Weekend Special Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

Activedumpsnet Logo
  1. Home
  2. Cisco
  3. CCNP Security
  4. 300-715
  5. 300-715 - Implementing and Configuring Cisco Identity Services Engine (SISE) v4.0 (300-715 SISE)

Cisco 300-715 Implementing and Configuring Cisco Identity Services Engine (SISE) v4.0 (300-715 SISE) Exam Practice Test

Page: 1 / 24
Total 243 questions
Get 300-715 Full Access Download 300-715 PDF

Implementing and Configuring Cisco Identity Services Engine (SISE) v4.0 (300-715 SISE) Questions and Answers

Question 1

Which default endpoint identity group does an endpoint that does not match any profile in Cisco ISE become a member of?

Options:

A.

Endpoint

B.

unknown

C.

blacklist

D.

white list

E.

profiled

Question 2

A network engineer is configuring guest access and notices that when a guest user registers a second device for access, the first device loses access What must be done to ensure that both devices for a particular user are able to access the guest network simultaneously?

Options:

A.

Configure the sponsor group to increase the number of logins.

B.

Use a custom portal to increase the number of logins

C.

Modify the guest type to increase the number of maximum devices

D.

Create an Adaptive Network Control policy to increase the number of devices

Question 3

Question # 3

Refer to the exhibit Which component must be configured to apply the SGACL?

Options:

A.

egress router

B.

host

C.

secure server

D.

ingress router

Question 4

Which two roles are taken on by the administration person within a Cisco ISE distributed environment? (Choose two.)

Options:

A.

backup

B.

secondary

C.

standby

D.

primary

E.

active

Question 5

During BYOD flow, from where does a Microsoft Windows PC download the Network Setup Assistant?

Options:

A.

Cisco App Store

B.

Microsoft App Store

C.

Cisco ISE directly

D.

Native OTA functionality

Question 6

While configuring Cisco TrustSec on Cisco IOS devices the engineer must set the CTS device ID and password in order for the devices to authenticate with each other. However after this is complete the devices are not able to property authenticate What issue would cause this to happen even if the device ID and passwords are correct?

Options:

A.

The device aliases are not matching

B.

The 5GT mappings have not been defined

C.

The devices are missing the configuration cts credentials trustsec verify 1

D.

EAP-FAST is not enabled

Question 7

An administrator is configuring TACACS+ on a Cisco switch but cannot authenticate users with Cisco ISE. The configuration contains the correct key of Cisc039712287. but the switch is not receiving a response from the Cisco ISE instance What must be done to validate the AAA configuration and identify the problem with the TACACS+ servers?

Options:

A.

Check for server reachability using the test aaa group tacacs+ admin legacy command.

B.

Test the user account on the server using the test aaa group radius server CUCS user admin pass legacy command.

C.

Validate that the key value is correct using the test aaa authentication admin legacy command.

D.

Confirm the authorization policies are correct using the test aaa authorization admin drop legacy command.

Question 8

Drag the steps to configure a Cisco ISE node as a primary administration node from the left into the correct order on the night.

Question # 8

Options:

Question 9

In a Cisco ISE split deployment model, which load is split between the nodes?

Options:

A.

AAA

B.

network admission

C.

log collection

D.

device admission

Question 10

Drag and drop the configuration steps from the left into the sequence on the right to install two Cisco ISE nodes in a distributed deployment.

Question # 10

Options:

Question 11

Which two fields are available when creating an endpoint on the context visibility page of Cisco IS? (Choose two)

Options:

A.

Policy Assignment

B.

Endpoint Family

C.

Identity Group Assignment

D.

Security Group Tag

E.

IP Address

Question 12

Which port does Cisco ISE use for native supplicant provisioning of a Windows laptop?

Options:

A.

TCP 8909

B.

TCP 8905

C.

UDP 1812

D.

TCP 443

Question 13

Which two external identity stores support EAP-TLS and PEAP-TLS? (Choose two.)

Options:

A.

Active Directory

B.

RADIUS Token

C.

Internal Database

D.

RSA SecurlD

E.

LDAP

Question 14

What is a function of client provisioning?

Options:

A.

It ensures an application process is running on the endpoint.

B.

It checks a dictionary' attribute with a value.

C.

It ensures that endpoints receive the appropriate posture agents

D.

It checks the existence date and versions of the file on a client.

Question 15

An engineer is implementing Cisco ISE and needs to configure 802.1X. The port settings are configured for port-based authentication. Which command should be used to complete this configuration?

Options:

A.

dot1x pae authenticator

B.

dot1x system-auth-control

C.

authentication port-control auto

D.

aaa authentication dot1x default group radius

Question 16

Which RADIUS attribute is used to dynamically assign the inactivity active timer for MAB users from the Cisco ISE node'?

Options:

A.

radius-server timeout

B.

session-timeout

C.

idle-timeout

D.

termination-action

Question 17

Which two features are available when the primary admin node is down and the secondary admin node has not been promoted? (Choose two.)

Options:

A.

hotspot

B.

new AD user 802 1X authentication

C.

posture

D.

BYOD

E.

guest AUP

Question 18

A network administrator must use Cisco ISE to check whether endpoints have the correct version of antivirus installed Which action must be taken to allow this capability?

Options:

A.

Configure a native supplicant profile to be used for checking the antivirus version

B.

Configure Cisco ISE to push the HostScan package to the endpoints to check for the antivirus version.

C.

Create a Cisco AnyConnect Network Visibility Module configuration profile to send the antivirus information of the endpoints to Cisco ISE.

D.

Create a Cisco AnyConnect configuration within Cisco ISE for the Compliance Module and associated configuration files

Question 19

Which command displays all 802 1X/MAB sessions that are active on the switch ports of a Cisco Catalyst switch?

Options:

A.

show authentication sessions output

B.

Show authentication sessions

C.

show authentication sessions interface Gi 1/0/x

D.

show authentication sessions interface Gi1/0/x output

Question 20

Which three default endpoint identity groups does cisco ISE create? (Choose three)

Options:

A.

Unknown

B.

whitelist

C.

end point

D.

profiled

E.

blacklist

Question 21

Which interface-level command is needed to turn on 802 1X authentication?

Options:

A.

Dofl1x pae authenticator

B.

dot1x system-auth-control

C.

authentication host-mode single-host

D.

aaa server radius dynamic-author

Question 22

An engineer is configuring Cisco ISE for guest services They would like to have any unregistered guests redirected to the guest portal for authentication then have a CoA provide them with full access to the network that is segmented via firewalls Why is the given configuration failing to accomplish this goal?

Options:

A.

The Guest Flow condition is not in the line that gives access to the quest portal

B.

The Network_Access_Authentication_Passed condition will not work with guest services for portal access.

C.

The Permit Access result is not set to restricted access in its policy line

D.

The Guest Portal and Guest Access policy lines are in the wrong order

Question 23

What is the maximum number of PSN nodes supported in a medium-sized deployment?

Options:

A.

three

B.

five

C.

two

D.

eight

Question 24

An organization is migrating its current guest network to Cisco ISE and has 1000 guest users in the current database There are no resources to enter this information into the Cisco ISE database manually. What must be done to accomplish this task effciently?

Options:

A.

Use a CSV file to import the guest accounts

B.

Use SOL to link me existing database to Ctsco ISE

C.

Use a JSON fie to automate the migration of guest accounts

D.

Use an XML file to change the existing format to match that of Cisco ISE

Question 25

An administrator connects an HP printer to a dot1x enable port, but the printer in not accessible Which feature must the administrator enable to access the printer?

Options:

A.

MAC authentication bypass

B.

change of authorization

C.

TACACS authentication

D.

RADIUS authentication

Question 26

Which two probes must be enabled for the ARP cache to function in the Cisco ISE profile service so that a user can reliably bind the IP address and MAC addresses of endpoints? (Choose two.)

Options:

A.

NetFlow

B.

SNMP

C.

HTTP

D.

DHCP

E.

RADIUS

Question 27

An engineer is configuring a guest password policy and needs to ensure that the password complexity requirements are set to mitigate brute force attacks. Which two requirement complete this policy? (Choose two)

Options:

A.

minimum password length

B.

active username limit

C.

access code control

D.

gpassword expiration period

E.

username expiration date

Question 28

An engineer is using the low-impact mode for a phased deployment of Cisco ISE and is trying to connect to the network prior to authentication. Which access will be denied in this?

Options:

A.

HTTP

B.

DNS

C.

EAP

D.

DHCP

Question 29

An engineer must configure Cisco ISE to provide internet access for guests in which guests are required to enter a code to gain network access. Which action accomplishes the goal?

Options:

A.

Configure the hotspot portal for guest access and require an access code.

B.

Configure the sponsor portal with a single account and use the access code as the password.

C.

Configure the self-registered guest portal to allow guests to create a personal access code.

D.

Create a BYOD policy that bypasses the authentication of the user and authorizes access codes.

Question 30

An engineer wants to learn more about Cisco ISE and deployed a new lab with two nodes. Which two persona configurations allow the engineer to successfully test redundancy of a failed node? (Choose two.)

Options:

A.

Configure one of the Cisco ISE nodes as the Health Check node.

B.

Configure both nodes with the PAN and MnT personas only.

C.

Configure one of the Cisco ISE nodes as the primary PAN and MnT personas and the other as the secondary.

D.

Configure both nodes with the PAN, MnT, and PSN personas.

E.

Configure one of the Cisco ISE nodes as the primary PAN and PSN personas and the other as the secondary.

Question 31

An administrator is trying to collect metadata information about the traffic going across the network to gam added visibility into the hosts. This Information will be used to create profiling policies for devices us mg Cisco ISE so that network access policies can be used What must be done to accomplish this task?

Options:

A.

Configure the RADIUS profiling probe within Cisco ISE

B.

Configure NetFlow to be sent to me Cisco ISE appliance.

C.

Configure SNMP to be used with the Cisco ISE appliance

D.

Configure the DHCP probe within Cisco ISE

Question 32

An adminístrator is migrating device administration access to Cisco ISE from the legacy TACACS+ solution that used only privilege 1 and 15 access levels. The organization requires more granular controls of the privileges and wants to customize access levels 2-5 to correspond with different roles and access needs. Besides defining a new shell profile in Cisco ISE. what must be done to accomplish this configuration?

Options:

A.

Enable the privilege levels in Cisco ISE

B.

Enable the privilege levels in the IOS devices.

C.

Define the command privileges for levels 2-5 in the IOS devices

D.

Define the command privileges for levels 2-5 in Cisco ISE

Question 33

A security administrator is using Cisco ISE to create a BYOD onboarding solution for all employees who use personal devices on the corporate network. The administrator generates a Certificate Signing Request and signs the request using an external Certificate Authority server. Which certificate usage option must be selected when importing the certificate into ISE?

Options:

A.

RADIUS

B.

DLTS

C.

Portal

D.

Admin

Question 34

An administrator needs to give the same level of access to the network devices when users are logging into them using TACACS+ However, the administrator must restrict certain commands based on one of three user roles that require different commands How is this accomplished without creating too many objects using Cisco ISE?

Options:

A.

Create one shell profile and multiple command sets.

B.

Create multiple shell profiles and multiple command sets.

C.

Create one shell profile and one command set.

D.

Create multiple shell profiles and one command set

Question 35

An engineer is configuring sponsored guest access and needs to limit each sponsored guest to a maximum of two devices. There are other guest services in production that rely on the default guest types. How should this configuration change be made without disrupting the other guest services currently offering three or more guest devices per user?

Options:

A.

Create an ISE identity group to add users to and limit the number of logins via the group configuration.

B.

Create a new guest type and set the maximum number of devices sponsored guests can register

C.

Create an LDAP login for each guest and tag that in the guest portal for authentication.

D.

Create a new sponsor group and adjust the settings to limit the devices for each guest.

Load More 300-715 Questions 
Page: 1 / 24
Total 243 questions
Get 300-715 Full Access Download 300-715 PDF