Jump to content


9

300-208 anyone passed ?


66 replies to this topic

#15 fls2k3

fls2k3

    Junior Member

  • Members
  • PipPip
  • 5 posts
  • 121 thanks

Posted 17 December 2016 - 01:53 AM

Failed today. Passing rate is very high. 85% and dumps are not valid so don't rely on it.

#16 ivandragnev

ivandragnev

    Junior Member

  • Members
  • PipPip
  • 4 posts
  • 1 thanks

Posted 17 December 2016 - 09:31 AM

View Postfls2k3, on 17 December 2016 - 01:53 AM, said:

Failed today. Passing rate is very high. 85% and dumps are not valid so don't rely on it.

Can you recall some of the questions?
I've scheduled the exam for this Monday and any question will be very helpful.

Thanks,

#17 fls2k3

fls2k3

    Junior Member

  • Members
  • PipPip
  • 5 posts
  • 121 thanks

Posted 17 December 2016 - 09:00 PM

Read MAB, ISE Personas, DHCP Snooping, ACL and Switch section. I have seen new questions from these domains.

#18 ivandragnev

ivandragnev

    Junior Member

  • Members
  • PipPip
  • 4 posts
  • 1 thanks

Posted 19 December 2016 - 07:40 AM

Just got back from the testing center with successful result.
There are a lot of new questions. I would say the 232 dump is round 50% accurate. You can expect to have round 30 questions from the dump.
Some of the answers are not exactly as in the dump. For example for some multiple chaise question with multiple answers in the dump you will find choose three and in the exam there are only two answers that are correct.
I didn't have a sim but I had the scenario based questions and the answers are a bit changed and are not correct (I think). q 215 is wrong the answers should be C and D.

There was a question for windows WSUS server, what mitigation does it provide.
Automatic update for AV/AS, or something like this,
Automatic update from in house server
Auto update from Microsoft server
Client check if auto update is running
and there was another two but I can't recall them

There were several questions for NAD commands for RADIUS/MAB/Dot1x.  


As an advice don't count only on the dumps. You will fail for sure.
I have read the study guide, read some implementation PDF's, created a Lab with a test NAD, PC and ISE, watched the INE and CBT Nugget videos and I think this was barely enough.
The passing score was 846 and my score was 855.

Thanked by 1 Member:
splasher

#19 Confessor

Confessor

    Advanced Member

  • Members
  • PipPipPip
  • 69 posts
  • 1499 thanks

Posted 19 December 2016 - 11:01 AM

@ivandragnev
congratz is those the Questions u got ?




1. A security administrator wants to profile endpoints and gain visibility into attempted authentications. Which 802.1x mode allows these actions?
a. monitor mode
b. high-security mode
c. closed mode
d. low-impact mode
Answer: A
  
2. Which three events immedietely occur when a user clicks “Register” on their device in a single-SSID BYOD onboarding registration process(Choose three).
a. CA certificate is sent to the device from Cisco ISE
b. An endpoint is added to a RegistereDevices identity group
c. RADIUS access request is sent to Cisco ISE
d. The profile service is sent to the device from Cisco ISE
e. dACL is sent to the device from Cisco ISE
f. BYOD registration flag is set by Cisco ISE
Answer: A, B,F

3. A company wants to allow employees to register and manage their own devices that do not support NSP. Which portals enable this?
a. MDM portals
b. Client provisioning portals
c. My devices portals
d. BYOD Portals

4. Which three options can be pushed from Cisco ISE server as part of a succesful 802.1x authentication. (Choose three)
a. authentication order
b. posture status
c. authentication priority
d. vlan
e. DACL
f. reauthentication timer
Answer: D, E, F


5. With which two appliance-based products can Cisco Prime infrastructure integrate to perform centralized management?
a. Cisco content security appliance
b. Cisco email security appliance
c. Cisco wireless location appliance
d. Cisco Mobility Services Engine
e. Cisco ISE
Answer: D, E

6. A malicious user gained network access by spoofing printer connections that were authorized using MAB on four different switch ports at the same time. What two catalyst switch security features will prevent further violations? (Choose two)
a. DHCP Snooping
b. 802.1AE MacSec
c. Port security
d. IP Device tracking
e. Dynamic ARP inspection
f. Private VLANs
Answer: A, E


7. Refer to exhibit:
aaa new model
tacacs-server host 1.1.1.1 single connection
tacas-server key cisco123
Which statement about the authentication protocol used in the configuration is true?
a. Authentication request contains username, encrypted password, NAS IP address, and port.
b. Authentication and authorization requests are sent in a single open connection between the network device and the TACACS+ server
c. Authentication request contains username, password, NAS IP address and port.
d. Authentication and authorization request packets are grouped together in a single packet.
Answer: B


8. Which option is the code field of n EAP packet?
a. one byte and 1=request, 2=response 3=failure 4=success
b. two byte and 1=request, 2=response, 3=success, 4=failure
c. two byte and 1=request 2=response 3=failure 4=success
d. one byte and 1=request 2=response 3=success 4=failure
Answer: D

9. An engineer has discocered that a NAD is already configured to send packets to the cisco ISE node running session services, which probe profile requires the simplest configuration?
a. RADIUS
b. DHCP
c. SPAN
d. NMAP
e. HTTP
Answer: A

10. A network administration wants to set up a posture condition on Cisco ISE to check for the file name Posture.txt in C:\ on a Windows machine. Which condition must the network administrator configuration?
a. Service condition
b. Registry condition
c. Application condition
d. File condition
Answer: D


11. Which technology performs CoA support Posture Service?
a. External root CA
b. Cisco ACS
c. Cisco ISE
d. Internal root CA
Answer: C

12. Which 802.1x command is needed for dACL to be applied on a switch port?
a. dot1x system-auth-control
b. dot1x pae authenticator
c. authentication port-control auto
d. radius-server vsa send authentication
e. aaa authorization network default group radius
Answer: D

13. You have configued a Cisco ISE1.2 deployment for self registration of guest users. What two options can you select from to determine when the account duration timer begins(Choose two)?
a. Createtime
b. Firstlogin
c. Approvaltime
d. Custom
e. Starttime
Answer: FromCreation and FirstLogin

14. Which two options enable security group tags to the assigned to a session?
a. Firewall
b. DHCP
c. ACL
d. Source VLAN
e. ISE
Answer: D, E

15.What are three ways that an SGT can be assigned to network traffic?
a. Manual binding of the IP address to an SGT
b. Manually configured on the switch port
c. Dynamically assigned by the network access device
d. Dynamically assigned by the 802.1X authorization result
e. Manually configured in the NAC agent profile
f. Dynamically assigned by the AnyConnect network access manager
Answer: A, B, D.


16.What are two methods of enforcement with SGTs?
a. SG-ACLs on switches.
b. SG-ACLs on routers.
c. SG-Firewalls.
d. SG-Appliances.
e. SGTs are not enforced.
Answer: A, C.

17. Which command defines administrator CLI access in ACS5.x?
a. Application reset-passwd acs username
b. username username password password role admin
c. username username password plain password role admin
d. password-policy
Answer: C

18. Which two are best practices to implement profiling services in a distributed environment? (Choose two)
a. use of device sensor feature
b. configuration to send syslogs to the appropriate profiler node
c. netflow probes enabled on central nodes
d. node-specific probe configuration
e. global enablement of the profiler service
Answer: B, D

19. A network security engineer is considering configuring 802.1x port authentication such that a single host is allowed to be authenticated for data and another single host for voice. Which port authentication host mode can be used to achieve this configuration?
a. single-host
b. multihost
c. multauth
d. multidomain
Answer: D

20. Which valid external identity source can be used with Cisco ISE?
a. IPsec vpn authentication
b. smart card
c. local user name and password
d. TACACS+ token
Answer: B

#20 Confessor

Confessor

    Advanced Member

  • Members
  • PipPipPip
  • 69 posts
  • 1499 thanks

Posted 19 December 2016 - 11:04 AM

@@ivandragnev  
how many sims and labs u got and can u give me their number according to passleader?
ty


#21 ivandragnev

ivandragnev

    Junior Member

  • Members
  • PipPip
  • 4 posts
  • 1 thanks

Posted 19 December 2016 - 03:39 PM

@Confessor there is some part of the new one in the questions you have listed but there are some missing as well (unfortunately I can't recall them).
As for the simulations i had q 171, 172, 173, 174, 208, 215, 224 in total i think it was 3 Sims.

BR,

#22 Confessor

Confessor

    Advanced Member

  • Members
  • PipPipPip
  • 69 posts
  • 1499 thanks

Posted 19 December 2016 - 04:09 PM

@ivandragnev i know dude 10 still missing
i think u got 2 sims 2 labs :) u didnot use passleader right ?




    #23 cheat2015

    cheat2015

      Member

    • Members
    • PipPip
    • 10 posts
    • 138 thanks

    Posted 19 December 2016 - 08:18 PM

    Can someone please confirm the new question, thank you in advance


    Which three statement about Windows Server Update Services remediation are true?

    WSUS can install the latest service pack available
    WSUS checks for automatic update configuration on Windows
    WSUS checks for client behavior anomalies
    WSUS remediates Windows client from a locally manage WSUS server
    WSUS remediates Windows client from a Microsoft manage WSUS server
    WSUS provides links to update AV/AS

    Edited by cheat2015, 19 December 2016 - 08:22 PM.


    #24 fls2k3

    fls2k3

      Junior Member

    • Members
    • PipPip
    • 5 posts
    • 121 thanks

    Posted 19 December 2016 - 10:48 PM

    Which command is useful when troubleshooting AAA Authentication between a Cisco router
    and the AAA server?
    A. test aaa-server test cisco cisco123 all new-code
    B. test aaa group7 tacacs+ auth cisco123 new-code
    C. test aaa group tacacs+ cisco cisco123 new-code
    D. test aaa-server tacacs+ group7 cisco cisco123 new-code

    Which command can check a AAA server authentication for server group Group1, user cisco,
    and password cisco555 on a Cisco ASA device?
    A. ASA# test aaa-server authentication Group1 username cisco password cisco555
    B. ASA# test aaa-server authentication group Group1 username cisco password cisco555
    C. ASA# aaa-server authorization Group1 username cisco password cisco555
    D. ASA# aaa-server authentication Group1 roger cisco555

    Which portals can be configured to use portal FQDN? instead of 2, the choice is to select 3
    A. admin
    B. sponsor
    C. guest
    D. my devices
    E. monitoring and troubleshooting

    Edited by fls2k3, 19 December 2016 - 11:07 PM.


    #25 ivandragnev

    ivandragnev

      Junior Member

    • Members
    • PipPip
    • 4 posts
    • 1 thanks

    Posted 20 December 2016 - 07:46 AM

    View PostConfessor, on 19 December 2016 - 04:09 PM, said:

    @ivandragnev i know dude 10 still missing
    i think u got 2 sims 2 labs ^_^ u didnot use passleader right ?


      Yea I checked the questions in Passleader but read a lot as well :). Now I see that we have round 20-30 new questions and they are all valid for the exam. If you are prepared and read the book with the new questions, Passleader and the knowledge from the Book you will have pretty good chance to pass it.
      Good Luck !

      #26 cheat2015

      cheat2015

        Member

      • Members
      • PipPip
      • 10 posts
      • 138 thanks

      Posted 20 December 2016 - 07:54 PM

      Please confirm me the answer, thank you

      Which three statement about Windows Server Update Services remediation are true?

      WSUS can install the latest service pack available ****
      WSUS checks for automatic update configuration on Windows
      WSUS checks for client behavior anomalies
      WSUS remediates Windows client from a locally manage WSUS server ****
      WSUS remediates Windows client from a Microsoft manage WSUS server ***
      WSUS provides links to update AV/AS


      A new question !!!!!

      Which three EAP methods need tunnels?

      EAP-TTLS ***
      EAP-FAST ***
      EAP-TLS
      PEAP   ***
      EAP-MD5

      #27 fls2k3

      fls2k3

        Junior Member

      • Members
      • PipPip
      • 5 posts
      • 121 thanks

      Posted 05 January 2017 - 10:30 AM

      @confessor can you please tell me the reference where you have this answer.
      You mentioned D & E. Is it A & E?14. Which two options enable security group tags to the assigned to a session?
      a. Firewall
      b. DHCP
      c. ACL
      d. Source VLAN
      e. ISE
      Answer: D, E

      #28 splasher

      splasher

        Junior Member

      • Members
      • PipPip
      • 9 posts
      • 11 thanks

      Posted 10 January 2017 - 04:31 PM

      View Postfls2k3, on 05 January 2017 - 10:30 AM, said:

      @confessor can you please tell me the reference where you have this answer.
      You mentioned D & E. Is it A & E?14. Which two options enable security group tags to the assigned to a session?
      a. Firewall
      b. DHCP
      c. ACL
      d. Source VLAN
      e. ISE
      Answer: D, E

      According to the study guide I believe the answer is D & E - answer D is valid as it is possible to statically define the SGT mapping on the NAD (switch), on the basis of IP address or VLAN.
      Answer E is valid as the ISE is responsible for dynamically assigning SGTs on the basis of an authorisation policy rule (eg: after dot1x, mab or CWA authentication are successful and complete).
      Answer A cant be valid as the ASA firewall doesn not support in-line SGT tagging.

      Thanked by 1 Member:
      cheat2015



      0 user(s) are reading this topic

      0 members, 0 guests, 0 anonymous users

      Organization

      Community

      Downloads

      Test Providers

      Site Info


      Go to top