Labour Day Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 2493360325

Good News !!! 300-715 Implementing and Configuring Cisco Identity Services Engine (SISE) v4.0 (300-715 SISE) is now Stable and With Pass Result

300-715 Practice Exam Questions and Answers

Implementing and Configuring Cisco Identity Services Engine (SISE) v4.0 (300-715 SISE)

Last Update 8 hours ago
Total Questions : 243

300-715 is stable now with all latest exam questions are added 8 hours ago. Just download our Full package and start your journey with Cisco Implementing and Configuring Cisco Identity Services Engine (SISE) v4.0 (300-715 SISE) certification. All these Cisco 300-715 practice exam questions are real and verified by our Experts in the related industry fields.

300-715 PDF

300-715 PDF (Printable)
$53.2
$132.99

300-715 Testing Engine

300-715 PDF (Printable)
$58
$144.99

300-715 PDF + Testing Engine

300-715 PDF (Printable)
$72.8
$181.99
Question # 1

What is needed to configure wireless guest access on the network?

Options:

A.  

endpoint already profiled in ISE

B.  

WEBAUTH ACL for redirection

C.  

valid user account in Active Directory

D.  

Captive Portal Bypass turned on

Discussion 0
Question # 2

Drag the Cisco ISE node types from the left onto the appropriate purposes on the right.

Question # 2

Options:

Discussion 0
Question # 3

Drag the descriptions on the left onto the components of 802.1X on the right.

Question # 3

Options:

Discussion 0
Question # 4

What are two benefits of TACACS+ versus RADIUS for device administration? (Choose two )

Options:

A.  

TACACS+ supports 802.1X, and RADIUS supports MAB

B.  

TACACS+ uses UDP, and RADIUS uses TCP

C.  

TACACS+ has command authorization, and RADIUS does not.

D.  

TACACS+ provides the service type, and RADIUS does not

E.  

TACACS+ encrypts the whole payload, and RADIUS encrypts only the password.

Discussion 0
Question # 5

MacOS users are complaining about having to read through wordy instructions when remediating their workstations to gam access to the network Which alternate method should be used to tell users how to remediate?

Options:

A.  

URL link

B.  

message text

C.  

executable

D.  

file distribution

Discussion 0
Question # 6

A new employee just connected their workstation to a Cisco IP phone. The network administrator wants to ensure that the Cisco IP phone remains online when the user disconnects their Workstation from the corporate network Which CoA configuration meets this requirement?

Options:

A.  

Port Bounce

B.  

Reauth

C.  

NoCoA

D.  

Disconnect

Discussion 0
Question # 7

When planning for the deployment of Cisco ISE, an organization's security policy dictates that they must use network access authentication via RADIUS. It also states that the deployment provide an adequate amount of security and visibility for the hosts on the network. Why should the engineer configure MAB in this situation?

Options:

A.  

The Cisco switches only support MA

B.  

B.  

MAB provides the strongest form of authentication available.

C.  

The devices in the network do not have a supplicant.

D.  

MAB provides user authentication.

Discussion 0
Question # 8

Drag and drop the configuration steps from the left into the sequence on the right to install two Cisco ISE nodes in a distributed deployment.

Question # 8

Options:

Discussion 0
Question # 9

An ISE administrator must change the inactivity timer for MAB endpoints to terminate the authentication session whenever a switch port that is connected to an IP phone does not detect packets from the device for 30 minutes. Which action must be taken to accomplish this task?

Options:

A.  

Add the authentication timer reauthenticate server command to the switchport.

B.  

Add the authentication timer inactivity 3600 command to the switchport.

C.  

Change the idle-timeout on the Radius server to 3600 seconds for IP Phone endpoints.

D.  

Configure the session-timeout to be 3600 seconds on Cisco IS

E.  

Discussion 0
Question # 10

An administrator must block access to BYOD endpoints that were onboarded without a certificate and have been reported as stolen in the Cisco ISE My Devices Portal. Which condition must be used when configuring an authorization policy that sets DenyAccess permission?

Options:

A.  

Endpoint Identity Group is Blocklist, and the BYOD state is Registered.

B.  

Endpoint Identify Group is Blocklist, and the BYOD state is Pending.

C.  

Endpoint Identity Group is Blocklist, and the BYOD state is Lost.

D.  

Endpoint Identity Group is Blocklist, and the BYOD state is Reinstate.

Discussion 0
Question # 11

Refer to the exhibit.

Question # 11

An organization recently implemented network device administration using Cisco IS

E.  

Upon testing the ability to access all of the required devices, a user in the Cisco ISE group IT Admins is attempting to login to a device in their organization's finance department but is unable to. What is the problem?

Options:

A.  

The IT training rule is taking precedence over the IT Admins rule.

B.  

The authorization conditions wrongly allow IT Admins group no access to finance devices.

C.  

The finance location is not a condition in the policy set.

D.  

The authorization policy doesn't correctly grant them access to the finance devices.

Discussion 0
Question # 12

An administrator is configuring a Cisco WLC for web authentication Which two client profiling methods are enabled by default if the Apply Cisco ISE Default Settings check box has been selected'? (Choose two.)

Options:

A.  

CDP

B.  

DHCP

C.  

HTTP

D.  

SNMP

E.  

LLDP

Discussion 0
Question # 13

An administrator has added a new Cisco ISE PSN to their distributed deployment. Which two features must the administrator enable to accept authentication requests and profile the endpoints correctly, and add them to their respective endpoint identity groups? (Choose two )

Options:

A.  

Session Services

B.  

Endpoint Attribute Filter

C.  

Posture Services

D.  

Profiling Services

E.  

Radius Service

Discussion 0
Question # 14

What are two differences of TACACS+ compared to RADIUS? (Choose two.)

Options:

A.  

TACACS+ uses a connectionless transport protocol, whereas RADIUS uses a connection-oriented transport protocol.

B.  

TACACS+ encrypts the full packet payload, whereas RADIUS only encrypts the password.

C.  

TACACS+ only encrypts the password, whereas RADIUS encrypts the full packet payload.

D.  

TACACS+ uses a connection-oriented transport protocol, whereas RADIUS uses a connectionless transport protocol.

E.  

TACACS+ supports multiple sessions per user, whereas RADIUS supports one session per user.

Discussion 0
Question # 15

Which configuration is required in the Cisco ISE authentication policy to allow Central Web Authentication?

Options:

A.  

MAB and if user not found, continue

B.  

MAB and if authentication failed, continue

C.  

Dot1x and if user not found, continue

D.  

Dot1x and if authentication failed, continue

Discussion 0
Question # 16

Which two ports must be open between Cisco ISE and the client when you configure posture on Cisco ISE? (Choose two).

Options:

A.  

TCP 8443

B.  

TCP 8906

C.  

TCP 443

D.  

TCP 80

E.  

TCP 8905

Discussion 0
Question # 17

Refer to the exhibit.

Question # 17

A network engineers configuring the switch to accept downloadable ACLs from a Cisco ISC server Which two commands should be run to complete the configuration? (Choose two)

Options:

A.  

aaa authorization auth-proxy default group radius

B.  

radius server vsa sand authentication

C.  

radius-server attribute 8 include-in-access-req

D.  

ip device tracking

E.  

dot1x system-auth-control

Discussion 0
Question # 18

Refer to the exhibit. An engineer is creating a new TACACS* command set and cannot use any show commands after togging into the device with this command set authorization Which configuration is causing this issue?

Options:

A.  

Question marks are not allowed as wildcards for command sets.

B.  

The command set is allowing all commands that are not in the command list

C.  

The wildcard command listed is in the wrong format

D.  

The command set is working like an ACL and denying every command.

Discussion 0
Question # 19

Which two probes must be enabled for the ARP cache to function in the Cisco ISE profile service so that a user can reliably bind the IP address and MAC addresses of endpoints? (Choose two.)

Options:

A.  

NetFlow

B.  

SNMP

C.  

HTTP

D.  

DHCP

E.  

RADIUS

Discussion 0
Question # 20

What is a method for transporting security group tags throughout the network?

Options:

A.  

by enabling 802.1AE on every network device

B.  

by the Security Group Tag Exchange Protocol

C.  

by embedding the security group tag in the IP header

D.  

by embedding the security group tag in the 802.1Q header

Discussion 0
Question # 21

What does a fully distributed Cisco ISE deployment include?

Options:

A.  

PAN and PSN on the same node while MnTs are on their own dedicated nodes.

B.  

PAN and MnT on the same node while PSNs are on their own dedicated nodes.

C.  

All Cisco ISE personas on their own dedicated nodes.

D.  

All Cisco ISE personas are sharing the same node.

Discussion 0
Question # 22

Which two values are compared by the binary comparison (unction in authentication that is based on Active Directory?

Options:

A.  

subject alternative name and the common name

B.  

MS-CHAPv2 provided machine credentials and credentials stored in Active Directory

C.  

user-presented password hash and a hash stored in Active Directory

D.  

user-presented certificate and a certificate stored in Active Directory

Discussion 0
Question # 23

An administrator connects an HP printer to a dot1x enable port, but the printer in not accessible Which feature must the administrator enable to access the printer?

Options:

A.  

MAC authentication bypass

B.  

change of authorization

C.  

TACACS authentication

D.  

RADIUS authentication

Discussion 0
Question # 24

An engineer is configuring web authentication using non-standard ports and needs the switch to redirect traffic to the correct port. Which command should be used to accomplish this task?

Options:

A.  

permit tcp any any eq

B.  

aaa group server radius proxy

C.  

ip http port

D.  

aaa group server radius

Discussion 0
Question # 25

An engineer has been tasked with standing up a new guest portal for customers that are waiting in the lobby. There is a requirement to allow guests to use their social media logins to access the guest network to appeal to more customers What must be done to accomplish this task?

Options:

A.  

Create a sponsor portal to allow guests to create accounts using their social media logins.

B.  

Create a sponsored guest portal and enable social media in the external identity sources.

C.  

Create a self-registered guest portal and enable the feature for social media logins

D.  

Create a hotspot portal and enable social media login for network access

Discussion 0
Question # 26

An engineer is configuring Cisco ISE policies to support MAB for devices that do not have 802.1X capabilities. The engineer is configuring new endpoint identity groups as conditions to be used in the AuthZ policies, but noticed that the endpoints are not hitting the correct policies. What must be done in order to get the devices into the right policies?

Options:

A.  

Manually add the MAC addresses of the devices to endpoint ID groups in the context visibility database.

B.  

Create an AuthZ policy to identify Unknown devices and provide partial network access prior to profiling.

C.  

Add an identity policy to dynamically add the IP address of the devices to their endpoint identity groups.

D.  

Identify the non 802.1X supported device types and create custom profiles for them to profile into.

Discussion 0
Question # 27

An engineer is working with a distributed deployment of Cisco ISE and needs to configure various network probes to collect a set of attributes from the used to accomplish this task?

Options:

A.  

policy service

B.  

monitoring

C.  

pxGrid

D.  

primary policy administrator

Discussion 0
Question # 28

An engineer is configuring a posture policy for Windows 10 endpoints and wants to ensure that users in each AD group have different conditions to meet to be compliant. What must be done to accomplish this task?

Options:

A.  

identify The users groups needed for different policies and create service conditions to map each one to its posture requirement

B.  

Configure a simple condition for each AD group and use it in the posture policy for each use case

C.  

Use the authorization policy within the policy set to group each AD group with their respective posture policy

D.  

Change the posture requirements to use an AD group lor each use case then use those requirements in the posture policy

Discussion 0
Question # 29

Which two ports do network devices typically use for CoA? (Choose two)

Options:

A.  

443

B.  

19005

C.  

8080

D.  

3799

E.  

1700

Discussion 0
Question # 30

What gives Cisco ISE an option to scan endpoints for vulnerabilities?

Options:

A.  

authorization policy

B.  

authentication policy

C.  

authentication profile

D.  

authorization profile

Discussion 0
Question # 31

An administrator needs to allow guest devices to connect to a private network without requiring usernames and passwords. Which two features must be configured to allow for this? (Choose two.)

Options:

A.  

hotspot guest portal

B.  

device registration WebAuth

C.  

central WebAuth

D.  

local WebAuth

E.  

self-registered guest portal

Discussion 0
Question # 32

When configuring an authorization policy, an administrator cannot see specific Active Directory groups present in their domain to be used as a policy condition. However, other groups that are in the same domain are seen What is causing this issue?

Options:

A.  

Cisco ISE only sees the built-in groups, not user created ones

B.  

The groups are present but need to be manually typed as conditions

C.  

Cisco ISE's connection to the AD join point is failing

D.  

The groups are not added to Cisco ISE under the AD join point

Discussion 0
Question # 33

What is a characteristic of the UDP protocol?

Options:

A.  

UDP can detect when a server is down.

B.  

UDP offers best-effort delivery

C.  

UDP can detect when a server is slow

D.  

UDP offers information about a non-existent server

Discussion 0
Question # 34

A network engineer is configuring guest access and notices that when a guest user registers a second device for access, the first device loses access What must be done to ensure that both devices for a particular user are able to access the guest network simultaneously?

Options:

A.  

Configure the sponsor group to increase the number of logins.

B.  

Use a custom portal to increase the number of logins

C.  

Modify the guest type to increase the number of maximum devices

D.  

Create an Adaptive Network Control policy to increase the number of devices

Discussion 0
Question # 35

A network administrator is configuring client provisioning resource policies for client machines and must ensure that an agent pop-up is presented to the client when attempting to connect to the network Which configuration item needs to be added to allow for this'?

Options:

A.  

the client provisioning URL in the authorization policy

B.  

a temporal agent that gets installed onto the system

C.  

a remote posture agent proxying the network connection

D.  

an API connection back to the client

Discussion 0
Get 300-715 dumps and pass your exam in 24 hours!

Free Exams Sample Questions