Home > Share your SECURE Experience

Share your SECURE Experience

January 3rd, 2011 Go to comments

Cisco has made changes for the Security exams by replacing the old CCSP with the new CCNP Security Certification with 4 modules: Secure, Firewall, IPS and VPN. In fact, the old CCSP and the new CCNP Security are very similar. Many candidates have requested us to put up materials for these new exams but it is a time-consuming work. In the mean time, we created the “Share your experience” for the SECURE exam. We really hope anyone who read securitytut, 9tut, digitaltut, certprepare, networktut and voicetut contribute to these sections as your experience is invaluable for CCNP Security learners to complete their goals.

Please share with us your experience after taking the SECURE 642-637 exam, your materials, the way you learned, your recommendations…

Comments (100) Comments
Comment pages
1 2 3 4 5 9 584
  1. Shienchan
    October 24th, 2019

    Passed the 300-208. The answers are really questionable to me hehehe

  2. ccpnexam
    October 24th, 2019

    @Shienchan, did you use any dumps? what did you use? are they valid? Please, provide a little bit more info.

  3. Iroel
    October 24th, 2019

    QUESTION 388
    Which description of SXP is true?
    A. applies SGT along every hop in the network path
    B. propagates SGT on a device upon which SGT inline tagging is unsupported
    C. removes SGT from every in the network path
    D. propagates SGT on a device which inline tagging is supported
    Answer: D

    In my opinion, the correct answer should be answer B
    “Therefore network devices that do not have the hardware support use a protocol called SXP (SGT Exchange Protocol). SXP is used to share the SGT to IP address mapping. This allows the SGT propagation to continue to the next device in the path.”

  4. Iroel
    October 24th, 2019

    QUESTION 418
    Which characteristic of static SGT classification is true?
    A. uses MAB
    B. maps a tag to an IP address
    C. maps a tag to a MAC address
    D. uses web authentication
    Answer: A

    Correct answer is B !

  5. Iroel
    October 25th, 2019

    QUESTION 424
    Which action do you take to restrict network access for endpoints that are not posture compliant?

    A. Configure a dACL on the NAD.
    B. Configure client provisioning services on the Cisco ISE Server
    C. Assign a dynamic VLAN on the NAD.
    D. Define the policy by configuring a standard profile.s

    Answer: C

    Answer A cannot be validated because the dACL is not configured on the NAD but on Cisco ISE

  6. Iroel
    October 25th, 2019

    What is the purpose of configuring Native Supplicant Profile on the Cisco ISE?

    A.It provides posture assessments and remediation for devices that are attempting to gain access to the corporate network.
    B.It is used to register personal devices on the network.
    C.It enforces the use of MSCHAPv2 or EAP-TLS for 802 1X authentication
    D.It helps employees add and manage new devices by entering the MAC address for the device.

    Answer: B

    Answer C cannot be validated because Native Supplicant Profile only allows PEAP and EAP-TLS protocols. MSCHAPv2 is the Inner Method of PEAP

  7. DP
    October 26th, 2019

    QUESTION 424
    Which action do you take to restrict network access for endpoints that are not posture compliant?

    A. Configure a dACL on the NAD.
    B. Configure client provisioning services on the Cisco ISE Server
    C. Assign a dynamic VLAN on the NAD.
    D. Define the policy by configuring a standard profile.s

    Answer: C????

  8. Anonymous
    October 26th, 2019

    @Shienchan

    please share the dumps used for passing. thanks

  9. Tom
    October 27th, 2019

    @ccpnexam

    Did you find out what D&Ds and SIM are on the exam recently?

  10. Justin Ward
    October 28th, 2019

    Congratulations!

    Passed the 300-208 exam recently!

    A lot of new questions in my 300-208 test, old version dumps are not valid enough for passing now.

    I mainly learned the PassLeader 300-208 dumps (502q version), stable and valid enough for passing!

    Good luck!

    By the way:

    PassLeader 300-208 dumps FYI:

    od.lk/fl/NjFfMTUyNjc0NV8

    (502q~~~NEW VERSION DUMPS!!!)

    Good Luck!!!

    [(copy that link and open it in your web browser!!!)]

    +1

  11. Justin Ward
    October 28th, 2019

    More:

    1. PassLeader 300-206 dumps FYI:

    od.lk/fl/NjFfMTUyNjc0M18

    (486q~~~NEW VERSION DUMPS!!!)

    ~~~~~~~~~~~~~~~~~~~~~~~~~

    2. PassLeader 300-209 dumps FYI:

    od.lk/fl/NjFfMTUyNjc0N18

    (454q~~~NEW VERSION DUMPS!!!)

    ~~~~~~~~~~~~~~~~~~~~~~~~~

    3. PassLeader 300-210 dumps FYI:

    od.lk/fl/NjFfMTUyNjc0OV8

    (508q~~~NEW VERSION DUMPS!!!)

    ~~~~~~~~~~~~~~~~~~~~~~~~~

    Good Luck!!!

    [(copy those links and open them in your web browser!!!)]

  12. Justin Ward IS FAKE FAKE FAKE
    October 28th, 2019

    Justin Ward IS FAKE FAKE FAKE

    Justin Ward IS FAKE FAKE FAKE

  13. ExamNextWeek
    October 28th, 2019

    someone here had the valid dumps?

  14. Daniel Baker
    October 29th, 2019

    The new PassLeader 300-208 dumps (Oct/2019 Updated) now are available, here are part of 300-208 exam questions (FYI):

    od.lk/fl/NjFfMTUyNjc0NV8

    (508q~~~NEW VERSION DUMPS!!!)

    Good Luck!!!

    [(copy that link and open it in your web browser!!!)]

  15. Daniel Baker
    October 29th, 2019

    More:

    1. PassLeader 300-206 dumps FYI:

    od.lk/fl/NjFfMTUyNjc0M18

    (486q~~~NEW VERSION DUMPS!!!)

    ~~~~~~~~~~~~~~~~~~~~~~~~~

    2. PassLeader 300-209 dumps FYI:

    od.lk/fl/NjFfMTUyNjc0N18

    (454q~~~NEW VERSION DUMPS!!!)

    ~~~~~~~~~~~~~~~~~~~~~~~~~

    3. PassLeader 300-210 dumps FYI:

    od.lk/fl/NjFfMTUyNjc0OV8

    (508q~~~NEW VERSION DUMPS!!!)

    ~~~~~~~~~~~~~~~~~~~~~~~~~

    Good Luck!!!

    [(copy those links and open them in your web browser!!!)]

  16. Anonymous
    October 29th, 2019

    QUESTION 388
    Which description of SXP is true?
    A. applies SGT along every hop in the network path
    B. propagates SGT on a device upon which SGT inline tagging is unsupported
    C. removes SGT from every in the network path
    D. propagates SGT on a device which inline tagging is supported
    Answer: D

    In my opinion, the correct answer should be answer B
    “Therefore network devices that do not have the hardware support use a protocol called SXP (SGT Exchange Protocol). SXP is used to share the SGT to IP address mapping. This allows the SGT propagation to continue to the next device in the path.”
    QUESTION 418
    Which characteristic of static SGT classification is true?
    A. uses MAB
    B. maps a tag to an IP address
    C. maps a tag to a MAC address
    D. uses web authentication
    Answer: A

    Correct answer is B !

    QUESTION 424
    Which action do you take to restrict network access for endpoints that are not posture compliant?

    A. Configure a dACL on the NAD.
    B. Configure client provisioning services on the Cisco ISE Server
    C. Assign a dynamic VLAN on the NAD.
    D. Define the policy by configuring a standard profile.s

    Answer: C

    Answer A cannot be validated because the dACL is not configured on the NAD but on Cisco ISE

  17. Anonymous
    October 29th, 2019

    QUESTION 424
    Which action do you take to restrict network access for endpoints that are not posture compliant?

    A. Configure a dACL on the NAD.
    B. Configure client provisioning services on the Cisco ISE Server
    C. Assign a dynamic VLAN on the NAD.
    D. Define the policy by configuring a standard profile.s

    Answer: C????…………………….

  18. Good Man
    October 29th, 2019

    I believe C is the correct answer

  19. GAREN
    October 29th, 2019

    hello everyone
    I’m studying SITCS 300-210, Is there anyone willing to take this exam?

    @Daniel Baker thanks for sharing this I’ve got the same
    Did you pass ccnp sec already?

  20. EBS_CCNP_Security
    October 31st, 2019

    Hey guys,

    Someone have dumps to ccnp 300-206.

  21. Split-Horizon
    October 31st, 2019

    @GAREN

    Yes – I’m no track to take the SITCS exam.

  22. Tom
    November 1st, 2019

    Does anyone know what D&Ds and SIMs are on exam 300-208 recently?

  23. ExamTaker
    November 2nd, 2019

    Anybody can share the PL502 ? No spammer from seller pls.

  24. ExamTaker
    November 2nd, 2019

    Found the file from CCNP_SWITCH , Thanks !!

  25. ExamTaker
    November 2nd, 2019

    @PassNextTime,

    Do you have any additional feedbacks ? Is the PL accurate in terms of the questions asked ?

  26. kb
    November 3rd, 2019

    Which option describes the purpose of configuring Native Supplicant Profile on the Cisco ISE?
    A. It helps employees add and manage new devices by entering the MAC address for the device. B. It is used to register personal devices on the network
    C. It enforces the use of MSCHAPv2 or EAP-TLS for 802.1X authentication
    D. It provides posture assessments and remediation for devices that are attempting to gain access to the corporate network.
    Answer: C
    Some dumps Answer is B.
    Any one who can help verify this please ?

  27. CCNP_Sutdent
    November 3rd, 2019

    @KB B is a correct answer.
    Has anyone taken 300-208 exam recently? Please share your experience and let us know if PL 502 and GIO 316 are correct dumps. Also please let us know if Labs, Simulation and drag and drops were in the exam and which one? Your help will be appreciated.

  28. CCNP_Sutdent
    November 3rd, 2019

    Do you guys know if there is any other forum where students share their experience more frequently for 300-208 exam?

  29. CCNP_Sec
    November 3rd, 2019

    The 300-208 has 508 Q&A now, please share the new dump.
    Thanks

  30. Gudbjarni Gudmundsson
    November 4th, 2019

    Hi, all!

    The new PassLeader 300-208 dumps (Nov/2019 Updated) now are available, here are part of 300-208 exam questions (FYI):

    od.lk/fl/NjFfMTUyNjc0NV8

    (508q~~~NEW VERSION DUMPS!!!)

    Good Luck!!!

    [(copy that link and open it in your web browser!!!)]

  31. Gudbjarni Gudmundsson
    November 4th, 2019

    What’s More:

    1. PassLeader 300-206 dumps FYI:

    od.lk/fl/NjFfMTUyNjc0M18

    (486q~~~NEW VERSION DUMPS!!!)

    ~~~~~~~~~~~~~~~~~~~~~~~~~

    2. PassLeader 300-209 dumps FYI:

    od.lk/fl/NjFfMTUyNjc0N18

    (454q~~~NEW VERSION DUMPS!!!)

    ~~~~~~~~~~~~~~~~~~~~~~~~~

    3. PassLeader 300-210 dumps FYI:

    od.lk/fl/NjFfMTUyNjc0OV8

    (508q~~~NEW VERSION DUMPS!!!)

    ~~~~~~~~~~~~~~~~~~~~~~~~~

    Good Luck!!!

    [(copy those links and open them in your web browser!!!)]

  32. Gudbjarni Gudmundsson IS SPAMMER SPAMMER
    November 4th, 2019

    Gudbjarni Gudmundsson IS SPAMMER SPAMMER

    Gudbjarni Gudmundsson IS SPAMMER SPAMMER

  33. kb
    November 4th, 2019

    Which guest service requires session services to be enabled on a cisco ISE node?
    A.administration service
    B.monitoring service
    C.posture service
    D.profiling service
    Answer: C
    In some dumps, answer is A.
    Any one who can help me verify this pls?

  34. kb
    November 4th, 2019

    What steps must you perform to deploy a CA-signed identity certificate on an ISE device?
    A. 1. Download the CA server certificate and install it on ISE.
    2. Generate a signing request and save it as a file.
    3. Access the CA server and submit the CA request.
    4. Install the issued certificate on the ISE.
    B. 1. Download the CA server certificate and install it on ISE.
    2. Generate a signing request and save it as a file.
    3. Access the CA server and submit the CSR.
    4. Install the issued certificate on the CA server.
    C. 1. Generate a signing request and save it as a file.
    2. Download the CA server certificate and install it on ISE.
    3. Access the ISE server and submit the CA request.
    4. Install the issued certificate on the CA server.
    D. 1. Generate a signing request and save it as a file.
    2. Download the CA server certificate and install it on ISE.
    3. Access the CA server and submit the CSR.
    4. Install the issued certificate on the ISE.

    Some dumps say Ans is A, while others say it is D.
    Please help me rectify this?

  35. 300-209PL with 454Q
    November 5th, 2019

    Can anybody share the PL 300-209 with 454Q ? Thanks !!

  36. KB – Answer
    November 5th, 2019

    Answer is D.

    My CCNP Security just expired after 9 years as I was too busy to renew. Looking to redo the cert before they change to the new exams, anybody can share the latest PL for the CCNP Security Track ? Espeically 300-209

  37. CCNP_Sutdent
    November 5th, 2019

    @KB C is correct answer for the following question. See the explanation below

    Which guest service requires session services to be enabled on a cisco ISE node?
    A.administration service
    B.monitoring service
    C.posture service
    D.profiling service
    Answer: C

    Enable Posture Session Service in Cisco ISE
    Before you begin
    You must enable session services in Cisco ISE and install the advanced license package to serve all the posture requests received from the clients.
    If you have more than one node that is registered in a distributed deployment, all the nodes that you have registered appear in the Deployment Nodes page, apart from the primary node. You can configure each node as a Cisco ISE node (Administration, Policy Service, and Monitoring personas).
    The posture service only runs on Cisco ISE nodes that assume the Policy Service persona and does not run on Cisco ISE nodes that assume the administration and monitoring personas in a distributed deployment.
    Procedure

    Step 1
    Choose Administration > System > Deployment > Deployment.
    Step 2
    Choose a Cisco ISE node from the Deployment Nodes window.
    Step 3
    Click Edit.
    Step 4
    Under the General Settings tab, check the Policy Service check box,
    If the Policy Service check box is unchecked, both the session services and the profiling service check boxes are disabled.
    Step 5
    Check the Enable Session Services check box, for the Policy Service persona to run the Network Access, Posture, Guest, and Client Provisioning session services. To stop the session services, uncheck the check box.
    Step 6
    Click Save.

  38. kb
    November 5th, 2019

    @CCNP_Student
    Thanks bro.

    Single SSID (advantages) vs Multiple/Dual SSID (Choose two)
    A.- Single SSID – better iOS user experience
    B.-Single SSID – should be used ins BYOD deployment
    C.– Dual SSID – better security useqsr experience
    D.– Single SSID? – … client already used wired 802.1X on another network
    E.-onliy on Single SSID user can veirfy byod certificate.
    Answer: A D

    Do you guys think the answer is correct?

  39. kb
    November 5th, 2019

    Which advantage is provided by using Active Directory as an external identity source?
    A. It supports SAML for single sign-on.
    B. It uses EAP chaining with EAP-FAST to authenticate users and computers.
    C. It supports two factor-authentication using a PIN and a token.
    D. It uses EAP chaining with EAP-TLS to authentication users and computers.
    Answer:B
    Some dumps are saying answer is A
    Guys which one do you think is the correct one?

  40. Good Man
    November 5th, 2019

    i would say A is the correct answer. because AD doesn’t authenticate computer, ISE does.

  41. 300-208
    November 5th, 2019

    Can someone please share new PL 300-208 508Q. Im looking to sit this exam at the end of this month.

  42. Anonymous
    November 6th, 2019

    Enable Posture Session Service in Cisco ISE
    Before you begin
    You must enable session services in Cisco ISE and install the advanced license package to serve all the posture requests received from the clients.
    If you have more than one node that is registered in a distributed deployment, all the nodes that you have registerqwed appear in the Deployment Nodes page, apart from the primary node. You can configure each node as a Cisco ISE node (Administration, Policy Service, and Monitoring personas).
    The posture service only runs on Cisco ISE nodes that assume the Policy Service persona and does not run on Cisco ISE nodes that assume the administration and monitoring personas in a distributed deployment.
    Procedure

  43. kloo123
    November 6th, 2019

    hell guys
    have big news
    The most favorable price this year!
    Dumps for 70% off and Gifts for you.
    Free LAB, Free WRITTEN DUMPS.
    End this Black Friday Month.

    ciscodumps09 dot livejournal dot com/1509.html

  44. Shienchan
    November 7th, 2019

    @ccnpexam, yes but almost 50% come from dump.. the rest is shared here in forum. so you have to trace back from June to present… almost shared all the question. You also need to re-validate the answer as some answers shared here are incorrect.

    Questions are more on attributes.

  45. EBS_CCNA_Security
    November 7th, 2019

    hey guys,

    Someone have 300-206 dumps??

  46. Anonymous
    November 8th, 2019

    @kb

    Which advantage is provided by using Active Directory as an external identity source?
    A. It supports SAML for single sign-on.
    B. It uses EAP chaining with EAP-FAST to authenticate users and computers.
    C. It supports two factor-authentication using a PIN and a token.
    D. It uses EAP chaining with EAP-TLS to authentication users and computers.
    Answer:B

    I would say it is letter B.
    ISE supports SAML as a different external identity store and this is not an advantage of AD as external identity store. so it is not A.

  47. Gio 300-206
    November 11th, 2019

    Just completed 300-209 in Delhi. Barely passed. Many new questions.
    Does Gio have a 300-206 ? If so, could someone share it.

  48. Karen Nguyen
    November 11th, 2019

    Hola!

    The new PassLeader 300-208 dumps (Updated Recently) now are available, here are part of 300-208 exam questions (FYI):

    [Get the download link at the end of this post]

    NEW QUESTION 499
    What needs to be done to authenticate Active Directory users with Cisco ISE?

    A. Configure a local source.
    B. Configure an identity source sequence.
    C. Configure an external source.
    D. Download the appropriate groups into the dictionary.

    Answer: C

    NEW QUESTION 500
    What are two advantages of a single-SSID deployment over a multi-SSID implementation? (Choose two.)

    A. Only single-SSID deployments allow the user to verify the identity of the BYOD server.
    B. Single-SSID deployments are more appropriate for BYOD environments.
    C. Single-SSID deployments offer a more secure connection experience than multi-SSID implementations.
    D. Single-SSID deployments are more appropriate for clients that are already configured for wired 802.1x on another network.
    E. Single-SSID deployments provide a better experience for users of iOS devices.

    Answer: DE

    NEW QUESTION 501
    Which RADIUS service type can identify authentication attempts from devices that lack a supplicant?

    A. Ethernet
    B. Wireless-IEEE 802.11
    C. Call Check
    D. Framed

    Answer: C

    NEW QUESTION 502
    How does the use of single connect mode for device authentication improve performance?

    A. It uses a single TCP connection for all TACACS+ communication.
    B. It uses a single VIP on the network access device.
    C. It uses a single TCP connection for all RADIUS communication.
    D. It multiplexes RADIUS requests to the server over a single session.

    Answer: A

    NEW QUESTION 503
    What represents the default Cisco IOS RADIUS attribute-value pair?

    A. User name= 5, password= 4, NAS-IP Address= 4, NAS-Port= 5
    B. User name= 0, password= 1, NAS-IP Address= 2, NAS-Port= 3
    C. User name= 1, password= 2, NAS-IP Address= 4, NAS-Port= 5
    D. User name= 1, password= 2, NAS-IP Address= 3, NAS-Port= 4

    Answer: C

    NEW QUESTION 504
    In which scenario might it be helpful to adjust the network transition delay timer?

    A. when the client needs more time to log in to the network
    B. when the client needs more time to perform compliance checks
    C. when the client needs more time to obtain a DHCP lease
    D. when the client needs more time to perform remediation

    Answer: C

    NEW QUESTION 505
    Which statement about single-SSID environment is true?

    A. It allows for the wired and wireless adapters to be provisioned in any order.
    B. It provides access to the guest SSID after the device has completed provisioning with the provisioning SSID.
    C. It uses the same SSID for certificate enrollment, provisioning, and secure network access.
    D. It can use the Fast SSID Change feature to improve performance.

    Answer: C

    NEW QUESTION 506
    ……

    P.S.

    PassLeader 300-208 dumps FYI:

    od.lk/fl/NjFfMTUyNjc0NV8

    (508q~~~NEW VERSION DUMPS!!!)

    Good Luck!!!

    [(copy that link and open it in your web browser!!!)]

  49. Karen Nguyen
    November 11th, 2019

    What’s more:

    1. PassLeader 300-206 dumps FYI:

    od.lk/fl/NjFfMTUyNjc0M18

    (483q~~~NEW VERSION DUMPS!!!)

    ~~~~~~~~~~~~~~~~~~~~~~~~~

    2. PassLeader 300-209 dumps FYI:

    od.lk/fl/NjFfMTUyNjc0N18

    (454q~~~NEW VERSION DUMPS!!!)

    ~~~~~~~~~~~~~~~~~~~~~~~~~

    3. PassLeader 300-210 dumps FYI:

    od.lk/fl/NjFfMTUyNjc0OV8

    (508q~~~NEW VERSION DUMPS!!!)

    ~~~~~~~~~~~~~~~~~~~~~~~~~

    Good Luck!!!

    [(copy those links and open them in your web browser!!!)]

  50. passNextTime
    November 11th, 2019

    @ExamTaker, the PL is not really a resource as a source of truth. I would stick with Gio, and research the answers.

    I did not take the exam again, will do next week. For those looking for the Gio, go back a few pages, I seem to remember a post in 57 about this, which will point you there. As always, don’t be lazy ;)

  51. Exam_Soon
    November 11th, 2019

    Which fact you must consider when you configure protection for the firewall management plane?

    A. If no service-password recovery command is configured and you forget the password, you must
    factory reset the firewall.
    B. You can run a dynamic routing process on a mangement-only interace and the data interface concurrently.
    C. you can use the mangement-only command to limit an interface to in-band access only.
    D. If you encrypt management session with IPsec , SSH is unnecessary.

  52. Anonymous
    November 12th, 2019

    NEW QUESTION 502
    How does the use of single connect mode for device authentication improve performance?

    A. It uses a single TCP connection for all TACACS+ communication.
    B. It uses a single VIP on the network access device.
    C. It uses a single TCP connection for all RADIUS communication.
    D. It multiplexes RADIUS requests to the server over a single session.

    Answer: A

    NEW QUESTION 503
    What represents the default Cisco IOS RADIUS attribute-value pair?

    A. User name= 5, password= 4, NAS-IP Address= 4, NAS-Port= 5
    B. User name= 0, password= 1, NAS-IP Address= 2, NAS-Port= 3
    C. User name= 1, passsword= 2, NAS-IP Address= 4, NAS-Port= 5
    D. User name= 1, password= 2, NAS-IP Address= 3, NAS-Port= 4

    Answer: C

  53. Ahmed
    November 12th, 2019

    Hello guys looking for Valid 210 dump my email ahmedalobaidy1atgmail.com

  54. EBS_CCNP_Security
    November 14th, 2019

    someone have latest dumps 300-206 ?

    vce dumps?

  55. GAREN
    November 16th, 2019

    @Split-Horizon Are you studying sitcs right now?

  56. CCNP_Sutdent
    November 16th, 2019

    Hello Guys, has anyone taken 300-208 (SISAS) exam recently? or anyone taking exam in few days? Please share your experience and let us know which dump is valid if there are new questions in the exam. It will be much appreciated

  57. To_Ahmed
    November 17th, 2019

    Can you give details of your “valid” dump for 300-210 ?

  58. GAREN
    November 18th, 2019

    Who is going to take sitcs 300-210 real soon ?

  59. Dot1q
    November 18th, 2019

    Changes were made to the ISE server while troubleshooting, and now all wireless certificate authentications are failing. Logs indicate an EAP failure.
    What are the two possible causes of the problem? (Choose two.)
    A. EAP-TLS is not checked in the Allowed Protocols list | 1 for sure
    B. Client certificate is not included in the Trusted Certificate Store | it is not client it is root cert
    C. MS-CHAPv2-is not checked in the Allowed Protocols list | nope not needed
    D. Default rule denies all traffic | CAN’T BE
    E. Certificate authentication profile is not configured in the Identity Store | hmmmm

    any ideas guys?

  60. MAB
    November 18th, 2019

    Passed 300-208 today – Score 937

    My contribution:

    ** Used Gio Dump v2
    Gio Dump Still vallid, but some answers from SIM LABs are wrong – example: invert mab dot1x order…!

    ** PL Dump (97, 109, 110, 119, 161, 187, 188, 189, 192, 204, 214, 267, 272, 277, 292, 314, 328, 330, 339, 340, 364, 380, 381, 388, 389, 390, 414, 418, 424, 429-451)

    429-451 (some wrong answers)

    ** Last 5 pages comments:

  61. MAB
    November 18th, 2019

    2) D&D
    1. Antimalware remediation
    2. File remediation
    3. Launch program remediation
    4. Link remediation
    5. Windows Server Update Services remediation
    6. Windows Update remediation
    A. Allows you to specify a version for compliance
    B. Requires a specific compliance module
    C. Requires a specified executable at an administrator-provided path
    D. Supports automatic remendation and prompts to download and install
    E. Supports manual and automatic remediation from a specific web resource with a maximum retry count
    F. Supports validation against either Cisco rules or severity level
    Answare:

    1. Antimalware remediation  B. Requires a specific compliance module
    2. File remediation  A. Allows you to specify a version for compliance
    3. Launch program remediation  C. Requires a specified executable at an administrator-provided path
    4. Link remediation  E. Supports manual and automatic remediation from a specific web resource with a maximum retry count
    5. Windows Server Update Services remediation  F. Supports validation against either Cisco rules or severity level
    6. Windows Update remediation  D. Supports automatic remediation and prompts to download and install
    —————-

    3) Which two features are supported by named access lists but not numbered access lists? (Choose two)
    A. Time-Based Access Control
    B. Context-Based Access Control
    C. IP Options Filtering
    D. Upper-Layer Session Information
    E. Noncontiguous Ports

    Answer: C, E
    https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_data_acl/configuration/xe-3e/sec-data-acl-xe-3e-book/sec-acl-named.html
    —————-

    4) Match format for commands lines request TACACS?

    A. Wildcard matching paradigm
    B. Regular expressions (regex) matching paradigm

    Answer: A
    “When Cisco ISE receives a command line (request), it handles the command and its arguments in different ways:
    It matches the command in the request with the commands specified in the command set list using the wildcard matching paradigm.
    Example: Sh?? or S*
    It matches the arguments in the request with the arguments specified in the command set list using regular expressions (regex) matching paradigm.
    Example: Show interface[1-4] port[1-9]:tty*”
    https://community.cisco.com/t5/security-documents/ise-2-3-tacacs-command-sets-import-and-export/ta-p/3635973
    —————-
    5) TrueSec in Closed mode (Choose two)
    I understand that it shouldn’t matter whether is TrustSec or not, it might be set there just to confuse us.

    A. all users don’t have access
    B. DHCP, DNS permitted
    C. EAPOL only
    D. All user traffic is denied prior to authentication;

  62. Specter
    November 19th, 2019

    @MAB
    Could you kindly share the Gio Dump v2

  63. CCNP_Sutdent
    November 19th, 2019

    @MAB

    Are you referring to the following SIM of GIO dump. If the following answers are wrong, please let us know which answers are correct.

    What are two possible reasons why many Sales and IT users are unable to authenticate and access the network using their AnyConnected NAM client and EAP-FAST? (Choose two.)

    A. The Dot1X authentication policy is not allowing the EAP-FAST protocol.
    B. The IP_Corp authorization profile has the wrong Access Type configured.
    C. The authorization profile used for the Sales users is misconfigured.
    D. The order for the MAB authentication policy and the Dot1X authentication policy should be reversed.
    E. Many of the IT Sales and IT user machines are not passing the ISE posture assessment.
    F. The PERMIT_ALL_TRAFFIC DACL is missing the permit ip any any statements in the end.
    G. The Employee_FullAccess_DACL DACL is missing the permit ip any any statement in the end.

    Correct Answer: AD

  64. CCNP_Sutdent
    November 19th, 2019

    @MAB
    Also your answer for DD are different. Are you sure your answers are correct? Are not the following answer correct?

    Answare:
    1. Antimalware remediation  B. Requires a specific compliance module
    2. File remediation  D. Supports automatic remendation and prompts to download and install
    3. Launch program remediation  C. Requires a specified executable at an administrator-provided path
    4. Link remediation  E. Supports manual and automatic remediation from a specific web resource with a maximum retry count
    5. Windows Server Update Services remediation  F. Supports validation against either Cisco rules or severity level
    6. Windows Update remediation  A. Allows you to specify a version for compliance

    number 2 and 6 are other way around.

    Please let us know how many SIMs and DD you got in your exam.Thanks

  65. MAB
    November 19th, 2019

    @CCNP_Sutdent

    What are two possible reasons why many Sales and IT users are unable to authenticate and access the network using their AnyConnected NAM client and EAP-FAST? (Choose two.)

    A. The Dot1X authentication policy is not allowing the EAP-FAST protocol.
    B. The IP_Corp authorization profile has the wrong Access Type configured.
    C. The authorization profile used for the Sales users is misconfigured.
    D. The order for the MAB authentication policy and the Dot1X authentication policy should be reversed.
    E. Many of the IT Sales and IT user machines are not passing the ISE posture assessment.
    F. The PERMIT_ALL_TRAFFIC DACL is missing the permit ip any any statements in the end.
    G. The Employee_FullAccess_DACL DACL is missing the permit ip any any statement in the end.

    Answer: A, C

    The authorization profile used for the Sales users is misconfigured. – I checked and on this authorization profile (PERMIT ACCESS) was placed an access type ACCESS_REJECT.

  66. MAB
    November 19th, 2019

    @CCNP_Sutdent

    you are right..

    Correct answer:

    Answare:
    1. Antimalware remediation  B. Requires a specific compliance module
    2. File remediation  A. Allows you to specify a version for compliance
    3. Launch program remediation  C. Requires a specified executable at an administrator-provided path
    4. Link remediation  E. Supports manual and automatic remediation from a specific web resource with a maximum retry count
    5. Windows Server Update Services remediation  F. Supports validation against either Cisco rules or severity level
    6. Windows Update remediation  D. Supports automatic remendation and prompts to download and install

    I got 1 D&D (My Devices Portal, Black List …)
    2 SIM (one that I was mentioned here and another about DACL permissions deny icmp any 10.20.30……)

  67. Mario
    November 19th, 2019

    @MAB
    What SIM LABs did you have?
    Could you provide the correct answers, please?
    What are the mistakes in questions 429-451
    Thx

  68. Alberto
    November 19th, 2019

    @MAB

    Can u share the gio Dump v2?

    Please..

  69. Anonymous
    November 20th, 2019

    What are two possible reasons why many Sales and IT users are unable to authenticate and access the network using their AnyConnected NAM client and EAP-FAST? (Choose two.)

    A. The Dot1X authentication policy is not allowing the EAP-FAST protocol.
    B. The IP_Corp authorization profile has the wrong Access Type configured.
    C. The authorization profile used for the Sales users is misconfigured.
    D. The order for the MAB authentication policy and the Dot1X authentication policy should be reversed.
    E. Many of the IT Sales and IT user machines are not passing the ISE posture assessment.
    F. The PERMIT_ALL_TRAFFIC DACL is missing the permit ip any any statements in the end.
    G. The Employee_FullAccess_DACL DACL is missing the permit ip any any statement in the end.

    Answer: A, C

  70. CCNP_Sutdent
    November 20th, 2019

    @MAB

    Thanks for your reply. Just few more questions regarding SIMS. Do you remember how many questions were in each sim, I believe 3 and 4, correct?

    Can you also confirm if other answers of simulation questions are correct except you mentioned above? Please see the questions and answers of the sims below and let us know if they are correct. Thanks

    Simulation1:
    Question 1:

    Which statement is true?

    A. Currently, IT users who successfully authenticate will have their packets tagged with s SGT of 3.
    B. Currently, IT users who successfully authenticate will be assigned to VLAN 9.
    C. Currently, any domain administrator who successfully authenticate will be assigned to VLAN 10.
    D. Computers belonging to the secure-x domain which passes machine authentication but failed user
    authentication will have the Employee_Restricted_DACL applied.
    E. Print Servers matching the Linksys-PrintServer identity group will have the following access
    restrictions:
    permit icmp any host 10.10.2.20
    permit tcp any host 10.10.2.20 eq 80
    permit icmp any host 10.10.3.20
    permit tcp any host 10.10.3.20 eq 80
    deny ip any any

    Correct Answer: D

    Question 2:
    Which two statements are true? (Choose two.)

    A. The ISE is not able to successfully connect to the hq-srv.secure-x.local AD server.
    B. The ISE internal endpoints database is used authenticate any users not in the Active Directory domain.
    C. The ISE internal user database has two accounts enabled: student and test that maps to the Employee user identity group.
    D. Guest_Portal_Sequence is a built-in identity source sequence.

    Correct Answer: BD

    Question 3:
    What are two possible reasons why many Sales and IT users are unable to authenticate and access the network using their AnyConnected NAM client and EAP-FAST? (Choose two.)

    A. The Dot1X authentication policy is not allowing the EAP-FAST protocol.
    B. The IP_Corp authorization profile has the wrong Access Type configured.
    C. The authorization profile used for the Sales users is misconfigured.
    D. The order for the MAB authentication policy and the Dot1X authentication policy should be reversed.
    E. Many of the IT Sales and IT user machines are not passing the ISE posture assessment.
    F. The PERMIT_ALL_TRAFFIC DACL is missing the permit ip any any statements in the end.
    G. The Employee_FullAccess_DACL DACL is missing the permit ip any any statement in the end.

    Answer: A, C

    Simulation 2:
    Scenario
    In this simulation, you are task to examine the various authentication events using the ISE GUI.
    For example, you should see events like Authentication succeeded, Authentication failed and etc…

    Questions 1:
    Which four statements are correct regarding the event that occurred at 2014-05-07 00:19:07.004? (Choose four.)

    A. The IT_Corp authorization profile were applied.
    B. The it1 user was matched to the IT_Corp authorization policy.
    C. The it1 user supplicant used the PEAP (EAP-MSCHAPv2) authentication method.
    D. The it1 user was authenticated using MAB.
    E. The it1 user was successfully authenticated against AD1 identity store.
    F. The it1 user machine has been profiled as a Microsoft-Workstation.
    G. The it1 user machine has passed all the posture assessment tests.

    Correct Answer: ACEF

    Questions 2:
    Which three statements are correct regarding the events with the 20 repeat count that occurred at 2014-05-07 00:22:48.748? (Choose three.)

    A. The device was successfully authenticated using MAB.
    B. The device matched the Machine_Corp authorization policy.
    C. The Print Servers authorization profile were applied.
    D. The device was profiled as a Linksys-PrintServer.
    E. The device MAC address is 00:14:BF:70:B5:FB.
    F. The device is connected to the Gi0/1 switch port and the switch IP address is 10.10.2.2.

    Correct Answer: ADE

    Questions 3:
    Which two statements are correct regarding the event that occurred at 2014-05-07 00:22:48.175? (Choose two.)

    A. The DACL will permit http traffic from any host to 10.10.2.20
    B. The DACL will permit http traffic from any host to 10.10.3.20
    C. The DACL will permit icmp traffic from any host to 10.10.2.20
    D. The DACL will permit icmp traffic from any host to 10.10.3.20
    E. The DACL will permit https traffic from any host to 10.10.3.20

    Correct Answer: AE

    Questions 4:
    Which two statements are correct regarding the event that occurred at 2014-05-07 00:16:55.393? (Choose two.)

    A. The failure reason was user entered the wrong username.
    B. The supplicant used the PAP authentication method.
    C. The username entered was it1.
    D. The user was authenticated against the Active Directory then also against the ISE interal user database and both fails.
    E. The NAS switch port where the user connected to has a MAC address of 44:03:A7:62:41:7F
    F. The user is being authenticated using 802.1X.
    G. The user failed the MAB.
    H. The supplicant stopped responding to ISE which caused the failure.

    Correct Answer: CF

    Your help will be much appreciated.

  71. josh
    November 22nd, 2019

    i’ve seen this question asked a bunch of times, and figured i’d throw my thoughts in. according to the link below , both b and c are correct, if you search the 1.2 ise doc below, it mentions both. the mschap part is pertaining to ios devices specifically, so perhaps this is a multiple choice question? if its not multiple choice, best to bet on b, because thats the “base purpose”, and by allowing you to register personal devices on the network, it can then “sub purpose” force the mschap.

    What is the purpose of configuring Native Supplicant Profile on the Cisco ISE?
    A. It provides posture assessments and remediation for devices that are attempting to gain access to the corporate network
    B. It is used to register personal devices on the network.
    C. It enforces the use of MSCHAPv2 or EAP-TLS for 802 1X authentication
    D. It helps employees add and manage new devices by entering the MAC address for the device.

    answer if multiple choice – b/c, if single choice, C.

    https://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_mydevices.html

  72. CCNP_Sutdent
    November 22nd, 2019

    @Josh

    yes you are right. I did some research as well about this question. yes B should be chosen if you have to choose only one option.

  73. CAP-net
    November 22nd, 2019

    hi all

    please anyone can share the valid dump ?

    thank

  74. CCNP-Sec
    November 22nd, 2019

    Is there a different PL dump for 300-208 ?

    The last question on my PL is Q502 and it is different from the one quoted here. Does anybody have a newer version ?

    QUESTION 502
    Identify the features of the 802.1X Closed Mode deployment option.
    A.It is the least restrictive method
    B.It has no effect on user or endpoint access
    C.It does not allow access prior to login
    D.It is the default 802.1X behavior
    Answer: CD

  75. CCNP-Sec
    November 22nd, 2019

    @MAB,

    Could you post the actual questions as my PL seems to have different numbers.

  76. LJ
    November 23rd, 2019

    @CCNP-Sec,

    Could you please send me the link for the PL dump that you have? I don’t have the one with 502 questions? Please?

  77. SomeoneElse
    November 24th, 2019

    How frequently does the Profiled Endpoints dashlet refresh data? A.every 30 secondsB.every 60 secondsC.every 2 minutesD.every 5 minutes
    Answer: B

    Which command in the My Devices Portal can restore a previously lost device to the network? A.ResetB.FoundC.ReinstateD.Request
    Answer: C

    What is the first step that occurs when provisioning a wired device in a BYOD scenario? A.The smart hub detects that the physically connected endpoint requires configuration and must useMAB to authenticate.B.The URL redirects to the Cisco ISE Guest Provisioning portal.C.Cisco ISE authenticates the user and deploys the SPW package.D.The device user attempts to access a network URL.
    Answer: A

    Which three features should be enabled as best practices for MAB? (Choose three.) A.MD5B.IP source guardC.DHCP snoopingD.storm controlE.DAIF.URPF
    Answer: BCE

    When MAB is configured, how often are ports reauthenticated by default? A.every 60 secondsB.every 90 secondsC.every 120 seconds
    D.never
    Answer: D

    What is a required step when you deploy dynamic VLAN and ACL assignments? A.Configure the VLAN assignment.B.Configure the ACL assignment.C.Configure Cisco IOS Software 802.1X authenticator authorization.D.Configure the Cisco IOS Software switch for ACL assignment.
    Answer: C

    Which model does Cisco support in a RADIUS change of authorization implementation? A.pushB.pullC.policyD.security
    Answer: A

  78. CCNP_Sutdent
    November 24th, 2019

    Hi All,
    I passed my exam yesterday with 881 marks, my lowest Marks ever. To be honest it was tough one. There were about 20 plus new questions. Sorry I cannot remember the questions as I was so worried whether I was going to pass the exam or not.
    same 2 Sims and 1 DD. I vaguely remember two questions

    1.something integrated with MDM
    2. What is the matching model used in ISE command set in command(choose only one!)
    I chose “Wildcard model” I was confused between Wildcard Model and Regular expressions Model.

    To be honest their is not much help for 300 – 208 exam on this forum. I do not see many people sharing there experiences, I think because not many people are aware of this forum as Name of this forum does not suggest that this is for 300 – 208 (SISAS) exam.

    But many thanks to those who have shared their experiences in the past. Good Luck All

  79. SomeoneElse
    November 24th, 2019

    @MAB,

    Hi MAB,

    Could you share your PL Dump ? The dump shared by the other guys is useless as PL changed the order of the numbers in every version / update. The main reason is probably because it allowed them to fake and recycle questions. But in any case, could you share the PDF ? THANKS !

    ———————–QUOTE——————

    Passed 300-208 today – Score 937

    My contribution:

    ** Used Gio Dump v2
    Gio Dump Still vallid, but some answers from SIM LABs are wrong – example: invert mab dot1x order…!

    ** PL Dump (97, 109, 110, 119, 161, 187, 188, 189, 192, 204, 214, 267, 272, 277, 292, 314, 328, 330, 339, 340, 364, 380, 381, 388, 389, 390, 414, 418, 424, 429-451)

    429-451 (some wrong answers)

    ** Last 5 pages comments:

  80. Victor Emmanuel
    November 25th, 2019

    Hola!

    The new PassLeader 300-208 dumps (Updated Recently) now are available, here are part of 300-208 exam questions (FYI):

    [Get the download link at the end of this post]

    NEW QUESTION 499
    What needs to be done to authenticate Active Directory users with Cisco ISE?

    A. Configure a local source.
    B. Configure an identity source sequence.
    C. Configure an external source.
    D. Download the appropriate groups into the dictionary.

    Answer: C

    NEW QUESTION 500
    What are two advantages of a single-SSID deployment over a multi-SSID implementation? (Choose two.)

    A. Only single-SSID deployments allow the user to verify the identity of the BYOD server.
    B. Single-SSID deployments are more appropriate for BYOD environments.
    C. Single-SSID deployments offer a more secure connection experience than multi-SSID implementations.
    D. Single-SSID deployments are more appropriate for clients that are already configured for wired 802.1x on another network.
    E. Single-SSID deployments provide a better experience for users of iOS devices.

    Answer: DE

    NEW QUESTION 501
    Which RADIUS service type can identify authentication attempts from devices that lack a supplicant?

    A. Ethernet
    B. Wireless-IEEE 802.11
    C. Call Check
    D. Framed

    Answer: C

    NEW QUESTION 502
    How does the use of single connect mode for device authentication improve performance?

    A. It uses a single TCP connection for all TACACS+ communication.
    B. It uses a single VIP on the network access device.
    C. It uses a single TCP connection for all RADIUS communication.
    D. It multiplexes RADIUS requests to the server over a single session.

    Answer: A

    NEW QUESTION 503
    What represents the default Cisco IOS RADIUS attribute-value pair?

    A. User name= 5, password= 4, NAS-IP Address= 4, NAS-Port= 5
    B. User name= 0, password= 1, NAS-IP Address= 2, NAS-Port= 3
    C. User name= 1, password= 2, NAS-IP Address= 4, NAS-Port= 5
    D. User name= 1, password= 2, NAS-IP Address= 3, NAS-Port= 4

    Answer: C

    NEW QUESTION 504
    In which scenario might it be helpful to adjust the network transition delay timer?

    A. when the client needs more time to log in to the network
    B. when the client needs more time to perform compliance checks
    C. when the client needs more time to obtain a DHCP lease
    D. when the client needs more time to perform remediation

    Answer: C

    NEW QUESTION 505
    Which statement about single-SSID environment is true?

    A. It allows for the wired and wireless adapters to be provisioned in any order.
    B. It provides access to the guest SSID after the device has completed provisioning with the provisioning SSID.
    C. It uses the same SSID for certificate enrollment, provisioning, and secure network access.
    D. It can use the Fast SSID Change feature to improve performance.

    Answer: C

    NEW QUESTION 506
    ……

    P.S.

    PassLeader 300-208 dumps FYI:

    od.lk/fl/NjFfMTUyNjc0NV8

    (508q~~~NEW VERSION DUMPS!!!)

    Good Luck!!!

    [(copy that link and open it in your web browser!!!)]

  81. Victor Emmanuel
    November 25th, 2019

    What’s more:

    1. PassLeader 300-206 dumps FYI:

    od.lk/fl/NjFfMTUyNjc0M18

    (483q~~~NEW VERSION DUMPS!!!)

    ~~~~~~~~~~~~~~~~~~~~~~~~~

    2. PassLeader 300-209 dumps FYI:

    od.lk/fl/NjFfMTUyNjc0N18

    (454q~~~NEW VERSION DUMPS!!!)

    ~~~~~~~~~~~~~~~~~~~~~~~~~

    3. PassLeader 300-210 dumps FYI:

    od.lk/fl/NjFfMTUyNjc0OV8

    (508q~~~NEW VERSION DUMPS!!!)

    ~~~~~~~~~~~~~~~~~~~~~~~~~

    Good Luck!!!

    [(copy those links and open them in your web browser!!!)]

  82. SomeoneElse
    November 25th, 2019

    @CCNP_Sutdent

    Soo.. can you try to remember and share your experiences ?

    ————— QUOTE—————
    …To be honest their is not much help for 300 – 208 exam on this forum. I do not see many people sharing there experiences, I think because not many people are aware of this forum as Name of this forum does not suggest that this is for 300 – 208 (SISAS) exam.

    But many thanks to those who have shared their experiences in the past. Good Luck All

  83. CCNP-Sec
    November 25th, 2019

    What do you guys think of the followingQ ?
    ———–
    What are two possible reasons why many Sales and IT users are unable to authenticate and access the network using their AnyConnected NAM client and EAP-FAST? (Choose two.)

    A. The Dot1X authentication policy is not allowing the EAP-FAST protocol.
    B. The IP_Corp authorization profile has the wrong Access Type configured.
    C. The authorization profile used for the Sales users is misconfigured.
    D. The order for the MAB authentication policy and the Dot1X authentication policy should be reversed.
    E. Many of the IT Sales and IT user machines are not passing the ISE posture assessment.
    F. The PERMIT_ALL_TRAFFIC DACL is missing the permit ip any any statements in the end.
    G. The Employee_FullAccess_DACL DACL is missing the permit ip any any statement in the end.

    Answer: A, C

    The authorization profile used for the Sales users is misconfigured. – I checked and on this authorization profile (PERMIT ACCESS) was placed an access type ACCESS_REJECT.

  84. Anonymous
    November 25th, 2019

    NEW QUESTION 503
    What represents the default Cisco IOS RADIUS attribute-value pair?

    A. User name= 5, password= 4, NAS-IP Address= 4, NAS-Port= 5
    B. User name= 0, password= 1, NAS-IP Address= 2, NAS-Port= 3
    C. User name= 1, password= 2, NAS-IP Addryess= 4, NAS-Port= 5
    D. User name= 1, password= 2, NAS-IP Address= 3, NAS-Port= 4

    Answer: C

  85. Anonymous@home
    November 26th, 2019

    Passed with 924. Everything has been discussed in last 8 pages. The recent D&D update, hotspot. No sim. I hear from a friend working in Cisco that they are not happy with the recent high passing rate and will introduce new questions first week of Dec. He said they have a database of 800Qs. PL only has approx 300 + Qs after accounting for duplicate. Good luck.

  86. Mario
    November 26th, 2019

    Hi
    Does anyone have new questions for 300-208?
    I have an exam next week
    Thanks

  87. CAP-net
    November 26th, 2019

    hi Guys,

    the below question is giov dump

    QUESTION 31 Which two Cisco Catalyst switch interface commands allow only a single voice device and a single data device to be connected to the IEEE 802.1X-enabled interface? (Choose two.)

    A. authentication host-mode single-host
    B. authentication host-mode multi-domain
    C. authentication host-mode multi-host
    D. authentication host-mode multi-auth

    answer is BC
    i think BD more correct because the multi-host mode authorise all device without authentication

    anyone have idea ??

  88. CAP-net
    November 26th, 2019

    @Mario

    hi man
    this the dump that i have
    delete the *

    https **: **/ /www.dropbox.com/s/7rpl64hbrz0zk4j/GioV3269Tut.pdf?dl=0

    me too i will take the exam soon

    please all share here experience to be helpful
    good luck

  89. SomeoneElse
    November 26th, 2019

    Me too !

  90. CAP-net
    November 26th, 2019

    friends

    any idea in this question please ?

    QUESTION 42 A network administrator needs to determine the ability of existing network devices to deliver key BYOD services. Which tool will complete a readiness assessment and outline hardware and software capable and incapable devices?

    A. Prime Infrastructure
    B. Network Control System
    C. Cisco Security Manager
    D. Identity Services Engine

    Answer: A is correct ?

    thanks

  91. CAP-net
    November 26th, 2019

    hi
    for this question

    QUESTION 45 Which Cisco ISE 1.x protocol can be used to control admin access to network access devices?

    A. TACACS+ B. RADIUS C. EAP D. Kerberos

    Answer: B

    i think A is correct

  92. Keyser Soze
    November 27th, 2019

    Tacacs+ is implemented in ISE 2.x, in ISE1.x only protocol is RADIUS
    So …
    B = RADIUS – correct answer

  93. Dave
    November 27th, 2019

    Anybody has the latest dump or PL 508 or Spoto for the 300-208 ? Thanks.

  94. CAP-net
    November 27th, 2019

    @ keyser

    thank a lot man

  95. I’mLazy
    November 27th, 2019

    Hi CAP-net,

    Are you planning to go from Q1 to Q500 and ask 1Q by 1Q, or do you plan to do some reading first ?

  96. CAP-net
    November 27th, 2019

    @ I’mLazy

    hi

    i use the dump giov3 326 question
    and i start 1q by 1q

    thanks

  97. Mario
    November 27th, 2019

    Which answer is correct?

    Which characteristic of an SGT enforcement policy is true?
    A. An SGFW has an implicit permit at the beginning.
    B. An SGFW has an implicit deny at the end.
    C. An SGACL has an implicit deny at the end.
    D. An SGACL has an explicit deny at the beginning.
    Answer: B
    another dump A

  98. Mario
    November 27th, 2019

    and next question

    question about what came before mab:
    A. port security,
    B. vlan access lists,
    C. stp
    D. something else

  99. Keyser Size
    November 27th, 2019

    @Mario
    Which answer is correct?

    Which characteristic of an SGT enforcement policy is true?
    A. An SGFW has an implicit permit at the beginning.
    B. An SGFW has an implicit deny at the end.
    C. An SGACL has an implicit deny at the end.
    D. An SGACL has an explicit deny at the beginning.

    I think the correct answer is B because …
    if first line is permit any any (at the beginning)… all traffic will be permitted from first condition, and all condition below will not be ever used
    and
    an implicit deny at the end will block all traffic that not match with any condition

  100. GAREN
    November 27th, 2019

    Hi
    Which two products can get file disposition information from the Cisco Advanced Malware Protection cloud? (Choose two.)
    A. Cisco Email Security Appliance
    B. Cisco Advanced Malware Protection Threat Grid
    C. Cisco AnyConnect
    D. Cisco Web Security Appliance
    E. Cisco Identity Services Engine

    AB or BD
    personally I’ll go esa and amp with threat grid

    Does anyone have an idea to prove this question?


  101. Note: Please do not open any suspicious links (especially short links and links that need to remove some words to open) in the comment section above as they are usually spams and may harm your computer.
Comment pages
1 2 3 4 5 9 584
Add a Comment