Test 300-715
Question 1:The 300 GB OVA templates for VMs are sufficient for which two dedicated Cisco ISE node types? (Choose two.)
A.
Administration
B.
Log Collector
C.
pxGrid
D.
Policy Service
E.
Monitoring
Question 2:
Which file setup method is supported by ZTP on physical appliances?
A.
cfg
B.
iso
C.
img
D.
ova
Question 3:
What is a characteristic of the UDP protocol?
A.
UDP can detect when a server is down.
B.
UDP can detect when a server is slow.
C.
UDP offers best-effort delivery.
D.
UDP offers information about a non-existent server.
Question 4:
An administrator is configuring Cisco ISE to authenticate users logging into network devices using TACACS+. The administrator is not seeing any of the authentication in the TACACS+ live logs.
Which action ensures the users are able to log into the network devices?
A.
Enable the device administration service in the PSN persona.
B.
Enable the device administration service in the Administration persona.
C.
Enable the session services in the Administration persona.
D.
Enable the service sessions in the PSN persona.
Question 5:
An engineer is working with a distributed deployment of Cisco ISE and needs to configure various network probes to collect a set of attributes from the endpoints on the network.
Which node should be used to accomplish this task?
A.
policy service
B.
monitoring
C.
primary policy administrator
D.
pxGrid
Question 6:
An engineer is enabling a newly configured wireless SSID for tablets and needs visibility into which other types of devices are connecting to it. What must be done on the Cisco WLC to provide this information to Cisco ISE?
A.
enable mDNS snooping
B.
enable Fast Transition
C.
enable MAC filtering
D.
enable IP Device Tracking
Question 7:
A user is attempting to register a BYOD device to the Cisco ISE deployment, but needs to use the onboarding policy to request a digital certificate and provision the endpoint. What must be configured to accomplish this task?
A.
The BYOD flow to ensure that the endpoint will be provisioned prior to registering.
B.
The posture provisioning policy to give the endpoint all necessary components prior to registering.
C.
A native supplicant provisioning policy to redirect them to the BYOD portal for onboarding.
D.
The Cisco AnyConnect provisioning policy to provision the endpoint for onboarding.
Question 8:
Refer to the exhibit. An administrator is manually adding a device to a Cisco ISE identity group to ensure that it is able to access the network when needed without authentication. Upon testing, the administrator notices that the device never hits the correct authorization policy line using the condition EndPoints-LogicalProfile
EQUALS static_list. Why is this occurring?
A.
The dynamic logical profile is overriding the statically assigned profile.
B.
The logical profile is being statically assigned instead of the identity group.
C.
The identity group is being assigned instead of the logical profile.
D.
The device is changing identity groups after profiling instead of remaining static.
Question 9:
An engineer is configuring Cisco ISE policies to support MAB for devices that do not have 802.1X capabilities. The engineer is configuring new endpoint identity groups as conditions to be used in the AuthZ policies, but noticed that the endpoints are not hitting the correct policies. What must be done in order to get the devices into the right policies?
A.
Create an AuthZ policy to identify Unknown devices and provide partial network access prior to profiling.
B.
Add an identity policy to dynamically add the IP address of the devices to their endpoint identity groups.
C.
Identify the non 802.1X supported device types and create custom profiles for them to profile into.
D.
Manually add the MAC addresses of the devices to endpoint ID groups in the context visibility database.
Question 10:
What is the deployment mode when two Cisco ISE nodes are configured in an environment?
A.
standalone
B.
distributed
C.
standard
D.
active
Question 11:
Which two events trigger a CoA for an endpoint when CoA is enabled globally for ReAuth? (Choose two.)
A.
addition of endpoint to My Devices Portal
B.
endpoint marked as lost in My Devices Portal
C.
updating of endpoint dACL
D.
endpoint profile transition from Apple-device to Apple-iPhone
E.
endpoint profile transition from Unknown to Windows10-Workstation
Question 12:
An engineer tests Cisco ISE posture services on the network and must configure the compliance module to automatically download and install on endpoints.
Which action accomplishes this task for VPN users?
A.
Push the compliance module from Cisco FTD prior to attempting posture.
B.
Use a compound posture condition to check for the compliance module and download, if needed.
C.
Configure the compliance module to be downloaded from within the posture policy.
D.
Create a Cisco AnyConnect configuration and Client Provisioning policy within Cisco ISE.
Question 13:
A user reports that the RADIUS accounting packets are not being seen on the Cisco ISE server.
Which command is the user missing in the switch's configuration?
A.
aaa accounting resource default start-stop group radius
B.
radius-server vsa send accounting
C.
aaa accounting network default start-stop group radius
D.
aaa accounting exec default start-stop group radius
Question 14:
Users in an organization report issues about having to remember multiple usernames and passwords. The network administrator wants the existing Cisco ISE deployment to utilize an external identity source to alleviate this issue.
Which two requirements must be met to implement this change? (Choose two.)
A.
Establish access to one Global Catalog server
B.
Ensure that the NAT address is properly configured
C.
Provide domain administrator access to Active Directory
D.
Configure a secure LDAP connection
E.
Enable IPC access over port 80
Question 15:
An engineer is configuring Central Web Authentication in Cisco ISE to provide guest access. When an authentication rule is configured in the Default Policy Set for the Wired_MAB or Wireless_MAB conditions, what must be selected for the “if user not found” setting?
A.
ACCEPT
B.
DROP
C.
REJECT
D.
CONTINUE
Question 16:
An engineer is deploying Cisco ISE to use 802.1X authentication for controlling access to the company's wired network. The request from company management is to minimize the impact on users during the rollout of 802.1X on the company switches. Which mode must be used first in a phased 802.1X deployment to fulfill this request?
A.
Monitor
B.
Open
C.
Low-impact
D.
Closed
Question 17:
The IT manager wants to provide different levels of access to network devices when users authenticate using TACACS+. The company needs specific commands to be allowed based on the Active Directory group membership of the different roles within the IT department. The solution must minimize the number of objects created in Cisco ISE. What must be created to accomplish this task?
A.
one shell profile and one command set
B.
multiple shell profiles and one command set
C.
one shell profile and multiple command sets
D.
multiple shell profiles and multiple command sets
Question 18:
Which CLI command must be configured on the switchport to immediately run the MAB process if a non-802 1X capable endpoint connects to the port?
A.
authentication order mab dot1x
B.
dot1x pae authenticator
C.
authentication fallback
D.
access-session port-control auto
Question 19:
A security engineer has a new TrustSec projct and must create a few static security group tag classifications as proof of concept. Which two classifications must the engineer configure? (Choose two.)
A.
switch ID
B.
MAC address
C.
VLAN
D.
user ID
E.
interface
Question 20:
An engineer is configuring a new Cisco ISE node. The Device Admin service must run on this node to handle authentication requests for network device access via TACACS+. Which persona must be enabled on this node to perform this function?
A.
pxGrid
B.
Administration
C.
Policy Service
D.
Monitoring
Question 21:
Which Cisco ISE module contains a list of vendor names, product names, and attributes provided by OPSWAT?
A.
Compliance Module
B.
Client Provisioning Module
C.
Endpoint Security Module
D.
Posture Module
Question 22:
An administrator is configuring posture assessment in Cisco ISE for the first time. Which two components must be uploaded to Cisco ISE to use Secure Client for the agent configuration in a client provisioning policy? (Choose two.)
A.
SecureClientProtie.xsd file
B.
Secure Client compliance module
C.
Secure Client agent image
D.
SecureClientProfie.xml file
E.
Secure Client network visibility module
Question 23:
What is configured to enforce the blocklist permissions and deny access to clients in the blocklist to protect against a lost or stolen device obtaining access to the network?
A.
My Devices portal
B.
blocklist portal
C.
Authentication rule
D.
Authorization rule
Question 24:
A network engineer is configuring a portal on Cisco ISE for employees. Employees must use this portal when registering personal devices with native supplicants. For onboarding devices connected with Cisco switches and Cisco wireless LAN controllers, the internal CA must be used. Which portal type must the engineer configure?
A.
Personal Device portal
B.
Client Provisioning portal
C.
Bring Your Own Device portal
D.
My Devices portal
Question 25:
A network engineer must remove a device that has been allowlisted. How should the engineer remove it manually on Cisco ISE?
A.
Administration > Identity Management > Endpoint Identity Groups > Profiled
B.
Administration > Identity Management > Groups > Endpoint Identity Groups
C.
Administration > Identity Management > Groups > Endpoint Identity Groups > Profiled
D.
Administration > Identity Management > Endpoint Identity Groups
Question 26:
Which two values are compared by the binary comparison function in authentication that is based on Active Directory?
A.
user-presented certificate and a certificate stored in Active Directory
B.
MS-CHAPv2 provided machine credentials and credentials stored in Active Directory
C.
user-presented password hash and a hash stored in Active Directory
D.
subject alternative name and the common name
Question 27:
A network administrator has just added a front desk receptionist account to the Cisco ISE Guest Service sponsor group.
Using the Cisco ISE Guest Sponsor Portal, which guest services can the receptionist provide?
A.
Keep track of guest user activities.
B.
Create and manage guest user accounts.
C.
Configure authorization settings for guest users.
D.
Authenticate guest users to Cisco ISE.
Disclaimer:
The content on this webpage is collected from various internet sources. While we strive for accuracy, we cannot guarantee its completeness or correctness. Please use it with caution and conduct further research if needed. We do not claim ownership or copyright over any content. If you find any copyrighted material or content that violates laws, please contact us for removal. By accessing this webpage, you agree to these terms. Thank you for your understanding.
The content on this webpage is collected from various internet sources. While we strive for accuracy, we cannot guarantee its completeness or correctness. Please use it with caution and conduct further research if needed. We do not claim ownership or copyright over any content. If you find any copyrighted material or content that violates laws, please contact us for removal. By accessing this webpage, you agree to these terms. Thank you for your understanding.