Practice Free Cisco 300-715 Exam Questions Online, 300-715 Free Demo

Question 1 Selectable Answer

Refer to the exhibit.

An organization recently implemented network device administration using Cisco ISE. Upon testing the ability to access all of the required devices, a user in the Cisco ISE group IT Admins is attempting to login to a device in their organization's finance department but is unable to .
What is the problem?

A. The IT training rule is taking precedence over the IT Admins rule.
B. The authorization conditions wrongly allow IT Admins group no access to finance devices.
C. The finance location is not a condition in the policy set.
D. The authorization policy doesn't correctly grant them access to the finance devices.

Answer:

Question 2 Selectable Answer

Which two components are required for creating a Native Supplicant Profile within a BYOD flow? (Choose two)

A. Windows Settings
B. Connection Type
C. iOS Settings
D. Redirect ACL
E. Operating System

Answer:
Explanation:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_010101.html #reference_21024A3B2B27427EAC78495E56962729

Question 3 Selectable Answer

An administrator wants to configure network device administration and is trying to decide whether to use TACACS* or RADIUS. A reliable protocol must be used that can check command authorization.
Which protocol meets these requirements and why?

A. TACACS+ because it runs over TCP
B. RADIUS because it runs over UDP
C. RADIUS because it runs over TC
D. TACACS+ because it runs over UDP

Answer:

Question 4 Selectable Answer

What are two requirements of generating a single signing in Cisco ISE by using a certificate provisioning portal, without generating a certificate request? (Choose two)

A. Location the CSV file for the device MAC
B. Select the certificate template
C. Choose the hashing method
D. Enter the common name
E. Enter the IP address of the device

Answer:
Explanation:
https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/200534-ISE-2-0-Certificate-Provisioning-Portal.html

Question 5 Selectable Answer

Which personas can a Cisco ISE node assume'?

A. policy service, gatekeeping, and monitoring
B. administration, policy service, and monitoring
C. administration, policy service, gatekeeping
D. administration, monitoring, and gatekeeping

Answer:
Explanation:
https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_dis_deploy.html
The persona or personas of a node determine the services provided by a node. An ISE node can assume any or all of the following personas: Administration, Policy Service, and Monitoring. The menu options that are available through the administrative user interface are dependent on the role and personas that an ISE node assumes. See Cisco ISE Nodes and Available Menu Options for more information.

Question 6 Written Answer

An administrator is attempting to replace the built-in self-signed certificates on a Cisco ISE appliance. The CA is requesting some information about the appliance in order to sign the new certificate .
What must be done in order to provide the CA this information?
A. Install the Root CA and intermediate CA.
B. Generate the CSR.
C. Download the intermediate server certificate.
D. Download the CA server certificate.

Answer: B

Question 7 Selectable Answer

An administrator is manually adding a device to a Cisco ISE identity group to ensure that it is able to access the network when needed without authentication Upon testing, the administrator notices that the device never hits the correct authorization policy line using the condition EndPoints LogicalProfile EQUALS static_list.
Why is this occurring?

A. The dynamic logical profile is overriding the statically assigned profile
B. The device is changing identity groups after profiling instead ot remaining static
C. The logical profile is being statically assigned instead of the identity group
D. The identity group is being assigned instead of the logical profile

Answer:

Question 8 Selectable Answer

An administrator needs to give the same level of access to the network devices when users are logging into them using TACACS+ However, the administrator must restrict certaincommands based on one of three user roles that require different commands.
How is this accomplished without creating too many objects using Cisco ISE?

A. Create one shell profile and multiple command sets.
B. Create multiple shell profiles and multiple command sets.
C. Create one shell profile and one command set.
D. Create multiple shell profiles and one command set

Answer:
Explanation:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_0100010.html
https://www.youtube.com/watch?v=IlZwB71Szog&ab_channel=JasonMaynard

Question 9 Selectable Answer

What must be configured on the Cisco ISE authentication policy for unknown MAC addresses/identities for successful authentication?

A. pass
B. reject
C. drop
D. continue

Answer:
Explanation:
https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_man_id_stores.html

Question 10 Selectable Answer

What must be configured on the WLC to configure Central Web Authentication using Cisco ISE and a WLC?

A. Set the NAC State option to SNMP NA
B. Set the NAC State option to RADIUS NA
C. Use the radius-server vsa send authentication command.
D. Use the ip access-group webauth in command.

Answer:

Question 11 Selectable Answer

How is policy services node redundancy achieved in a deployment?

A. by enabling VIP
B. by utilizing RADIUS server list on the NAD
C. by creating a node group
D. by deploying both primary and secondary node

Answer:

Question 12 Selectable Answer

Which two ports must be open between Cisco ISE and the client when you configure posture on Cisco ISE? (Choose two).

A. TCP 8443
B. TCP 8906
C. TCP 443
D. TCP 80
E. TCP 8905

Answer:

Question 13 Selectable Answer

A network administrator must use Cisco ISE to check whether endpoints have the correct version of antivirus installed.
Which action must be taken to allow this capability?

A. Configure a native supplicant profile to be used for checking the antivirus version
B. Configure Cisco ISE to push the HostScan package to the endpoints to check for the antivirus version.
C. Create a Cisco AnyConnect Network Visibility Module configuration profile to send the antivirus information of the endpoints to Cisco IS
D. Create a Cisco AnyConnect configuration within Cisco ISE for the Compliance Module and associated configuration files

Answer:
Explanation:
https://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_client_prov.html About Anyconnect Network Visibility Module
https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect45/administration/guide/b_AnyConnect_Administrator_Guide_4-5/nvm.html

Question 14 Selectable Answer

An administrator connects an HP printer to a dot1x enable port, but the printer in not
accessible.
Which feature must the administrator enable to access the printer?

A. MAC authentication bypass
B. change of authorization
C. TACACS authentication
D. RADIUS authentication

Answer:
Explanation:
https://community.cisco.com/t5/network-access-control/ise-for-printer-security/m-p/3933216

Question 15 Selectable Answer

A network security engineer needs to configure 802.1X port authentication to allow a single host to be authenticated for data and another single host to be authenticated for voice .
Which command should the engineer run on the interface to accomplish this goal?

A. authentication host-mode single-host
B. authentication host-mode multi-auth
C. authentication host-mode multi-host
D. authentication host-mode multi-domain

Answer:

Test Online Free Cisco 300-715 Exam Questions and Answers