Month End Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dumps65

DumpsWrap Logo

Cisco 300-715 Dumps

Page: 1 / 24
Total 243 questions
Get 300-715 Full Access Download 300-715 PDF

Implementing and Configuring Cisco Identity Services Engine (SISE) v4.0 (300-715 SISE) Questions and Answers

Question 1

Select and Place

as

Options:

Question 2

What should be considered when configuring certificates for BYOD?

Options:

A.

An endpoint certificate is mandatory for the Cisco ISE BYOD

B.

An Android endpoint uses EST whereas other operation systems use SCEP for enrollment

C.

The CN field is populated with the endpoint host name.

D.

The SAN field is populated with the end user name

Question 3

Which two endpoint compliance statuses are possible? (Choose two.)

Options:

A.

unknown

B.

known

C.

invalid

D.

compliant

E.

valid

Question 4

Which RADIUS attribute is used to dynamically assign the inactivity active timer for MAB users from the Cisco ISE node'?

Options:

A.

radius-server timeout

B.

session-timeout

C.

idle-timeout

D.

termination-action

Question 5

An engineer is designing a BYOD environment utilizing Cisco ISE for devices that do not support native supplicants Which portal must the security engineer configure to accomplish this task?

Options:

A.

MDM

B.

Client provisioning

C.

My devices

D.

BYOD

Question 6

A laptop was stolen and a network engineer added it to the block list endpoint identity group What must be done on a new Cisco ISE deployment to redirect the laptop and restrict access?

Options:

A.

Select DenyAccess within the authorization policy.

B.

Ensure that access to port 8443 is allowed within the ACL.

C.

Ensure that access to port 8444 is allowed within the ACL.

D.

Select DROP under If Auth fail within the authentication policy.

Question 7

Which profiling probe collects the user-agent string?

Options:

A.

DHCP

B.

AD

C.

HTTP

D.

NMAP

Question 8

An administrator is configuring a new profiling policy in Cisco ISE for a printer type that is missing from the profiler feed The logical profile Printers must be used in the authorization rule and the rule must be hit. What must be done to ensure that this configuration will be successful^

Options:

A.

Create a new logical profile for the new printer policy

B.

Enable the EndPoints:EndPointPolicy condition in the authorization policy.

C.

Add the new profiling policy to the logical profile Printers.

D.

Modify the profiler conditions to ensure that it goes into the correct logical profile

Question 9

A network administrator must configure Cisco SE Personas in the company to share session information via syslog. Which Cisco ISE personas must be added to syslog receivers to accomplish this goal?

Options:

A.

pxGrid

B.

admin

C.

policy services

D.

monitor

Question 10

Select and Place

as

Options:

Question 11

Which two methods should a sponsor select to create bulk guest accounts from the sponsor portal? (Choose two )

Options:

A.

Random

B.

Monthly

C.

Daily

D.

Imported

E.

Known

Question 12

An administrator is configuring TACACS+ on a Cisco switch but cannot authenticate users with Cisco ISE. The configuration contains the correct key of Cisc039712287. but the switch is not receiving a response from the Cisco ISE instance What must be done to validate the AAA configuration and identify the problem with the TACACS+ servers?

Options:

A.

Check for server reachability using the test aaa group tacacs+ admin legacy command.

B.

Test the user account on the server using the test aaa group radius server CUCS user admin pass legacy command.

C.

Validate that the key value is correct using the test aaa authentication admin legacy command.

D.

Confirm the authorization policies are correct using the test aaa authorization admin drop legacy command.

Question 13

A Cisco ISE administrator needs to ensure that guest endpoint registrations are only valid for one day When testing the guest policy flow, the administrator sees that the Cisco ISE does not delete the endpoint in the Guest Endpoints identity store after one day and allows access to the guest network after that period. Which configuration is causing this problem?

Options:

A.

The Endpoint Purge Policy is set to 30 days for guest devices

B.

The RADIUS policy set for guest access is set to allow repeated authentication of the same device

C.

The length of access is set to 7 days in the Guest Portal Settings

D.

The Guest Account Purge Policy is set to 15 days

Question 14

Which Cisco ISE deployment model provides redundancy by having every node in the deployment configured with the Administration. Policy Service, and Monitoring personas to protect from a complete node failure?

Options:

A.

distributed

B.

dispersed

C.

two-node

D.

hybrid

Question 15

An organization is migrating its current guest network to Cisco ISE and has 1000 guest users in the current database There are no resources to enter this information into the Cisco ISE database manually. What must be done to accomplish this task effciently?

Options:

A.

Use a CSV file to import the guest accounts

B.

Use SOL to link me existing database to Ctsco ISE

C.

Use a JSON fie to automate the migration of guest accounts

D.

Use an XML file to change the existing format to match that of Cisco ISE

Question 16

What is needed to configure wireless guest access on the network?

Options:

A.

endpoint already profiled in ISE

B.

WEBAUTH ACL for redirection

C.

valid user account in Active Directory

D.

Captive Portal Bypass turned on

Question 17

Which two probes must be enabled for the ARP cache to function in the Cisco ISE profile service so that a user can reliably bind the IP address and MAC addresses of endpoints? (Choose two.)

Options:

A.

NetFlow

B.

SNMP

C.

HTTP

D.

DHCP

E.

RADIUS

Question 18

Which two ports do network devices typically use for CoA? (Choose two)

Options:

A.

443

B.

19005

C.

8080

D.

3799

E.

1700

Question 19

An engineer is configuring Cisco ISE and needs to dynamically identify the network endpoints and ensure that endpoint access is protected. Which service should be used to accomplish this task?

Options:

A.

Profiling

B.

Guest access

C.

Client provisioning

D.

Posture

Question 20

Which default endpoint identity group does an endpoint that does not match any profile in Cisco ISE become a member of?

Options:

A.

Endpoint

B.

unknown

C.

blacklist

D.

white list

E.

profiled

Question 21

An engineer is configuring a guest password policy and needs to ensure that the password complexity requirements are set to mitigate brute force attacks. Which two requirement complete this policy? (Choose two)

Options:

A.

minimum password length

B.

active username limit

C.

access code control

D.

gpassword expiration period

E.

username expiration date

Question 22

A network engineer must enforce access control using special tags, without re-engineering the network design. Which feature should be configured to achieve this in a scalable manner?

Options:

A.

SGT

B.

dACL

C.

VLAN

D.

RBAC

Question 23

When configuring an authorization policy, an administrator cannot see specific Active Directory groups present in their domain to be used as a policy condition. However, other groups that are in the same domain are seen What is causing this issue?

Options:

A.

Cisco ISE only sees the built-in groups, not user created ones

B.

The groups are present but need to be manually typed as conditions

C.

Cisco ISE's connection to the AD join point is failing

D.

The groups are not added to Cisco ISE under the AD join point

Question 24

An organization is adding new profiling probes to the system to improve profiling on Oseo ISE The probes must support a common network management protocol to receive information about the endpoints and the ports to which they are connected What must be configured on the network device to accomplish this goal?

Options:

A.

ARP

B.

SNMP

C.

WCCP

D.

ICMP

Question 25

as

Refer to the exhibit. In which scenario does this switch configuration apply?

Options:

A.

when allowing a hub with multiple clients connected

B.

when passing IP phone authentication

C.

when allowing multiple IP phones to be connected

D.

when preventing users with hypervisor

Question 26

Which supplicant(s) and server(s) are capable of supporting EAP-CHAINING?

Options:

A.

Cisco AnyConnect NAM and Cisco Identity Service Engine

B.

Cisco AnyConnect NAM and Cisco Access Control Server

C.

Cisco Secure Services Client and Cisco Access Control Server

D.

Windows Native Supplicant and Cisco Identity Service Engine

Question 27

An administrator connects an HP printer to a dot1x enable port, but the printer in not accessible Which feature must the administrator enable to access the printer?

Options:

A.

MAC authentication bypass

B.

change of authorization

C.

TACACS authentication

D.

RADIUS authentication

Question 28

A Cisco device has a port configured in multi-authentication mode and is accepting connections only from hosts assigned the SGT of SGT_0422048549 The VLAN trunk link supports a maximum of 8 VLANS What is the reason for these restrictions?

Options:

A.

The device is performing inline tagging without acting as a SXP speaker

B.

The device is performing mime tagging while acting as a SXP speaker

C.

The IP subnet addresses are dynamically mapped to an SGT.

D.

The IP subnet addresses are statically mapped to an SGT

Question 29

An organization wants to enable web-based guest access for both employees and visitors The goal is to use a single portal for both user types Which two authentication methods should be used to meet this requirement? (Choose two )

Options:

A.

LDAP

B.

802 1X

C.

Certificate-based

D.

LOCAL

E.

MAC based

Question 30

An engineer needs to configure a compliance policy on Cisco ISE to ensure that the latest encryption software is running on the C drive of all endpoints. Drag and drop the configuration steps from the left into the sequence on the right to accomplish this task.

as

Options:

Question 31

An engineer is migrating users from MAB to 802.1X on the network. This must be done during normal business hours with minimal impact to users. Which CoA method should be used?

Options:

A.

Port Bounce

B.

Port Shutdown

C.

Session Termination

D.

Session Reauthentication

Question 32

Which use case validates a change of authorization?

Options:

A.

An authenticated, wired EAP-capable endpoint is discovered

B.

An endpoint profiling policy is changed for authorization policy.

C.

An endpoint that is disconnected from the network is discovered

D.

Endpoints are created through device registration for the guests

Question 33

An administrator is troubleshooting an endpoint that is supposed to bypass 802 1X and use MAB. The endpoint is bypassing 802.1X and successfully getting network access using MAB. however the endpoint cannot communicate because it cannot obtain an IP address. What is the problem?

Options:

A.

The DHCP probe for Cisco ISE is not working as expected.

B.

The 802.1 X timeout period is too long.

C.

The endpoint is using the wrong protocol to authenticate with Cisco ISE.

D.

An AC I on the port is blocking HTTP traffic

Question 34

Which Cisco ISE deployment model is recommended for an enterprise that has over 50,000 concurrent active endpoints?

Options:

A.

large deployment with fully distributed nodes running all personas

B.

medium deployment with primary and secondary PAN/MnT/pxGrid nodes with shared PSNs

C.

medium deployment with primary and secondary PAN/MnT/pxGrid nodes with dedicated PSNs

D.

small deployment with one primary and one secondary node running all personas

Question 35

An engineer needs to configure Cisco ISE Profiling Services to authorize network access for IP speakers that require access to the intercom system. This traffic needs to be identified if the ToS bit is set to 5 and the destination IP address is the intercom system. What must be configured to accomplish this goal?

Options:

A.

NMAP

B.

NETFLOW

C.

pxGrid

D.

RADIUS

Load More 300-715 Questions
Page: 1 / 24
Total 243 questions
Get 300-715 Full Access Download 300-715 PDF