March Special Sale Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 713PS592

300-715 Implementing and Configuring Cisco Identity Services Engine (SISE) v4.0 (300-715 SISE) Questions and Answers

Questions 4

What is a function of client provisioning?

Options:

A.

It ensures an application process is running on the endpoint.

B.

It checks a dictionary' attribute with a value.

C.

It ensures that endpoints receive the appropriate posture agents

D.

It checks the existence date and versions of the file on a client.

Buy Now
Questions 5

During a 802 1X deployment, an engineer must identify failed authentications without causing problems for the connected endpoint. Which command will successfully achieve this''

Options:

A.

dot1x system-auth-control

B.

dot1x pae authenticator

C.

authentication open

D.

authentication port-control auto

Buy Now
Questions 6

A network engineer must enforce access control using special tags, without re-engineering the network design. Which feature should be configured to achieve this in a scalable manner?

Options:

A.

SGT

B.

dACL

C.

VLAN

D.

RBAC

Buy Now
Questions 7

Which two values are compared by the binary comparison (unction in authentication that is based on Active Directory?

Options:

A.

subject alternative name and the common name

B.

MS-CHAPv2 provided machine credentials and credentials stored in Active Directory

C.

user-presented password hash and a hash stored in Active Directory

D.

user-presented certificate and a certificate stored in Active Directory

Buy Now
Questions 8

An employee must access the internet through the corporate network from a new mobile device that does not support native supplicant provisioning provided by Cisco ISE. Which portal must the employee use to provision to the device?

Options:

A.

BYOD

B.

Personal Device

C.

My Devices

D.

Client Provisioning

Buy Now
Questions 9

An engineer is configuring web authentication and needs to allow specific protocols to permit DNS traffic. Which type of access list should be used for this configuration?

Options:

A.

reflexive ACL

B.

extended ACL

C.

standard ACL

D.

numbered ACL

Buy Now
Questions 10

Which term refers to an endpoint agent that tries to join an 802 1X-enabled network?

Options:

A.

EAP server

B.

supplicant

C.

client

D.

authenticator

Buy Now
Questions 11

What must match between Cisco ISE and the network access device to successfully authenticate endpoints?

Options:

A.

SNMP version

B.

shared secret

C.

certificate

D.

profile

Buy Now
Questions 12

An organization wants to improve their BYOD processes to have Cisco ISE issue certificates to the BYOD endpoints. Currently, they have an active certificate authority and do not want to replace it with Cisco ISE. What must be configured within Cisco ISE to accomplish this goal?

Options:

A.

Create a certificate signing request and have the root certificate authority sign it.

B.

Add the root certificate authority to the trust store and enable it for authentication.

C.

Create an SCEP profile to link Cisco ISE with the root certificate authority.

D.

Add an OCSP profile and configure the root certificate authority as secondary.

Buy Now
Questions 13

A network engineer is configuring guest access and notices that when a guest user registers a second device for access, the first device loses access What must be done to ensure that both devices for a particular user are able to access the guest network simultaneously?

Options:

A.

Configure the sponsor group to increase the number of logins.

B.

Use a custom portal to increase the number of logins

C.

Modify the guest type to increase the number of maximum devices

D.

Create an Adaptive Network Control policy to increase the number of devices

Buy Now
Questions 14

An organization is adding nodes to their Cisco ISE deployment and has two nodes designated as primary and secondary PAN and MnT nodes. The organization also has four PSNs An administrator is adding two more PSNs to this deployment but is having problems adding one of them What is the problem?

Options:

A.

The new nodes must be set to primary prior to being added to the deployment

B.

The current PAN is only able to track a max of four nodes

C.

Only five PSNs are allowed to be in the Cisco ISE cube if configured this way.

D.

One of the new nodes must be designated as a pxGrid node

Buy Now
Questions 15

An administrator needs to allow guest devices to connect to a private network without requiring usernames and passwords. Which two features must be configured to allow for this? (Choose two.)

Options:

A.

hotspot guest portal

B.

device registration WebAuth

C.

central WebAuth

D.

local WebAuth

E.

self-registered guest portal

Buy Now
Questions 16

What happens when an internal user is configured with an external identity store for authentication, but an engineer uses the Cisco ISE admin portal to select an internal identity store as the identity source?

Options:

A.

Authentication is redirected to the internal identity source.

B.

Authentication is redirected to the external identity source.

C.

Authentication is granted.

D.

Authentication fails.

Buy Now
Questions 17

Which two actions occur when a Cisco ISE server device administrator logs in to a device? (Choose two)

Options:

A.

The device queries the internal identity store

B.

The Cisco ISE server queries the internal identity store

C.

The device queries the external identity store

D.

The Cisco ISE server queries the external identity store.

E.

The device queries the Cisco ISE authorization server

Buy Now
Questions 18

Refer to the exhibit.

300-715 Question 18

A network engineers configuring the switch to accept downloadable ACLs from a Cisco ISC server Which two commands should be run to complete the configuration? (Choose two)

Options:

A.

aaa authorization auth-proxy default group radius

B.

radius server vsa sand authentication

C.

radius-server attribute 8 include-in-access-req

D.

ip device tracking

E.

dot1x system-auth-control

Buy Now
Questions 19

During BYOD flow, from where does a Microsoft Windows PC download the Network Setup Assistant?

Options:

A.

Cisco App Store

B.

Microsoft App Store

C.

Cisco ISE directly

D.

Native OTA functionality

Buy Now
Questions 20

Which compliance status is set when a matching posture policy has been defined for that endpomt. but all the mandatory requirements during posture assessment are not met?

Options:

A.

unauthorized

B.

untrusted

C.

non-compliant

D.

unknown

Buy Now
Questions 21

An administrator is troubleshooting an endpoint that is supposed to bypass 802 1X and use MAB. The endpoint is bypassing 802.1X and successfully getting network access using MAB. however the endpoint cannot communicate because it cannot obtain an IP address. What is the problem?

Options:

A.

The DHCP probe for Cisco ISE is not working as expected.

B.

The 802.1 X timeout period is too long.

C.

The endpoint is using the wrong protocol to authenticate with Cisco ISE.

D.

An AC I on the port is blocking HTTP traffic

Buy Now
Questions 22

While configuring Cisco TrustSec on Cisco IOS devices the engineer must set the CTS device ID and password in order for the devices to authenticate with each other. However after this is complete the devices are not able to property authenticate What issue would cause this to happen even if the device ID and passwords are correct?

Options:

A.

The device aliases are not matching

B.

The 5GT mappings have not been defined

C.

The devices are missing the configuration cts credentials trustsec verify 1

D.

EAP-FAST is not enabled

Buy Now
Questions 23

What are two differences of TACACS+ compared to RADIUS? (Choose two.)

Options:

A.

TACACS+ uses a connectionless transport protocol, whereas RADIUS uses a connection-oriented transport protocol.

B.

TACACS+ encrypts the full packet payload, whereas RADIUS only encrypts the password.

C.

TACACS+ only encrypts the password, whereas RADIUS encrypts the full packet payload.

D.

TACACS+ uses a connection-oriented transport protocol, whereas RADIUS uses a connectionless transport protocol.

E.

TACACS+ supports multiple sessions per user, whereas RADIUS supports one session per user.

Buy Now
Questions 24

Which protocol must be allowed for a BYOD device to access the BYOD portal?

Options:

A.

HTTP

B.

SMTP

C.

HTTPS

D.

SSH

Buy Now
Questions 25

A policy is being created in order to provide device administration access to the switches on a network. There is a requirement to ensure that if the session is not actively being used, after 10 minutes, it will be disconnected. Which task must be configured in order to meet this requirement?

Options:

A.

session timeout

B.

idle time

C.

monitor

D.

set attribute as

Buy Now
Questions 26

Select and Place

300-715 Question 26

Options:

Buy Now
Questions 27

An organization is hosting a conference and must make guest accounts for several of the speakers attending. The conference ended two days early but the guest accounts are still being used to access the network. What must be configured to correct this?

Options:

A.

Create an authorization rule denying sponsored guest access.

B.

Navigate to the Guest Portal and delete the guest accounts.

C.

Create an authorization rule denying guest access.

D.

Navigate to the Sponsor Portal and suspend the guest accounts.

Buy Now
Questions 28

What are two components of the posture requirement when configuring Cisco ISE posture? (Choose two)

Options:

A.

updates

B.

remediation actions

C.

Client Provisioning portal

D.

conditions

E.

access policy

Buy Now
Questions 29

An engineer is using the low-impact mode for a phased deployment of Cisco ISE and is trying to connect to the network prior to authentication. Which access will be denied in this?

Options:

A.

HTTP

B.

DNS

C.

EAP

D.

DHCP

Buy Now
Questions 30

An engineer is configuring a virtual Cisco ISE deployment and needs each persona to be on a different node. Which persona should be configured with the largest amount of storage in this environment?

Options:

A.

policy Services

B.

Primary Administration

C.

Monitoring and Troubleshooting

D.

Platform Exchange Grid

Buy Now
Questions 31

What sends the redirect ACL that is configured in the authorization profile back to the Cisco WLC?

Options:

A.

Cisco-av-pair

B.

Class attribute

C.

Event

D.

State attribute

Buy Now
Questions 32

An engineer needs to configure a new certificate template in the Cisco ISE Internal Certificate Authority to prevent BYOD devices from needing to re-enroll when their MAC address changes. Which option must be selected in the Subject Alternative Name field?

Options:

A.

Common Name and GUID

B.

MAC Address and GUID

C.

Distinguished Name

D.

Common Name

Buy Now
Questions 33

Which RADIUS attribute is used to dynamically assign the inactivity active timer for MAB users from the Cisco ISE node'?

Options:

A.

radius-server timeout

B.

session-timeout

C.

idle-timeout

D.

termination-action

Buy Now
Questions 34

What occurs when a Cisco ISE distributed deployment has two nodes and the secondary node is deregistered?

Options:

A.

The primary node restarts

B.

The secondary node restarts.

C.

The primary node becomes standalone

D.

Both nodes restart.

Buy Now
Questions 35

Which two endpoint compliance statuses are possible? (Choose two.)

Options:

A.

unknown

B.

known

C.

invalid

D.

compliant

E.

valid

Buy Now
Questions 36

Drag the descriptions on the left onto the components of 802.1X on the right.

300-715 Question 36

Options:

Buy Now
Questions 37

If a user reports a device lost or stolen, which portal should be used to prevent the device from accessing the network while still providing information about why the device is blocked?

Options:

A.

Client Provisioning

B.

Guest

C.

BYOD

D.

Blacklist

Buy Now
Questions 38

Which Cisco ISE deployment model is recommended for an enterprise that has over 50,000 concurrent active endpoints?

Options:

A.

large deployment with fully distributed nodes running all personas

B.

medium deployment with primary and secondary PAN/MnT/pxGrid nodes with shared PSNs

C.

medium deployment with primary and secondary PAN/MnT/pxGrid nodes with dedicated PSNs

D.

small deployment with one primary and one secondary node running all personas

Buy Now
Questions 39

An administrator is configuring new probes to use with Cisco ISE and wants to use metadata to help profile the endpoints. The metadata must contain traffic information relating to the endpoints instead of industry-standard protocol information Which probe should be enabled to meet these requirements?

Options:

A.

NetFlow probe

B.

DNS probe

C.

DHCP probe

D.

SNMP query probe

Buy Now
Questions 40

Which port does Cisco ISE use for native supplicant provisioning of a Windows laptop?

Options:

A.

TCP 8909

B.

TCP 8905

C.

UDP 1812

D.

TCP 443

Buy Now
Questions 41

An administrator enables the profiling service for Cisco ISE to use for authorization policies while in closed mode. When the endpoints connect, they receive limited access so that the profiling probes can gather information and Cisco ISE can assign the correct profiles. They are using the default values within Cisco ISE. but the devices do not change their access due to the new profile. What is the problem'?

Options:

A.

In closed mode, profiling does not work unless CDP is enabled.

B.

The profiling probes are not able to collect enough information to change the device profile

C.

The profiler feed is not downloading new information so the profiler is inactive

D.

The default profiler configuration is set to No CoA for the reauthentication setting

Buy Now
Questions 42

An administrator is adding a switch to a network that is running Cisco ISE and is only for IP Phones The phones do not have the ability to authenticate via 802 1X Which command is needed on each switch port for authentication?

Options:

A.

dot1x system-auth-control

B.

enable bypass-mac

C.

enable network-authentication

D.

mab

Buy Now
Questions 43

Which two authentication protocols are supported by RADIUS but not by TACACS+? (Choose two.)

Options:

A.

MSCHAPv1

B.

PAP

C.

EAP

D.

CHAP

E.

MSCHAPV2

Buy Now
Questions 44

An engineer is configuring ISE for network device administration and has devices that support both protocols. What are two benefits of choosing TACACS+ over RADUs for these devices? (Choose two.)

Options:

A.

TACACS+ is FIPS compliant while RADIUS is not

B.

TACACS+ is designed for network access control while RADIUS is designed for role-based access.

C.

TACACS+ uses secure EAP-TLS while RADIUS does not.

D.

TACACS+ provides the ability to authorize specific commands while RADIUS does not

E.

TACACS+ encrypts the entire payload being sent while RADIUS only encrypts the password.

Buy Now
Questions 45

An engineer is configuring a posture policy for Windows 10 endpoints and wants to ensure that users in each AD group have different conditions to meet to be compliant. What must be done to accomplish this task?

Options:

A.

identify The users groups needed for different policies and create service conditions to map each one to its posture requirement

B.

Configure a simple condition for each AD group and use it in the posture policy for each use case

C.

Use the authorization policy within the policy set to group each AD group with their respective posture policy

D.

Change the posture requirements to use an AD group lor each use case then use those requirements in the posture policy

Buy Now
Questions 46

An engineer is configuring sponsored guest access and needs to limit each sponsored guest to a maximum of two devices. There are other guest services in production that rely on the default guest types. How should this configuration change be made without disrupting the other guest services currently offering three or more guest devices per user?

Options:

A.

Create an ISE identity group to add users to and limit the number of logins via the group configuration.

B.

Create a new guest type and set the maximum number of devices sponsored guests can register

C.

Create an LDAP login for each guest and tag that in the guest portal for authentication.

D.

Create a new sponsor group and adjust the settings to limit the devices for each guest.

Buy Now
Questions 47

Drag the Cisco ISE node types from the left onto the appropriate purposes on the right.

300-715 Question 47

Options:

Buy Now
Questions 48

What allows an endpoint to obtain a digital certificate from Cisco ISE during a BYOD flow?

Options:

A.

Network Access Control

B.

My Devices Portal

C.

Application Visibility and Control

D.

Supplicant Provisioning Wizard

Buy Now
Questions 49

What is an advantage of using EAP-TLS over EAP-MS-CHAPv2 for client authentication?

Options:

A.

EAP-TLS uses a username and password for authentication to enhance security, while EAP-MS-CHAPv2 does not.

B.

EAP-TLS secures the exchange of credentials, while EAP-MS-CHAPv2 does not.

C.

EAP-TLS uses a device certificate for authentication to enhance security, while EAP-MS-CHAPv2 does not.

D.

EAP-TLS uses multiple forms of authentication, while EAP-MS-CHAPv2 only uses one.

Buy Now
Questions 50

Which two features are available when the primary admin node is down and the secondary admin node has not been promoted? (Choose two.)

Options:

A.

hotspot

B.

new AD user 802 1X authentication

C.

posture

D.

BYOD

E.

guest AUP

Buy Now
Questions 51

An administrator is configuring posture assessment in Cisco ISE for the first time. Which two components must be uploaded to Cisco ISE to use Anyconnect for the agent configuration in a client provisioning policy? (Choose two.)

Options:

A.

Anyconnect network visibility module

B.

Anyconnect compliance module

C.

AnyConnectProfile.xml file

D.

AnyConnectProfile.xsd file

E.

Anyconnect agent image

Buy Now
Questions 52

An engineer must configure Cisco ISE to provide internet access for guests in which guests are required to enter a code to gain network access. Which action accomplishes the goal?

Options:

A.

Configure the hotspot portal for guest access and require an access code.

B.

Configure the sponsor portal with a single account and use the access code as the password.

C.

Configure the self-registered guest portal to allow guests to create a personal access code.

D.

Create a BYOD policy that bypasses the authentication of the user and authorizes access codes.

Buy Now
Questions 53

An engineer is configuring a dedicated SSID for onboarding devices. Which SSID type accomplishes this configuration?

Options:

A.

dual

B.

hidden

C.

broadcast

D.

guest

Buy Now
Questions 54

What is a restriction of a standalone Cisco ISE node deployment?

Options:

A.

Only the Policy Service persona can be disabled on the node.

B.

The domain name of the node cannot be changed after installation.

C.

Personas are enabled by default and cannot be edited on the node.

D.

The hostname of the node cannot be changed after installation.

Buy Now
Questions 55

An administrator is attempting to replace the built-in self-signed certificates on a Cisco ISE appliance. The CA is requesting some information about the appliance in order to sign the new certificate. What must be done in order to provide the CA this information?

Options:

A.

Install the Root CA and intermediate CA.

B.

Generate the CSR.

C.

Download the intermediate server certificate.

D.

Download the CA server certificate.

Buy Now
Questions 56

Drag and drop the description from the left onto the protocol on the right that is used to carry out system authentication, authentication, and accounting.

300-715 Question 56

Options:

Buy Now
Questions 57

What is a valid guest portal type?

Options:

A.

Sponsored-Guest

B.

My Devices

C.

Sponsor

D.

Captive-Guest

Buy Now
Questions 58

Which two roles are taken on by the administration person within a Cisco ISE distributed environment? (Choose two.)

Options:

A.

backup

B.

secondary

C.

standby

D.

primary

E.

active

Buy Now
Questions 59

An engineer is working on a switch and must tag packets with SGT values such that it learns via SXP. Which command must be entered to meet this requirement?

Options:

A.

ip source guard

B.

ip dhcp snooping

C.

ip device tracking maximum

D.

ip arp inspection

Buy Now
Questions 60

An administrator made changes in Cisco ISE and needs to apply new permissions for endpoints that have already been authenticated by sending a CoA packet to the network devices. Which IOS command must be configured on the devices to accomplish this goal?

Options:

A.

aaa server radius dynamic-author

B.

authentication command bounce-port

C.

authentication command disable-port

D.

aaa nas port extended

Buy Now
Questions 61

Refer to the exhibit.

300-715 Question 61

An engineer is configuring a client but cannot authenticate to Cisco ISE During troubleshooting, the show authentication sessions command was issued to display the authentication status of each port Which command gives additional information to help identify the problem with the authentication?

Options:

A.

show authentication sessions

B.

show authentication sessions Interface Gil/0/1 output

C.

show authentication sessions interface Gi1/0/1 details

D.

show authentication sessions output

Buy Now
Questions 62

An engineer needs to export a file in CSV format, encrypted with the password C1$c0438563935, and contains users currently configured in Cisco ISE. Drag and drop the steps from the left into the sequence on the right to complete this task.

300-715 Question 62

Options:

Buy Now
Questions 63

Which interface-level command is needed to turn on 802 1X authentication?

Options:

A.

Dofl1x pae authenticator

B.

dot1x system-auth-control

C.

authentication host-mode single-host

D.

aaa server radius dynamic-author

Buy Now
Questions 64

Drag and drop the configuration steps from the left into the sequence on the right to install two Cisco ISE nodes in a distributed deployment.

300-715 Question 64

Options:

Buy Now
Questions 65

In a standalone Cisco ISE deployment, which two personas are configured on a node? (Choose two )

Options:

A.

publisher

B.

administration

C.

primary

D.

policy service

E.

subscriber

Buy Now
Questions 66

In which two ways can users and endpoints be classified for TrustSec?

(Choose Two.)

Options:

A.

VLAN

B.

SXP

C.

dynamic

D.

QoS

E.

SGACL

Buy Now
Questions 67

What is a method for transporting security group tags throughout the network?

Options:

A.

by enabling 802.1AE on every network device

B.

by the Security Group Tag Exchange Protocol

C.

by embedding the security group tag in the IP header

D.

by embedding the security group tag in the 802.1Q header

Buy Now
Questions 68

What service can be enabled on the Cisco ISE node to identity the types of devices connecting to a network?

Options:

A.

MAB

B.

profiling

C.

posture

D.

central web authentication

Buy Now
Questions 69

An administrator adds a new network device to the Cisco ISE configuration to authenticate endpoints to the network. The RADIUS test fails after the administrator configures all of the settings in Cisco ISE and adds the proper configurations to the switch. What is the issue"?

Options:

A.

The endpoint profile is showing as "unknown."

B.

The endpoint does not have the appropriate credentials for network access.

C.

The shared secret is incorrect on the switch or on Cisco ISE.

D.

The certificate on the switch is self-signed not a CA-provided certificate.

Buy Now
Questions 70

An administrator is adding network devices for a new medical building into Cisco ISE. These devices must be in a network device group that is identifying them as "Medical Switch" so that the policies can be made separately for the endpoints connecting through them. Which configuration item must be changed in the network device within Cisco ISE to accomplish this goal?

Options:

A.

Change the device type to Medical Switch.

B.

Change the device profile to Medical Switch.

C.

Change the model name to Medical Switch.

D.

Change the device location to Medical Switch.

Buy Now
Questions 71

A network administrator is configuring a secondary cisco ISE node from the backup configuration of the primary cisco ISE node to create a high availability pair The Cisco ISE CA certificates and keys must be manually backed up from the primary Cisco ISE and copied into the secondary Cisco ISE Which command most be issued for this to work?

Options:

A.

copy certificate Ise

B.

application configure Ise

C.

certificate configure Ise

D.

Import certificate Ise

Buy Now
Questions 72

Which two task types are included in the Cisco ISE common tasks support for TACACS+ profiles?

(Choose two.)

Options:

A.

Firepower

B.

WLC

C.

IOS

D.

ASA

E.

Shell

Buy Now
Exam Code: 300-715
Exam Name: Implementing and Configuring Cisco Identity Services Engine (SISE) v4.0 (300-715 SISE)
Last Update: Mar 29, 2024
Questions: 243

PDF + Testing Engine

$70  $174.99

Testing Engine

$54  $134.99
buy now 300-715 testing engine

PDF (Q&A)

$48  $119.99
buy now 300-715 pdf