• Home
  • Articles
  • 300-715 Practice Dumps - Verified By ExamsLabs Updated 153 Questions [Q75-Q98]

300-715 Practice Dumps - Verified By ExamsLabs Updated 153 Questions [Q75-Q98]

Share

300-715 Practice Dumps - Verified By ExamsLabs Updated 153 Questions

Updated 300-715  Exam Dumps - PDF Questions and Testing Engine

NEW QUESTION 75
Which two roles are taken on by the administration person within a Cisco ISE distributed environment? (Choose two.)

  • A. backup
  • B. active
  • C. primary
  • D. standby
  • E. secondary

Answer: C,E

 

NEW QUESTION 76
An organization is hosting a conference and must make guest accounts for several of the speakers attending.
The conference ended two days early but the guest accounts are still being used to access the network. What must be configured to correct this?

  • A. Create an authorization rule denying guest access.
  • B. Create an authorization rule denying sponsored guest access.
  • C. Navigate to the Guest Portal and delete the guest accounts.
  • D. Navigate to the Sponsor Portal and suspend the guest accounts.

Answer: D

 

NEW QUESTION 77
What does MAB stand for?

  • A. MAC Authentication Bypass
  • B. MAC Address Binding
  • C. MAC Authorization Binding
  • D. MAC Authorization Bypass

Answer: A

 

NEW QUESTION 78
An engineer is implementing Cisco ISE and needs to configure 802.1X. The port settings are configured for port-based authentication. Which command should be used to complete this configuration?

  • A. dot1x system-auth-control
  • B. dot1x pae authenticator
  • C. aaa authentication dot1x default group radius
  • D. authentication port-control auto

Answer: A

 

NEW QUESTION 79
Which Cisco ISE service allows an engineer to check the compliance of endpoints before connecting to the network?

  • A. nexpose
  • B. posture
  • C. personas
  • D. qualys

Answer: B

Explanation:
Reference:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_010110.html Posture is a service in Cisco Identity Services Engine (Cisco ISE) that allows you to check the state, also known as posture, of all the endpoints that are connecting to a network for compliance with corporate security policies. This allows you to control clients to access protected areas of a network.

 

NEW QUESTION 80
Which two components are required for creating a Native Supplicant Profile within a BYOD flow? (Choose two )

  • A. Redirect ACL
  • B. Windows Settings
  • C. Connection Type
  • D. Operating System
  • E. iOS Settings

Answer: D,E

 

NEW QUESTION 81
An engineer is testing Cisco ISE policies in a lab environment with no support for a deployment server. In order to push supplicant profiles to the workstations for testing, firewall ports will need to be opened. From which Cisco ISE persona should this traffic be originating?

  • A. policy service
  • B. administration
  • C. monitoring
  • D. authentication

Answer: A

 

NEW QUESTION 82
Which two default endpoint identity groups does Cisco ISE create? (Choose two )

  • A. allow list
  • B. unknown
  • C. endpoint
  • D. profiled
  • E. block list

Answer: B,D

Explanation:
Explanation
https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide Default Endpoint Identity Groups Created for EndpointsCisco ISE creates the following five endpoint identity groups by default: Blacklist, GuestEndpoints, Profiled, RegisteredDevices, and Unknown. In addition, it creates two more identity groups, such as Cisco-IP-Phone and Workstation, which are associated to the Profiled (parent) identity group. A parent group is the default identity group that exists in the system.
Cisco ISE creates the following endpoint identity groups:
* Blacklist-This endpoint identity group includes endpoints that are statically assigned to this group in Cisco ISE and endpoints that are block listed in the device registration portal. An authorization profile can be defined in Cisco ISE to permit, or deny network access to endpoints in this group.
* GuestEndpoints-This endpoint identity group includes endpoints that are used by guest users.
* Profiled-This endpoint identity group includes endpoints that match endpoint profiling policies except Cisco IP phones and workstations in Cisco ISE.
* RegisteredDevices-This endpoint identity group includes endpoints, which are registered devices that are added by an employee through the devices registration portal. The profiling service continues to profile these devices normally when they are assigned to this group. Endpoints are statically assigned to this group in Cisco ISE, and the profiling service cannot reassign them to any other identity group.
These devices will appear like any other endpoint in the endpoints list. You can edit, delete, and block these devices that you added through the device registration portal from the endpoints list in the Endpoints page in Cisco ISE. Devices that you have blocked in the device registration portal are assigned to the Blacklist endpoint identity group, and an authorization profile that exists in Cisco ISE
* redirects blocked devices to a URL, which displays "Unauthorised Network Access", a default portal page to the blocked devices.
* Unknown-This endpoint identity group includes endpoints that do not match any profile in Cisco ISE.
In addition to the above system created endpoint identity groups, Cisco ISE creates the following endpoint identity groups, which are associated to the Profiled identity group:
* Cisco-IP-Phone-An identity group that contains all the profiled Cisco IP phones on your network.
* Workstation-An identity group that contains all the profiled workstations on your network.

 

NEW QUESTION 83
An engineer is configuring a dedicated SSID for onboarding devices. Which SSID type accomplishes this configuration?

  • A. guest
  • B. broadcast
  • C. hidden
  • D. dual

Answer: A

 

NEW QUESTION 84
Refer to the exhibit.

An organization recently implemented network device administration using Cisco ISE. Upon testing the ability to access all of the required devices, a user in the Cisco ISE group IT Admins is attempting to login to a device in their organization's finance department but is unable to. What is the problem?

  • A. The authorization policy doesn't correctly grant them access to the finance devices.
  • B. The IT training rule is taking precedence over the IT Admins rule.
  • C. The authorization conditions wrongly allow IT Admins group no access to finance devices.
  • D. The finance location is not a condition in the policy set.

Answer: A

 

NEW QUESTION 85
What does the dot1x system-auth-control command do?

  • A. causes a network access switch not to track 802.1x sessions
  • B. enables 802.1x on a network access device interface
  • C. globally enables 802.1x
  • D. causes a network access switch to track 802.1x sessions

Answer: C

Explanation:
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/XE3-8-0E/15-
24E/configuration/guide/xe-380-configuration/dot1x.html

 

NEW QUESTION 86
Refer to the exhibit.

An organization recently implemented network device administration using Cisco ISE. Upon testing the ability to access all of the required devices, a user in the Cisco ISE group IT Admins is attempting to login to a device in their organization's finance department but is unable to. What is the problem?

  • A. The finance location is not a condition in the policy set.
  • B. The authorization policy doesn't correctly grant them access to the finance devices.
  • C. The IT training rule is taking precedence over the IT Admins rule.
  • D. The authorization conditions wrongly allow IT Admins group no access to finance devices.

Answer: A

 

NEW QUESTION 87
A network administrator must configura endpoints using an 802 1X authentication method with EAP identity certificates that are provided by the Cisco ISE When the endpoint presents the identity certificate to Cisco ISE to validate the certificate, endpoints must be authorized to connect to the network Which EAP type must be configured by the network administrator to complete this task?

  • A. EAP-TLS
  • B. EAP-FAST
  • C. EAP-PEAP-MSCHAPv2
  • D. EAP-TTLS

Answer: B

 

NEW QUESTION 88
What is the condition that a Cisco ISE authorization policy cannot match?

  • A. time
  • B. device type
  • C. posture
  • D. custom
  • E. company contact

Answer: D

 

NEW QUESTION 89
An organization is hosting a conference and must make guest accounts for several of the speakers attending. The conference ended two days early but the guest accounts are still being used to access the network. What must be configured to correct this?

  • A. Navigate to the Sponsor Portal and suspend the guest accounts.
  • B. Create an authorization rule denying sponsored guest access.
  • C. Navigate to the Guest Portal and delete the guest accounts.
  • D. Create an authorization rule denying guest access.

Answer: D

 

NEW QUESTION 90
Which supplicant(s) and server(s) are capable of supporting EAR-CHAINING?

  • A. Windows Native Supplicant and Cisco Identity Service Engine
  • B. Cisco AnyConnect NAM and Cisco Identity Service Engine
  • C. Cisco AnyConnect NAM and Cisco Access Control Server
  • D. Cisco Secure Services Client and Cisco Access Control Server

Answer: B

 

NEW QUESTION 91
What occurs when a Cisco ISE distributed deployment has two nodes and the secondary node is deregistered?

  • A. The primary node becomes standalone
  • B. The secondary node restarts.
  • C. The primary node restarts
  • D. Both nodes restart.

Answer: D

Explanation:
https://www.cisco.com/c/en/us/td/docs/security/ise/1-1-1/installation_guide/ise_install_guide/ise_deploy.html if your deployment has two nodes and you deregister the secondary node, both nodes in this primary-secondary pair are restarted. (The former primary and secondary nodes become standalone.)

 

NEW QUESTION 92
An administrator is configuring RADIUS on a Cisco switch with a key set to Cisc403012128 but is receiving the error "Authentication failed: 22040 Wrong password or invalid shared secret. "what must be done to address this issue?

  • A. Configure the key on the Cisco ISE instead of the Cisco switch.
  • B. Add the network device as a NAD inside Cisco ISE using the existing key.
  • C. Use a key that is between eight and ten characters.
  • D. Validate that the key is correct on both the Cisco switch as well as Cisco ISE.

Answer: B

 

NEW QUESTION 93
Which default endpoint identity group does an endpoint that does not match any profile in Cisco ISE become a member of?

  • A. Endpoint
  • B. blacklist
  • C. white list
  • D. unknown
  • E. profiled

Answer: D

Explanation:
Explanation
If you do not have a matching profiling policy, you can assign an unknown profiling policy. The endpoint is therefore profiled as Unknown. The endpoint that does not match any profile is grouped within the Unknown identity group. The endpoint profiled to the Unknown profile requires that you create a profile with an attribute or a set of attributes collected for that endpoint.
https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_man_identities.html

 

NEW QUESTION 94
What does the dot1x system-auth-control command do?

  • A. causes a network access switch not to track 802.1x sessions
  • B. enables 802.1x on a network access device interface
  • C. globally enables 802.1x
  • D. causes a network access switch to track 802.1x sessions

Answer: C

Explanation:
Reference:
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/XE3-8-0E/15-24E/configuration/guide/xe-380-configuration/dot1x.html

 

NEW QUESTION 95
Which personas can a Cisco ISE node assume?

  • A. administration, policy service, and monitoring
  • B. administration, monitoring, and gatekeeping
  • C. policy service, gatekeeping, and monitonng
  • D. administration, policy service, gatekeeping

Answer: A

Explanation:
https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_dis_deploy.html The persona or personas of a node determine the services provided by a node. An ISE node can assume any or all of the following personas: Administration, Policy Service, and Monitoring. The menu options that are available through the administrative user interface are dependent on the role and personas that an ISE node assumes. See Cisco ISE Nodes and Available Menu Options for more information.

 

NEW QUESTION 96
An engineer is designing a BYOD environment utilizing Cisco ISE for devices that do not support native supplicants Which portal must the security engineer configure to accomplish this task?

  • A. MDM
  • B. My devices
  • C. BYOD
  • D. Client provisioning

Answer: B

Explanation:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/admin_guide/b_ise_admin_guide_22/b_ise_admin_guide_22_chapter_01111.html

 

NEW QUESTION 97
Drag and Drop Question
Drag the steps to configure a Cisco ISE node as a primary administration node from the left into the correct order on the night.

Answer:

Explanation:

Explanation:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-
4/admin_guide/b_ise_admin_guide_24/b_ise_admin_guide_24_new_chapter_011.html Step 1 Choose Administration > System > Deployment.
The Register button will be disabled initially. To enable this button, you must configure a Primary PAN.
Step 2
Check the check box next to the current node, and click Edit.
Step 3
Click Make Primary to configure your Primary PAN.
Step 4
Enter data on the General Settings tab.
Step 5
Click Save to save the node configuration.

 

NEW QUESTION 98
......

New (2021) Cisco 300-715  Exam Dumps: https://certificationsdesk.examslabs.com/Cisco/CCNPSecurity/best-300-715-exam-dumps.html

Related Articles

more
Cisco 300-715 Certification Practice Exam