CCNP Security Implementing Cisco Secure Access Solutions (SISAS)

Here you have the best Cisco 300-208 practice exam questions

You have 256 total questions to study from
Each page has 5 questions, making a total of 52 pages
You can navigate through the pages using the buttons at the bottom
This questions were last updated on January 30, 2026
This site is not affiliated with or endorsed by Cisco.

Question 1 of 256

A network administrator needs to implement a service that enables granular control of IOS commands that can be executed. Which AAA authentication method should be selected?

A.

TACACS+

B.

RADIUS

C.

Windows Active Directory

D.

Generic LDAP

Suggested Answer: A

Community votes

No votes yet

Question 2 of 256

An administrator can leverage which attribute to assign privileges based on Microsoft Active Directory user groups?

A.

member of

B.

group

C.

class

D.

person

Suggested Answer: A

Community votes

No votes yet

Question 3 of 256

Cisco 802.1X phasing enables flexible deployments through the use of open, low-impact, and closed modes. What is a unique characteristic of the most secure mode?

A.

Granular ACLs applied prior to authentication

B.

Per user dACLs applied after successful authentication

C.

Only EAPoL traffic allowed prior to authentication

D.

Adjustable 802.1X timers to enable successful authentication

Suggested Answer: C

The most secure mode of Cisco 802.1X phasing is characterized by allowing only EAPoL traffic prior to authentication. This ensures that no network access is granted until a device is successfully authenticated, thus providing the highest level of security. In closed mode, all other types of traffic, such as DHCP, HTTP, and DNS, are blocked until authentication is completed successfully.

Community votes

No votes yet

Question 4 of 256

A network administrator must enable which protocol extension to utilize EAP-Chaining?

A.

EAP-FAST

B.

EAP-TLS

C.

MSCHAPv2

D.

PEAP

Suggested Answer: A

EAP-Chaining requires the use of EAP-FAST. This protocol extension allows for a single authentication process that encompasses both machine and user credentials, which is a key capability needed for EAP-Chaining.

Community votes

No votes yet

Question 5 of 256

In the command 'aaa authentication default group tacacs local', how is the word 'default' defined?

A.

Command set

B.

Group name

C.

Method list

D.

Login type

Suggested Answer: C

In the command 'aaa authentication default group tacacs local', the word 'default' defines a method list. A method list is a named list of authentication methods that are used to determine how users are authenticated. The methods specified (in this case, TACACS+ and local) are applied in the given order when a user attempts to access the system.

Community votes

No votes yet