New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: best70

300-715 Implementing and Configuring Cisco Identity Services Engine (SISE) v4.0 (300-715 SISE) Questions and Answers

Questions 4

An organization is implementing Cisco ISE posture services and must ensure that a host-based firewall is in place on every Windows and Mac computer that attempts to access the network They have multiple vendors’ firewall applications for their devices, so the engineers creating the policies are unable to use a specific application check in order to validate the posture for this What should be done to enable this type of posture check?

Options:

A.

Use the file registry condition to ensure that the firewal is installed and running appropriately.

B.

Use a compound condition to look for the Windows or Mac native firewall applications.

C.

Enable the default firewall condition to check for any vendor firewall application.

D.

Enable the default application condition to identify the applications installed and validade the firewall app.

Buy Now
Questions 5

An engineer is using Cisco ISE and configuring guest services to allow wireless devices to access the network. Which action should accomplish this task?

Options:

A.

Create the redirect ACL on the WLC and add it to the WLC policy

B.

Create the redirect ACL on the WLC and add it to the Cisco ISE policy.

C.

Create the redirect ACL on Cisco ISE and add it to the WLC policy

D.

Create the redirect ACL on Cisco ISE and add it to the Cisco ISE Policy

Buy Now
Questions 6

An engineer is configuring Cisco ISE policies to support MAB for devices that do not have 802.1X capabilities. The engineer is configuring new endpoint identity groups as conditions to be used in the AuthZ policies, but noticed that the endpoints are not hitting the correct policies. What must be done in order to get the devices into the right policies?

Options:

A.

Manually add the MAC addresses of the devices to endpoint ID groups in the context visibility database.

B.

Create an AuthZ policy to identify Unknown devices and provide partial network access prior to profiling.

C.

Add an identity policy to dynamically add the IP address of the devices to their endpoint identity groups.

D.

Identify the non 802.1X supported device types and create custom profiles for them to profile into.

Buy Now
Questions 7

An engineer is implementing network access control using Cisco ISE and needs to separate the traffic based on the network device ID and use the IOS device sensor capability. Which probe must be used to accomplish this task?

Options:

A.

HTTP probe

B.

NetFlow probe

C.

network scan probe

D.

RADIUS probe

Questions 8

A network administrator changed a Cisco ISE deployment from pilot to production and noticed that the JVM memory utilization increased significantly. The administrator suspects this is due to replication between the nodes What must be configured to minimize performance degradation?

Options:

A.

Review the profiling policies for any misconfiguration

B.

Enable the endpoint attribute filter

C.

Change the reauthenticate interval.

D.

Ensure that Cisco ISE is updated with the latest profiler feed update

Questions 9

An administrator is manually adding a device to a Cisco ISE identity group to ensure that it is able to access the network when needed without authentication Upon testing, the administrator notices that the device never hits the correct authorization policy line using the condition EndPoints LogicalProfile EQUALS static_list Why is this occurring?

Options:

A.

The dynamic logical profile is overriding the statically assigned profile

B.

The device is changing identity groups after profiling instead ot remaining static

C.

The logical profile is being statically assigned instead of the identity group

D.

The identity group is being assigned instead of the logical profile

Buy Now
Questions 10

An organization is hosting a conference and must make guest accounts for several of the speakers attending. The conference ended two days early but the guest accounts are still being used to access the network. What must be configured to correct this?

Options:

A.

Create an authorization rule denying sponsored guest access.

B.

Navigate to the Guest Portal and delete the guest accounts.

C.

Create an authorization rule denying guest access.

D.

Navigate to the Sponsor Portal and suspend the guest accounts.

Buy Now
Questions 11

A network engineer is configuring guest access and notices that when a guest user registers a second device for access, the first device loses access What must be done to ensure that both devices for a particular user are able to access the guest network simultaneously?

Options:

A.

Configure the sponsor group to increase the number of logins.

B.

Use a custom portal to increase the number of logins

C.

Modify the guest type to increase the number of maximum devices

D.

Create an Adaptive Network Control policy to increase the number of devices

Questions 12

Refer to the exhibit.

Which two configurations are needed on a catalyst switch for it to be added as a network access device in a Cisco ISE that is being used for 802 1X authentications? (Choose two )

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

E.

Option E

Buy Now
Questions 13

An administrator is configuring posture assessment in Cisco ISE for the first time. Which two components must be uploaded to Cisco ISE to use Anyconnect for the agent configuration in a client provisioning policy? (Choose two.)

Options:

A.

Anyconnect network visibility module

B.

Anyconnect compliance module

C.

AnyConnectProfile.xml file

D.

AnyConnectProfile.xsd file

E.

Anyconnect agent image

Buy Now
Questions 14

An engineer is configuring web authentication and needs to allow specific protocols to permit DNS traffic. Which type of access list should be used for this configuration?

Options:

A.

reflexive ACL

B.

extended ACL

C.

standard ACL

D.

numbered ACL

Buy Now
Questions 15

A Cisco ISE administrator needs to ensure that guest endpoint registrations are only valid for one day When testing the guest policy flow, the administrator sees that the Cisco ISE does not delete the endpoint in the Guest Endpoints identity store after one day and allows access to the guest network after that period. Which configuration is causing this problem?

Options:

A.

The Endpoint Purge Policy is set to 30 days for guest devices

B.

The RADIUS policy set for guest access is set to allow repeated authentication of the same device

C.

The length of access is set to 7 days in the Guest Portal Settings

D.

The Guest Account Purge Policy is set to 15 days

Questions 16

An engineer must configure Cisco ISE to provide internet access for guests in which guests are required to enter a code to gain network access. Which action accomplishes the goal?

Options:

A.

Configure the hotspot portal for guest access and require an access code.

B.

Configure the sponsor portal with a single account and use the access code as the password.

C.

Configure the self-registered guest portal to allow guests to create a personal access code.

D.

Create a BYOD policy that bypasses the authentication of the user and authorizes access codes.

Buy Now
Questions 17

Drag and drop the description from the left onto the protocol on the right that is used to carry out system authentication, authentication, and accounting.

Options:

Buy Now
Questions 18

Which statement about configuring certificates for BYOD is true?

Options:

A.

An Android endpoint uses EST, whereas other operating systems use SCEP for enrollment

B.

The SAN field is populated with the end user name.

C.

An endpoint certificate is mandatory for the Cisco ISE BYOD

D.

The CN field is populated with the endpoint host name

Buy Now
Questions 19

What is a requirement for Feed Service to work?

Options:

A.

TCP port 3080 must be opened between Cisco ISE and the feed server

B.

Cisco ISE has a base license.

C.

Cisco ISE has access to an internal server to download feed update

D.

Cisco ISE has Internet access to download feed update

Buy Now
Questions 20

An engineer is configuring 802.1X and wants it to be transparent from the users' point of view. The implementation should provide open authentication on the switch ports while providing strong levels of security for non-authenticated devices. Which deployment mode should be used to achieve this?

Options:

A.

closed

B.

low-impact

C.

open

D.

high-impact

Buy Now
Questions 21

Which protocol must be allowed for a BYOD device to access the BYOD portal?

Options:

A.

HTTP

B.

SMTP

C.

HTTPS

D.

SSH

Buy Now
Questions 22

Which two responses from the RADIUS server to NAS are valid during the authentication process? (Choose two)

Options:

A.

access-response

B.

access-request

C.

access-reserved

D.

access-accept

E.

access-challenge

Buy Now
Questions 23

An organization is migrating its current guest network to Cisco ISE and has 1000 guest users in the current database There are no resources to enter this information into the Cisco ISE database manually. What must be done to accomplish this task effciently?

Options:

A.

Use a CSV file to import the guest accounts

B.

Use SOL to link me existing database to Ctsco ISE

C.

Use a JSON fie to automate the migration of guest accounts

D.

Use an XML file to change the existing format to match that of Cisco ISE

Buy Now
Questions 24

An engineer is working with a distributed deployment of Cisco ISE and needs to configure various network probes to collect a set of attributes from the used to accomplish this task?

Options:

A.

policy service

B.

monitoring

C.

pxGrid

D.

primary policy administrator

Buy Now
Questions 25

When setting up profiling in an environment using Cisco ISE for network access control, an organization must use non-proprietary protocols for collecting the information at layer 2. Which two probes will provide this information without forwarding SPAN packets to Cisco ISE? {Choose two.)

Options:

A.

DHCP SPAN probe

B.

SNMP query probe

C.

NetFlow probe

D.

RADIUS probe

E.

DNS probe

Buy Now
Questions 26

What happens when an internal user is configured with an external identity store for authentication, but an engineer uses the Cisco ISE admin portal to select an internal identity store as the identity source?

Options:

A.

Authentication is redirected to the internal identity source.

B.

Authentication is redirected to the external identity source.

C.

Authentication is granted.

D.

Authentication fails.

Buy Now
Questions 27

An engineer has been tasked with standing up a new guest portal for customers that are waiting in the lobby. There is a requirement to allow guests to use their social media logins to access the guest network to appeal to more customers What must be done to accomplish this task?

Options:

A.

Create a sponsor portal to allow guests to create accounts using their social media logins.

B.

Create a sponsored guest portal and enable social media in the external identity sources.

C.

Create a self-registered guest portal and enable the feature for social media logins

D.

Create a hotspot portal and enable social media login for network access

Buy Now
Questions 28

An organization wants to improve their BYOD processes to have Cisco ISE issue certificates to the BYOD endpoints. Currently, they have an active certificate authority and do not want to replace it with Cisco ISE. What must be configured within Cisco ISE to accomplish this goal?

Options:

A.

Create a certificate signing request and have the root certificate authority sign it.

B.

Add the root certificate authority to the trust store and enable it for authentication.

C.

Create an SCEP profile to link Cisco ISE with the root certificate authority.

D.

Add an OCSP profile and configure the root certificate authority as secondary.

Questions 29

A security administrator is using Cisco ISE to create a BYOD onboarding solution for all employees who use personal devices on the corporate network. The administrator generates a Certificate Signing Request and signs the request using an external Certificate Authority server. Which certificate usage option must be selected when importing the certificate into ISE?

Options:

A.

RADIUS

B.

DLTS

C.

Portal

D.

Admin

Buy Now
Questions 30

An administrator is configuring a new profiling policy in Cisco ISE for a printer type that is missing from the profiler feed The logical profile Printers must be used in the authorization rule and the rule must be hit. What must be done to ensure that this configuration will be successful^

Options:

A.

Create a new logical profile for the new printer policy

B.

Enable the EndPoints:EndPointPolicy condition in the authorization policy.

C.

Add the new profiling policy to the logical profile Printers.

D.

Modify the profiler conditions to ensure that it goes into the correct logical profile

Buy Now
Questions 31

Which RADIUS attribute is used to dynamically assign the inactivity active timer for MAB users from the Cisco ISE node'?

Options:

A.

radius-server timeout

B.

session-timeout

C.

idle-timeout

D.

termination-action

Buy Now
Questions 32

Which two ports must be open between Cisco ISE and the client when you configure posture on Cisco ISE? (Choose two).

Options:

A.

TCP 8443

B.

TCP 8906

C.

TCP 443

D.

TCP 80

E.

TCP 8905

Buy Now
Questions 33

An organization is adding new profiling probes to the system to improve profiling on Oseo ISE The probes must support a common network management protocol to receive information about the endpoints and the ports to which they are connected What must be configured on the network device to accomplish this goal?

Options:

A.

ARP

B.

SNMP

C.

WCCP

D.

ICMP

Questions 34

What is the purpose of the ip http server command on a switch?

Options:

A.

It enables the https server for users for web authentication

B.

It enables MAB authentication on the switch

C.

It enables the switch to redirect users for web authentication.

D.

It enables dot1x authentication on the switch.

Buy Now
Questions 35

What are the minimum requirements for deploying the Automatic Failover feature on Administration nodes in a distributed Cisco ISE deployment?

Options:

A.

a primary and secondary PAN and a health check node for the Secondary PAN

B.

a primary and secondary PAN and no health check nodes

C.

a primary and secondary PAN and a pair of health check nodes

D.

a primary and secondary PAN and a health check node for the Primary PAN

Buy Now
Exam Code: 300-715
Exam Name: Implementing and Configuring Cisco Identity Services Engine (SISE) v4.0 (300-715 SISE)
Last Update: Dec 22, 2024
Questions: 243

PDF + Testing Engine

$144.99

Testing Engine

$109.99

PDF (Q&A)

$94.99