture service
D.profiling service
Answer: C
Enable Posture Session Service in Cisco ISE
Before you begin
You must enable session services in Cisco ISE and install the advanced license package to serve all the posture requests received from the clients.
If you have more than one node that is registered in a distributed deployment, all the nodes that you have registered appear in the Deployment Nodes page, apart from the primary node. You can configure each node as a Cisco ISE node (Administration, Policy Service, and Monitoring personas).
The posture service only runs on Cisco ISE nodes that assume the Policy Service persona and does not run on Cisco ISE nodes that assume the administration and monitoring personas in a distributed deployment.
Procedure
Step 1
Choose Administration > System > Deployment > Deployment.
Step 2
Choose a Cisco ISE node from the Deployment Nodes window.
Step 3
Click Edit.
Step 4
Under the General Settings tab, check the Policy Service check box,
If the Policy Service check box is unchecked, both the session services and the profiling service check boxes are disabled.
Step 5
Check the Enable Session Services check box, for the Policy Service persona to run the Network Access, Posture, Guest, and Client Provisioning session services. To stop the session services, uncheck the check box.
Step 6
Click Save.
@CCNP_Student
Thanks bro.
Single SSID (advantages) vs Multiple/Dual SSID (Choose two)
A.- Single SSID – better iOS user experience
B.-Single SSID – should be used ins BYOD deployment
C.– Dual SSID – better security useqsr experience
D.– Single SSID? – … client already used wired 802.1X on another network
E.-onliy on Single SSID user can veirfy byod certificate.
Answer: A D
Do you guys think the answer is correct?
Which advantage is provided by using Active Directory as an external identity source?
A. It supports SAML for single sign-on.
B. It uses EAP chaining with EAP-FAST to authenticate users and computers.
C. It supports two factor-authentication using a PIN and a token.
D. It uses EAP chaining with EAP-TLS to authentication users and computers.
Answer:B
Some dumps are saying answer is A
Guys which one do you think is the correct one?
i would say A is the correct answer. because AD doesn’t authenticate computer, ISE does.
Can someone please share new PL 300-208 508Q. Im looking to sit this exam at the end of this month.
Enable Posture Session Service in Cisco ISE
Before you begin
You must enable session services in Cisco ISE and install the advanced license package to serve all the posture requests received from the clients.
If you have more than one node that is registered in a distributed deployment, all the nodes that you have registerqwed appear in the Deployment Nodes page, apart from the primary node. You can configure each node as a Cisco ISE node (Administration, Policy Service, and Monitoring personas).
The posture service only runs on Cisco ISE nodes that assume the Policy Service persona and does not run on Cisco ISE nodes that assume the administration and monitoring personas in a distributed deployment.
Procedure
hell guys
have big news
The most favorable price this year!
Dumps for 70% off and Gifts for you.
Free LAB, Free WRITTEN DUMPS.
End this Black Friday Month.
ciscodumps09 dot livejournal dot com/1509.html
@ccnpexam, yes but almost 50% come from dump.. the rest is shared here in forum. so you have to trace back from June to present… almost shared all the question. You also need to re-validate the answer as some answers shared here are incorrect.
Questions are more on attributes.
hey guys,
Someone have 300-206 dumps??
@kb
Which advantage is provided by using Active Directory as an external identity source?
A. It supports SAML for single sign-on.
B. It uses EAP chaining with EAP-FAST to authenticate users and computers.
C. It supports two factor-authentication using a PIN and a token.
D. It uses EAP chaining with EAP-TLS to authentication users and computers.
Answer:B
I would say it is letter B.
ISE supports SAML as a different external identity store and this is not an advantage of AD as external identity store. so it is not A.
Just completed 300-209 in Delhi. Barely passed. Many new questions.
Does Gio have a 300-206 ? If so, could someone share it.
Hola!
The new PassLeader 300-208 dumps (Updated Recently) now are available, here are part of 300-208 exam questions (FYI):
[Get the download link at the end of this post]
NEW QUESTION 499
What needs to be done to authenticate Active Directory users with Cisco ISE?
A. Configure a local source.
B. Configure an identity source sequence.
C. Configure an external source.
D. Download the appropriate groups into the dictionary.
Answer: C
NEW QUESTION 500
What are two advantages of a single-SSID deployment over a multi-SSID implementation? (Choose two.)
A. Only single-SSID deployments allow the user to verify the identity of the BYOD server.
B. Single-SSID deployments are more appropriate for BYOD environments.
C. Single-SSID deployments offer a more secure connection experience than multi-SSID implementations.
D. Single-SSID deployments are more appropriate for clients that are already configured for wired 802.1x on another network.
E. Single-SSID deployments provide a better experience for users of iOS devices.
Answer: DE
NEW QUESTION 501
Which RADIUS service type can identify authentication attempts from devices that lack a supplicant?
A. Ethernet
B. Wireless-IEEE 802.11
C. Call Check
D. Framed
Answer: C
NEW QUESTION 502
How does the use of single connect mode for device authentication improve performance?
A. It uses a single TCP connection for all TACACS+ communication.
B. It uses a single VIP on the network access device.
C. It uses a single TCP connection for all RADIUS communication.
D. It multiplexes RADIUS requests to the server over a single session.
Answer: A
NEW QUESTION 503
What represents the default Cisco IOS RADIUS attribute-value pair?
A. User name= 5, password= 4, NAS-IP Address= 4, NAS-Port= 5
B. User name= 0, password= 1, NAS-IP Address= 2, NAS-Port= 3
C. User name= 1, password= 2, NAS-IP Address= 4, NAS-Port= 5
D. User name= 1, password= 2, NAS-IP Address= 3, NAS-Port= 4
Answer: C
NEW QUESTION 504
In which scenario might it be helpful to adjust the network transition delay timer?
A. when the client needs more time to log in to the network
B. when the client needs more time to perform compliance checks
C. when the client needs more time to obtain a DHCP lease
D. when the client needs more time to perform remediation
Answer: C
NEW QUESTION 505
Which statement about single-SSID environment is true?
A. It allows for the wired and wireless adapters to be provisioned in any order.
B. It provides access to the guest SSID after the device has completed provisioning with the provisioning SSID.
C. It uses the same SSID for certificate enrollment, provisioning, and secure network access.
D. It can use the Fast SSID Change feature to improve performance.
Answer: C
NEW QUESTION 506
……
P.S.
PassLeader 300-208 dumps FYI:
od.lk/fl/NjFfMTUyNjc0NV8
(508q~~~NEW VERSION DUMPS!!!)
Good Luck!!!
[(copy that link and open it in your web browser!!!)]
What’s more:
1. PassLeader 300-206 dumps FYI:
od.lk/fl/NjFfMTUyNjc0M18
(483q~~~NEW VERSION DUMPS!!!)
~~~~~~~~~~~~~~~~~~~~~~~~~
2. PassLeader 300-209 dumps FYI:
od.lk/fl/NjFfMTUyNjc0N18
(454q~~~NEW VERSION DUMPS!!!)
~~~~~~~~~~~~~~~~~~~~~~~~~
3. PassLeader 300-210 dumps FYI:
od.lk/fl/NjFfMTUyNjc0OV8
(508q~~~NEW VERSION DUMPS!!!)
~~~~~~~~~~~~~~~~~~~~~~~~~
Good Luck!!!
[(copy those links and open them in your web browser!!!)]
@ExamTaker, the PL is not really a resource as a source of truth. I would stick with Gio, and research the answers.
I did not take the exam again, will do next week. For those looking for the Gio, go back a few pages, I seem to remember a post in 57 about this, which will point you there. As always, don’t be lazy ;)
Which fact you must consider when you configure protection for the firewall management plane?
A. If no service-password recovery command is configured and you forget the password, you must
factory reset the firewall.
B. You can run a dynamic routing process on a mangement-only interace and the data interface concurrently.
C. you can use the mangement-only command to limit an interface to in-band access only.
D. If you encrypt management session with IPsec , SSH is unnecessary.
NEW QUESTION 502
How does the use of single connect mode for device authentication improve performance?
A. It uses a single TCP connection for all TACACS+ communication.
B. It uses a single VIP on the network access device.
C. It uses a single TCP connection for all RADIUS communication.
D. It multiplexes RADIUS requests to the server over a single session.
Answer: A
NEW QUESTION 503
What represents the default Cisco IOS RADIUS attribute-value pair?
A. User name= 5, password= 4, NAS-IP Address= 4, NAS-Port= 5
B. User name= 0, password= 1, NAS-IP Address= 2, NAS-Port= 3
C. User name= 1, passsword= 2, NAS-IP Address= 4, NAS-Port= 5
D. User name= 1, password= 2, NAS-IP Address= 3, NAS-Port= 4
Answer: C
Hello guys looking for Valid 210 dump my email ahmedalobaidy1atgmail.com
someone have latest dumps 300-206 ?
vce dumps?
@Split-Horizon Are you studying sitcs right now?
Hello Guys, has anyone taken 300-208 (SISAS) exam recently? or anyone taking exam in few days? Please share your experience and let us know which dump is valid if there are new questions in the exam. It will be much appreciated
Can you give details of your “valid” dump for 300-210 ?
Who is going to take sitcs 300-210 real soon ?
Changes were made to the ISE server while troubleshooting, and now all wireless certificate authentications are failing. Logs indicate an EAP failure.
What are the two possible causes of the problem? (Choose two.)
A. EAP-TLS is not checked in the Allowed Protocols list | 1 for sure
B. Client certificate is not included in the Trusted Certificate Store | it is not client it is root cert
C. MS-CHAPv2-is not checked in the Allowed Protocols list | nope not needed
D. Default rule denies all traffic | CAN’T BE
E. Certificate authentication profile is not configured in the Identity Store | hmmmm
any ideas guys?
Passed 300-208 today – Score 937
My contribution:
** Used Gio Dump v2
Gio Dump Still vallid, but some answers from SIM LABs are wrong – example: invert mab dot1x order…!
** PL Dump (97, 109, 110, 119, 161, 187, 188, 189, 192, 204, 214, 267, 272, 277, 292, 314, 328, 330, 339, 340, 364, 380, 381, 388, 389, 390, 414, 418, 424, 429-451)
429-451 (some wrong answers)
** Last 5 pages comments:
2) D&D
1. Antimalware remediation
2. File remediation
3. Launch program remediation
4. Link remediation
5. Windows Server Update Services remediation
6. Windows Update remediation
A. Allows you to specify a version for compliance
B. Requires a specific compliance module
C. Requires a specified executable at an administrator-provided path
D. Supports automatic remendation and prompts to download and install
E. Supports manual and automatic remediation from a specific web resource with a maximum retry count
F. Supports validation against either Cisco rules or severity level
Answare:
1. Antimalware remediation B. Requires a specific compliance module
2. File remediation A. Allows you to specify a version for compliance
3. Launch program remediation C. Requires a specified executable at an administrator-provided path
4. Link remediation E. Supports manual and automatic remediation from a specific web resource with a maximum retry count
5. Windows Server Update Services remediation F. Supports validation against either Cisco rules or severity level
6. Windows Update remediation D. Supports automatic remediation and prompts to download and install
—————-
3) Which two features are supported by named access lists but not numbered access lists? (Choose two)
A. Time-Based Access Control
B. Context-Based Access Control
C. IP Options Filtering
D. Upper-Layer Session Information
E. Noncontiguous Ports
Answer: C, E
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_data_acl/configuration/xe-3e/sec-data-acl-xe-3e-book/sec-acl-named.html
—————-
4) Match format for commands lines request TACACS?
A. Wildcard matching paradigm
B. Regular expressions (regex) matching paradigm
Answer: A
“When Cisco ISE receives a command line (request), it handles the command and its arguments in different ways:
It matches the command in the request with the commands specified in the command set list using the wildcard matching paradigm.
Example: Sh?? or S*
It matches the arguments in the request with the arguments specified in the command set list using regular expressions (regex) matching paradigm.
Example: Show interface[1-4] port[1-9]:tty*”
https://community.cisco.com/t5/security-documents/ise-2-3-tacacs-command-sets-import-and-export/ta-p/3635973
—————-
5) TrueSec in Closed mode (Choose two)
I understand that it shouldn’t matter whether is TrustSec or not, it might be set there just to confuse us.
A. all users don’t have access
B. DHCP, DNS permitted
C. EAPOL only
D. All user traffic is denied prior to authentication;
@MAB
Could you kindly share the Gio Dump v2
@MAB
Are you referring to the following SIM of GIO dump. If the following answers are wrong, please let us know which answers are correct.
What are two possible reasons why many Sales and IT users are unable to authenticate and access the network using their AnyConnected NAM client and EAP-FAST? (Choose two.)
A. The Dot1X authentication policy is not allowing the EAP-FAST protocol.
B. The IP_Corp authorization profile has the wrong Access Type configured.
C. The authorization profile used for the Sales users is misconfigured.
D. The order for the MAB authentication policy and the Dot1X authentication policy should be reversed.
E. Many of the IT Sales and IT user machines are not passing the ISE posture assessment.
F. The PERMIT_ALL_TRAFFIC DACL is missing the permit ip any any statements in the end.
G. The Employee_FullAccess_DACL DACL is missing the permit ip any any statement in the end.
Correct Answer: AD
@MAB
Also your answer for DD are different. Are you sure your answers are correct? Are not the following answer correct?
Answare:
1. Antimalware remediation B. Requires a specific compliance module
2. File remediation D. Supports automatic remendation and prompts to download and install
3. Launch program remediation C. Requires a specified executable at an administrator-provided path
4. Link remediation E. Supports manual and automatic remediation from a specific web resource with a maximum retry count
5. Windows Server Update Services remediation F. Supports validation against either Cisco rules or severity level
6. Windows Update remediation A. Allows you to specify a version for compliance
number 2 and 6 are other way around.
Please let us know how many SIMs and DD you got in your exam.Thanks
@CCNP_Sutdent
What are two possible reasons why many Sales and IT users are unable to authenticate and access the network using their AnyConnected NAM client and EAP-FAST? (Choose two.)
A. The Dot1X authentication policy is not allowing the EAP-FAST protocol.
B. The IP_Corp authorization profile has the wrong Access Type configured.
C. The authorization profile used for the Sales users is misconfigured.
D. The order for the MAB authentication policy and the Dot1X authentication policy should be reversed.
E. Many of the IT Sales and IT user machines are not passing the ISE posture assessment.
F. The PERMIT_ALL_TRAFFIC DACL is missing the permit ip any any statements in the end.
G. The Employee_FullAccess_DACL DACL is missing the permit ip any any statement in the end.
Answer: A, C
The authorization profile used for the Sales users is misconfigured. – I checked and on this authorization profile (PERMIT ACCESS) was placed an access type ACCESS_REJECT.
@CCNP_Sutdent
you are right..
Correct answer:
Answare:
1. Antimalware remediation B. Requires a specific compliance module
2. File remediation A. Allows you to specify a version for compliance
3. Launch program remediation C. Requires a specified executable at an administrator-provided path
4. Link remediation E. Supports manual and automatic remediation from a specific web resource with a maximum retry count
5. Windows Server Update Services remediation F. Supports validation against either Cisco rules or severity level
6. Windows Update remediation D. Supports automatic remendation and prompts to download and install
I got 1 D&D (My Devices Portal, Black List …)
2 SIM (one that I was mentioned here and another about DACL permissions deny icmp any 10.20.30……)
@MAB
What SIM LABs did you have?
Could you provide the correct answers, please?
What are the mistakes in questions 429-451
Thx
@MAB
Can u share the gio Dump v2?
Please..
What are two possible reasons why many Sales and IT users are unable to authenticate and access the network using their AnyConnected NAM client and EAP-FAST? (Choose two.)
A. The Dot1X authentication policy is not allowing the EAP-FAST protocol.
B. The IP_Corp authorization profile has the wrong Access Type configured.
C. The authorization profile used for the Sales users is misconfigured.
D. The order for the MAB authentication policy and the Dot1X authentication policy should be reversed.
E. Many of the IT Sales and IT user machines are not passing the ISE posture assessment.
F. The PERMIT_ALL_TRAFFIC DACL is missing the permit ip any any statements in the end.
G. The Employee_FullAccess_DACL DACL is missing the permit ip any any statement in the end.
Answer: A, C
@MAB
Thanks for your reply. Just few more questions regarding SIMS. Do you remember how many questions were in each sim, I believe 3 and 4, correct?
Can you also confirm if other answers of simulation questions are correct except you mentioned above? Please see the questions and answers of the sims below and let us know if they are correct. Thanks
Simulation1:
Question 1:
Which statement is true?
A. Currently, IT users who successfully authenticate will have their packets tagged with s SGT of 3.
B. Currently, IT users who successfully authenticate will be assigned to VLAN 9.
C. Currently, any domain administrator who successfully authenticate will be assigned to VLAN 10.
D. Computers belonging to the secure-x domain which passes machine authentication but failed user
authentication will have the Employee_Restricted_DACL applied.
E. Print Servers matching the Linksys-PrintServer identity group will have the following access
restrictions:
permit icmp any host 10.10.2.20
permit tcp any host 10.10.2.20 eq 80
permit icmp any host 10.10.3.20
permit tcp any host 10.10.3.20 eq 80
deny ip any any
Correct Answer: D
Question 2:
Which two statements are true? (Choose two.)
A. The ISE is not able to successfully connect to the hq-srv.secure-x.local AD server.
B. The ISE internal endpoints database is used authenticate any users not in the Active Directory domain.
C. The ISE internal user database has two accounts enabled: student and test that maps to the Employee user identity group.
D. Guest_Portal_Sequence is a built-in identity source sequence.
Correct Answer: BD
Question 3:
What are two possible reasons why many Sales and IT users are unable to authenticate and access the network using their AnyConnected NAM client and EAP-FAST? (Choose two.)
A. The Dot1X authentication policy is not allowing the EAP-FAST protocol.
B. The IP_Corp authorization profile has the wrong Access Type configured.
C. The authorization profile used for the Sales users is misconfigured.
D. The order for the MAB authentication policy and the Dot1X authentication policy should be reversed.
E. Many of the IT Sales and IT user machines are not passing the ISE posture assessment.
F. The PERMIT_ALL_TRAFFIC DACL is missing the permit ip any any statements in the end.
G. The Employee_FullAccess_DACL DACL is missing the permit ip any any statement in the end.
Answer: A, C
Simulation 2:
Scenario
In this simulation, you are task to examine the various authentication events using the ISE GUI.
For example, you should see events like Authentication succeeded, Authentication failed and etc…
Questions 1:
Which four statements are correct regarding the event that occurred at 2014-05-07 00:19:07.004? (Choose four.)
A. The IT_Corp authorization profile were applied.
B. The it1 user was matched to the IT_Corp authorization policy.
C. The it1 user supplicant used the PEAP (EAP-MSCHAPv2) authentication method.
D. The it1 user was authenticated using MAB.
E. The it1 user was successfully authenticated against AD1 identity store.
F. The it1 user machine has been profiled as a Microsoft-Workstation.
G. The it1 user machine has passed all the posture assessment tests.
Correct Answer: ACEF
Questions 2:
Which three statements are correct regarding the events with the 20 repeat count that occurred at 2014-05-07 00:22:48.748? (Choose three.)
A. The device was successfully authenticated using MAB.
B. The device matched the Machine_Corp authorization policy.
C. The Print Servers authorization profile were applied.
D. The device was profiled as a Linksys-PrintServer.
E. The device MAC address is 00:14:BF:70:B5:FB.
F. The device is connected to the Gi0/1 switch port and the switch IP address is 10.10.2.2.
Correct Answer: ADE
Questions 3:
Which two statements are correct regarding the event that occurred at 2014-05-07 00:22:48.175? (Choose two.)
A. The DACL will permit http traffic from any host to 10.10.2.20
B. The DACL will permit http traffic from any host to 10.10.3.20
C. The DACL will permit icmp traffic from any host to 10.10.2.20
D. The DACL will permit icmp traffic from any host to 10.10.3.20
E. The DACL will permit https traffic from any host to 10.10.3.20
Correct Answer: AE
Questions 4:
Which two statements are correct regarding the event that occurred at 2014-05-07 00:16:55.393? (Choose two.)
A. The failure reason was user entered the wrong username.
B. The supplicant used the PAP authentication method.
C. The username entered was it1.
D. The user was authenticated against the Active Directory then also against the ISE interal user database and both fails.
E. The NAS switch port where the user connected to has a MAC address of 44:03:A7:62:41:7F
F. The user is being authenticated using 802.1X.
G. The user failed the MAB.
H. The supplicant stopped responding to ISE which caused the failure.
Correct Answer: CF
Your help will be much appreciated.
i’ve seen this question asked a bunch of times, and figured i’d throw my thoughts in. according to the link below , both b and c are correct, if you search the 1.2 ise doc below, it mentions both. the mschap part is pertaining to ios devices specifically, so perhaps this is a multiple choice question? if its not multiple choice, best to bet on b, because thats the “base purpose”, and by allowing you to register personal devices on the network, it can then “sub purpose” force the mschap.
What is the purpose of configuring Native Supplicant Profile on the Cisco ISE?
A. It provides posture assessments and remediation for devices that are attempting to gain access to the corporate network
B. It is used to register personal devices on the network.
C. It enforces the use of MSCHAPv2 or EAP-TLS for 802 1X authentication
D. It helps employees add and manage new devices by entering the MAC address for the device.
answer if multiple choice – b/c, if single choice, C.
https://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_mydevices.html
@Josh
yes you are right. I did some research as well about this question. yes B should be chosen if you have to choose only one option.
hi all
please anyone can share the valid dump ?
thank
Is there a different PL dump for 300-208 ?
The last question on my PL is Q502 and it is different from the one quoted here. Does anybody have a newer version ?
QUESTION 502
Identify the features of the 802.1X Closed Mode deployment option.
A.It is the least restrictive method
B.It has no effect on user or endpoint access
C.It does not allow access prior to login
D.It is the default 802.1X behavior
Answer: CD
@MAB,
Could you post the actual questions as my PL seems to have different numbers.
@CCNP-Sec,
Could you please send me the link for the PL dump that you have? I don’t have the one with 502 questions? Please?
How frequently does the Profiled Endpoints dashlet refresh data? A.every 30 secondsB.every 60 secondsC.every 2 minutesD.every 5 minutes
Answer: B
Which command in the My Devices Portal can restore a previously lost device to the network? A.ResetB.FoundC.ReinstateD.Request
Answer: C
What is the first step that occurs when provisioning a wired device in a BYOD scenario? A.The smart hub detects that the physically connected endpoint requires configuration and must useMAB to authenticate.B.The URL redirects to the Cisco ISE Guest Provisioning portal.C.Cisco ISE authenticates the user and deploys the SPW package.D.The device user attempts to access a network URL.
Answer: A
Which three features should be enabled as best practices for MAB? (Choose three.) A.MD5B.IP source guardC.DHCP snoopingD.storm controlE.DAIF.URPF
Answer: BCE
When MAB is configured, how often are ports reauthenticated by default? A.every 60 secondsB.every 90 secondsC.every 120 seconds
D.never
Answer: D
What is a required step when you deploy dynamic VLAN and ACL assignments? A.Configure the VLAN assignment.B.Configure the ACL assignment.C.Configure Cisco IOS Software 802.1X authenticator authorization.D.Configure the Cisco IOS Software switch for ACL assignment.
Answer: C
Which model does Cisco support in a RADIUS change of authorization implementation? A.pushB.pullC.policyD.security
Answer: A
Hi All,
I passed my exam yesterday with 881 marks, my lowest Marks ever. To be honest it was tough one. There were about 20 plus new questions. Sorry I cannot remember the questions as I was so worried whether I was going to pass the exam or not.
same 2 Sims and 1 DD. I vaguely remember two questions
1.something integrated with MDM
2. What is the matching model used in ISE command set in command(choose only one!)
I chose “Wildcard model” I was confused between Wildcard Model and Regular expressions Model.
To be honest their is not much help for 300 – 208 exam on this forum. I do not see many people sharing there experiences, I think because not many people are aware of this forum as Name of this forum does not suggest that this is for 300 – 208 (SISAS) exam.
But many thanks to those who have shared their experiences in the past. Good Luck All
@MAB,
Hi MAB,
Could you share your PL Dump ? The dump shared by the other guys is useless as PL changed the order of the numbers in every version / update. The main reason is probably because it allowed them to fake and recycle questions. But in any case, could you share the PDF ? THANKS !
———————–QUOTE——————
Passed 300-208 today – Score 937
My contribution:
** Used Gio Dump v2
Gio Dump Still vallid, but some answers from SIM LABs are wrong – example: invert mab dot1x order…!
** PL Dump (97, 109, 110, 119, 161, 187, 188, 189, 192, 204, 214, 267, 272, 277, 292, 314, 328, 330, 339, 340, 364, 380, 381, 388, 389, 390, 414, 418, 424, 429-451)
429-451 (some wrong answers)
** Last 5 pages comments:
Hola!
The new PassLeader 300-208 dumps (Updated Recently) now are available, here are part of 300-208 exam questions (FYI):
[Get the download link at the end of this post]
NEW QUESTION 499
What needs to be done to authenticate Active Directory users with Cisco ISE?
A. Configure a local source.
B. Configure an identity source sequence.
C. Configure an external source.
D. Download the appropriate groups into the dictionary.
Answer: C
NEW QUESTION 500
What are two advantages of a single-SSID deployment over a multi-SSID implementation? (Choose two.)
A. Only single-SSID deployments allow the user to verify the identity of the BYOD server.
B. Single-SSID deployments are more appropriate for BYOD environments.
C. Single-SSID deployments offer a more secure connection experience than multi-SSID implementations.
D. Single-SSID deployments are more appropriate for clients that are already configured for wired 802.1x on another network.
E. Single-SSID deployments provide a better experience for users of iOS devices.
Answer: DE
NEW QUESTION 501
Which RADIUS service type can identify authentication attempts from devices that lack a supplicant?
A. Ethernet
B. Wireless-IEEE 802.11
C. Call Check
D. Framed
Answer: C
NEW QUESTION 502
How does the use of single connect mode for device authentication improve performance?
A. It uses a single TCP connection for all TACACS+ communication.
B. It uses a single VIP on the network access device.
C. It uses a single TCP connection for all RADIUS communication.
D. It multiplexes RADIUS requests to the server over a single session.
Answer: A
NEW QUESTION 503
What represents the default Cisco IOS RADIUS attribute-value pair?
A. User name= 5, password= 4, NAS-IP Address= 4, NAS-Port= 5
B. User name= 0, password= 1, NAS-IP Address= 2, NAS-Port= 3
C. User name= 1, password= 2, NAS-IP Address= 4, NAS-Port= 5
D. User name= 1, password= 2, NAS-IP Address= 3, NAS-Port= 4
Answer: C
NEW QUESTION 504
In which scenario might it be helpful to adjust the network transition delay timer?
A. when the client needs more time to log in to the network
B. when the client needs more time to perform compliance checks
C. when the client needs more time to obtain a DHCP lease
D. when the client needs more time to perform remediation
Answer: C
NEW QUESTION 505
Which statement about single-SSID environment is true?
A. It allows for the wired and wireless adapters to be provisioned in any order.
B. It provides access to the guest SSID after the device has completed provisioning with the provisioning SSID.
C. It uses the same SSID for certificate enrollment, provisioning, and secure network access.
D. It can use the Fast SSID Change feature to improve performance.
Answer: C
NEW QUESTION 506
……
P.S.
PassLeader 300-208 dumps FYI:
od.lk/fl/NjFfMTUyNjc0NV8
(508q~~~NEW VERSION DUMPS!!!)
Good Luck!!!
[(copy that link and open it in your web browser!!!)]
What’s more:
1. PassLeader 300-206 dumps FYI:
od.lk/fl/NjFfMTUyNjc0M18
(483q~~~NEW VERSION DUMPS!!!)
~~~~~~~~~~~~~~~~~~~~~~~~~
2. PassLeader 300-209 dumps FYI:
od.lk/fl/NjFfMTUyNjc0N18
(454q~~~NEW VERSION DUMPS!!!)
~~~~~~~~~~~~~~~~~~~~~~~~~
3. PassLeader 300-210 dumps FYI:
od.lk/fl/NjFfMTUyNjc0OV8
(508q~~~NEW VERSION DUMPS!!!)
~~~~~~~~~~~~~~~~~~~~~~~~~
Good Luck!!!
[(copy those links and open them in your web browser!!!)]
@CCNP_Sutdent
Soo.. can you try to remember and share your experiences ?
————— QUOTE—————
…To be honest their is not much help for 300 – 208 exam on this forum. I do not see many people sharing there experiences, I think because not many people are aware of this forum as Name of this forum does not suggest that this is for 300 – 208 (SISAS) exam.
But many thanks to those who have shared their experiences in the past. Good Luck All
What do you guys think of the followingQ ?
———–
What are two possible reasons why many Sales and IT users are unable to authenticate and access the network using their AnyConnected NAM client and EAP-FAST? (Choose two.)
A. The Dot1X authentication policy is not allowing the EAP-FAST protocol.
B. The IP_Corp authorization profile has the wrong Access Type configured.
C. The authorization profile used for the Sales users is misconfigured.
D. The order for the MAB authentication policy and the Dot1X authentication policy should be reversed.
E. Many of the IT Sales and IT user machines are not passing the ISE posture assessment.
F. The PERMIT_ALL_TRAFFIC DACL is missing the permit ip any any statements in the end.
G. The Employee_FullAccess_DACL DACL is missing the permit ip any any statement in the end.
Answer: A, C
The authorization profile used for the Sales users is misconfigured. – I checked and on this authorization profile (PERMIT ACCESS) was placed an access type ACCESS_REJECT.
NEW QUESTION 503
What represents the default Cisco IOS RADIUS attribute-value pair?
A. User name= 5, password= 4, NAS-IP Address= 4, NAS-Port= 5
B. User name= 0, password= 1, NAS-IP Address= 2, NAS-Port= 3
C. User name= 1, password= 2, NAS-IP Addryess= 4, NAS-Port= 5
D. User name= 1, password= 2, NAS-IP Address= 3, NAS-Port= 4
Answer: C
Passed with 924. Everything has been discussed in last 8 pages. The recent D&D update, hotspot. No sim. I hear from a friend working in Cisco that they are not happy with the recent high passing rate and will introduce new questions first week of Dec. He said they have a database of 800Qs. PL only has approx 300 + Qs after accounting for duplicate. Good luck.
Hi
Does anyone have new questions for 300-208?
I have an exam next week
Thanks
hi Guys,
the below question is giov dump
QUESTION 31 Which two Cisco Catalyst switch interface commands allow only a single voice device and a single data device to be connected to the IEEE 802.1X-enabled interface? (Choose two.)
A. authentication host-mode single-host
B. authentication host-mode multi-domain
C. authentication host-mode multi-host
D. authentication host-mode multi-auth
answer is BC
i think BD more correct because the multi-host mode authorise all device without authentication
anyone have idea ??
@Mario
hi man
this the dump that i have
delete the *
https **: **/ /www.dropbox.com/s/7rpl64hbrz0zk4j/GioV3269Tut.pdf?dl=0
me too i will take the exam soon
please all share here experience to be helpful
good luck
Me too !
friends
any idea in this question please ?
QUESTION 42 A network administrator needs to determine the ability of existing network devices to deliver key BYOD services. Which tool will complete a readiness assessment and outline hardware and software capable and incapable devices?
A. Prime Infrastructure
B. Network Control System
C. Cisco Security Manager
D. Identity Services Engine
Answer: A is correct ?
thanks
hi
for this question
QUESTION 45 Which Cisco ISE 1.x protocol can be used to control admin access to network access devices?
A. TACACS+ B. RADIUS C. EAP D. Kerberos
Answer: B
i think A is correct
Tacacs+ is implemented in ISE 2.x, in ISE1.x only protocol is RADIUS
So …
B = RADIUS – correct answer
Anybody has the latest dump or PL 508 or Spoto for the 300-208 ? Thanks.
@ keyser
thank a lot man
Hi CAP-net,
Are you planning to go from Q1 to Q500 and ask 1Q by 1Q, or do you plan to do some reading first ?
@ I’mLazy
hi
i use the dump giov3 326 question
and i start 1q by 1q
thanks
Which answer is correct?
Which characteristic of an SGT enforcement policy is true?
A. An SGFW has an implicit permit at the beginning.
B. An SGFW has an implicit deny at the end.
C. An SGACL has an implicit deny at the end.
D. An SGACL has an explicit deny at the beginning.
Answer: B
another dump A
and next question
question about what came before mab:
A. port security,
B. vlan access lists,
C. stp
D. something else
@Mario
Which answer is correct?
Which characteristic of an SGT enforcement policy is true?
A. An SGFW has an implicit permit at the beginning.
B. An SGFW has an implicit deny at the end.
C. An SGACL has an implicit deny at the end.
D. An SGACL has an explicit deny at the beginning.
I think the correct answer is B because …
if first line is permit any any (at the beginning)… all traffic will be permitted from first condition, and all condition below will not be ever used
and
an implicit deny at the end will block all traffic that not match with any condition
Hi
Which two products can get file disposition information from the Cisco Advanced Malware Protection cloud? (Choose two.)
A. Cisco Email Security Appliance
B. Cisco Advanced Malware Protection Threat Grid
C. Cisco AnyConnect
D. Cisco Web Security Appliance
E. Cisco Identity Services Engine
AB or BD
personally I’ll go esa and amp with threat grid
Does anyone have an idea to prove this question?