March Sale - Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpm65

300-715 Implementing and Configuring Cisco Identity Services Engine (SISE) v4.0 (300-715 SISE) Questions and Answers

Questions 4

When setting up profiling in an environment using Cisco ISE for network access control, an organization must use non-proprietary protocols for collecting the information at layer 2. Which two probes will provide this information without forwarding SPAN packets to Cisco ISE? {Choose two.)

Options:

A.

DHCP SPAN probe

B.

SNMP query probe

C.

NetFlow probe

D.

RADIUS probe

E.

DNS probe

Buy Now
Questions 5

A network administrator is setting up wireless guest access and has been unsuccessful in testing client access. The endpoint is able to connect to the SSID but is unable to grant access to the guest network through the guest portal. What must be done to identify the problem?

Options:

A.

Use context visibility to verify posture status.

B.

Use the endpoint ID to execute a session trace.

C.

Use the identity group to validate the authorization rules.

D.

Use traceroute to ensure connectivity.

Buy Now
Questions 6

An engineer is working with a distributed deployment of Cisco ISE and needs to configure various network probes to collect a set of attributes from the used to accomplish this task?

Options:

A.

policy service

B.

monitoring

C.

pxGrid

D.

primary policy administrator

Buy Now
Questions 7

What is a valid guest portal type?

Options:

A.

Sponsored-Guest

B.

My Devices

C.

Sponsor

D.

Captive-Guest

Buy Now
Questions 8

An administrator is configuring a new profiling policy in Cisco ISE for a printer type that is missing from the profiler feed The logical profile Printers must be used in the authorization rule and the rule must be hit. What must be done to ensure that this configuration will be successful^

Options:

A.

Create a new logical profile for the new printer policy

B.

Enable the EndPoints:EndPointPolicy condition in the authorization policy.

C.

Add the new profiling policy to the logical profile Printers.

D.

Modify the profiler conditions to ensure that it goes into the correct logical profile

Buy Now
Questions 9

In a Cisco ISE split deployment model, which load is split between the nodes?

Options:

A.

AAA

B.

network admission

C.

log collection

D.

device admission

Buy Now
Questions 10

A network administrator is configuring a secondary cisco ISE node from the backup configuration of the primary cisco ISE node to create a high availability pair The Cisco ISE CA certificates and keys must be manually backed up from the primary Cisco ISE and copied into the secondary Cisco ISE Which command most be issued for this to work?

Options:

A.

copy certificate Ise

B.

application configure Ise

C.

certificate configure Ise

D.

Import certificate Ise

Buy Now
Questions 11

An administrator wants to configure network device administration and is trying to decide whether to use TACACS* or RADIUS. A reliable protocol must be used that can check command authorization Which protocol meets these requirements and why?

Options:

A.

TACACS+ because it runs over TCP

B.

RADIUS because it runs over UDP

C.

RADIUS because it runs over TCP.

D.

TACACS+ because it runs over UDP

Buy Now
Questions 12

An engineer is using the low-impact mode for a phased deployment of Cisco ISE and is trying to connect to the network prior to authentication. Which access will be denied in this?

Options:

A.

HTTP

B.

DNS

C.

EAP

D.

DHCP

Buy Now
Questions 13

A network administrator must configure Cisco SE Personas in the company to share session information via syslog. Which Cisco ISE personas must be added to syslog receivers to accomplish this goal?

Options:

A.

pxGrid

B.

admin

C.

policy services

D.

monitor

Buy Now
Questions 14

Which Cisco ISE solution ensures endpoints have the latest version of antivirus updates installed before being allowed access to the corporate network?

Options:

A.

Threat Services

B.

Profiling Services

C.

Provisioning Services

D.

Posture Services

Buy Now
Questions 15

Which type of identity store allows for creating single-use access credentials in Cisco ISE?

Options:

A.

OpenLDAP

B.

Local

C.

PKI

D.

RSA SecurID

Buy Now
Questions 16

What is a method for transporting security group tags throughout the network?

Options:

A.

by enabling 802.1AE on every network device

B.

by the Security Group Tag Exchange Protocol

C.

by embedding the security group tag in the IP header

D.

by embedding the security group tag in the 802.1Q header

Buy Now
Questions 17

An administrator has added a new Cisco ISE PSN to their distributed deployment. Which two features must the administrator enable to accept authentication requests and profile the endpoints correctly, and add them to their respective endpoint identity groups? (Choose two )

Options:

A.

Session Services

B.

Endpoint Attribute Filter

C.

Posture Services

D.

Profiling Services

E.

Radius Service

Buy Now
Questions 18

An administrator is adding a switch to a network that is running Cisco ISE and is only for IP Phones The phones do not have the ability to authenticate via 802 1X Which command is needed on each switch port for authentication?

Options:

A.

dot1x system-auth-control

B.

enable bypass-mac

C.

enable network-authentication

D.

mab

Buy Now
Questions 19

An engineer is configuring ISE for network device administration and has devices that support both protocols. What are two benefits of choosing TACACS+ over RADUs for these devices? (Choose two.)

Options:

A.

TACACS+ is FIPS compliant while RADIUS is not

B.

TACACS+ is designed for network access control while RADIUS is designed for role-based access.

C.

TACACS+ uses secure EAP-TLS while RADIUS does not.

D.

TACACS+ provides the ability to authorize specific commands while RADIUS does not

E.

TACACS+ encrypts the entire payload being sent while RADIUS only encrypts the password.

Buy Now
Questions 20

A laptop was stolen and a network engineer added it to the block list endpoint identity group What must be done on a new Cisco ISE deployment to redirect the laptop and restrict access?

Options:

A.

Select DenyAccess within the authorization policy.

B.

Ensure that access to port 8443 is allowed within the ACL.

C.

Ensure that access to port 8444 is allowed within the ACL.

D.

Select DROP under If Auth fail within the authentication policy.

Buy Now
Questions 21

Refer to the exhibit.

300-715 Question 21

An engineer is configuring a client but cannot authenticate to Cisco ISE During troubleshooting, the show authentication sessions command was issued to display the authentication status of each port Which command gives additional information to help identify the problem with the authentication?

Options:

A.

show authentication sessions

B.

show authentication sessions Interface Gil/0/1 output

C.

show authentication sessions interface Gi1/0/1 details

D.

show authentication sessions output

Buy Now
Questions 22

Which Cisco ISE service allows an engineer to check the compliance of endpoints before connecting to the network?

Options:

A.

personas

B.

qualys

C.

nexpose

D.

posture

Buy Now
Questions 23

An administrator is configuring the Native Supplicant Profile to be used with the Cisco ISE posture agents and needs to test the connection using wired devices to determine which profile settings are available. Which two configuration settings should be used to accomplish this task? (Choose two.)

Options:

A.

authentication mode

B.

proxy host/IP

C.

certificate template

D.

security

E.

allowed protocol

Buy Now
Questions 24

An administrator enables the profiling service for Cisco ISE to use for authorization policies while in closed mode. When the endpoints connect, they receive limited access so that the profiling probes can gather information and Cisco ISE can assign the correct profiles. They are using the default values within Cisco ISE. but the devices do not change their access due to the new profile. What is the problem'?

Options:

A.

In closed mode, profiling does not work unless CDP is enabled.

B.

The profiling probes are not able to collect enough information to change the device profile

C.

The profiler feed is not downloading new information so the profiler is inactive

D.

The default profiler configuration is set to No CoA for the reauthentication setting

Buy Now
Questions 25

An organization is adding new profiling probes to the system to improve profiling on Oseo ISE The probes must support a common network management protocol to receive information about the endpoints and the ports to which they are connected What must be configured on the network device to accomplish this goal?

Options:

A.

ARP

B.

SNMP

C.

WCCP

D.

ICMP

Buy Now
Questions 26

What is a function of client provisioning?

Options:

A.

It ensures an application process is running on the endpoint.

B.

It checks a dictionary' attribute with a value.

C.

It ensures that endpoints receive the appropriate posture agents

D.

It checks the existence date and versions of the file on a client.

Buy Now
Questions 27

An administrator is trying to collect metadata information about the traffic going across the network to gam added visibility into the hosts. This Information will be used to create profiling policies for devices us mg Cisco ISE so that network access policies can be used What must be done to accomplish this task?

Options:

A.

Configure the RADIUS profiling probe within Cisco ISE

B.

Configure NetFlow to be sent to me Cisco ISE appliance.

C.

Configure SNMP to be used with the Cisco ISE appliance

D.

Configure the DHCP probe within Cisco ISE

Buy Now
Questions 28

An administrator is configuring a new profiling policy within Cisco ISE The organization has several endpoints that are the same device type and all have the same Block ID in their MAC address. The profiler does not currently have a profiling policy created to categorize these endpoints. therefore a custom profiling policy must be created Which condition must the administrator use in order to properly profile an ACME Al Connector endpoint for network access with MAC address ?

Options:

A.

MAC_OUI_STARTSWITH_

B.

CDP_cdpCacheDevicelD_CONTAINS_

C.

MAC_MACAddress_CONTAINS_

D.

Radius Called Station-ID STARTSWITH

Buy Now
Questions 29

300-715 Question 29

Refer to the exhibit Which component must be configured to apply the SGACL?

Options:

A.

egress router

B.

host

C.

secure server

D.

ingress router

Buy Now
Questions 30

Which RADIUS attribute is used to dynamically assign the Inactivity active timer for MAB users from the Cisco ISE node?

Options:

A.

session timeout

B.

idle timeout

C.

radius-server timeout

D.

termination-action

Buy Now
Questions 31

An engineer needs to configure a Cisco ISE server to issue a CoA for endpoints already authenticated to access the network. The CoA option must be enforced on a session, even if there are multiple active sessions on a port. What must be configured to accomplish this task?

Options:

A.

the Reauth CoA option in the Cisco ISE system profiling settings enabled

B.

an endpoint profiling policy with the No CoA option enabled

C.

an endpoint profiling policy with the Port Bounce CoA option enabled

D.

the Port Bounce CoA option in the Cisco ISE system profiling settings enabled

Buy Now
Questions 32

An adminístrator is migrating device administration access to Cisco ISE from the legacy TACACS+ solution that used only privilege 1 and 15 access levels. The organization requires more granular controls of the privileges and wants to customize access levels 2-5 to correspond with different roles and access needs. Besides defining a new shell profile in Cisco ISE. what must be done to accomplish this configuration?

Options:

A.

Enable the privilege levels in Cisco ISE

B.

Enable the privilege levels in the IOS devices.

C.

Define the command privileges for levels 2-5 in the IOS devices

D.

Define the command privileges for levels 2-5 in Cisco ISE

Buy Now
Questions 33

Which command displays all 802 1X/MAB sessions that are active on the switch ports of a Cisco Catalyst switch?

Options:

A.

show authentication sessions output

B.

Show authentication sessions

C.

show authentication sessions interface Gi 1/0/x

D.

show authentication sessions interface Gi1/0/x output

Buy Now
Questions 34

What is needed to configure wireless guest access on the network?

Options:

A.

endpoint already profiled in ISE

B.

WEBAUTH ACL for redirection

C.

valid user account in Active Directory

D.

Captive Portal Bypass turned on

Buy Now
Questions 35

A network security engineer needs to configure 802.1X port authentication to allow a single host to be authenticated for data and another single host to be authenticated for voice. Which command should the engineer run on the interface to accomplish this goal?

Options:

A.

authentication host-mode single-host

B.

authentication host-mode multi-auth

C.

authentication host-mode multi-host

D.

authentication host-mode multi-domain

Buy Now
Exam Code: 300-715
Exam Name: Implementing and Configuring Cisco Identity Services Engine (SISE) v4.0 (300-715 SISE)
Last Update: Mar 22, 2024
Questions: 243

PDF + Testing Engine

$82.25  $234.99

Testing Engine

$63  $179.99
buy now 300-715 testing engine

PDF (Q&A)

$55.65  $158.99
buy now 300-715 pdf
dumpsmate guaranteed to pass
24/7 Customer Support

DumpsMate's team of experts is always available to respond your queries on exam preparation. Get professional answers on any topic of the certification syllabus. Our experts will thoroughly satisfy you.

Site Secure

mcafee secure

TESTED 28 Mar 2024