Free Demo Questions

Test Online Free Cisco 300-715 Exam Questions and Answers

Practice a live sample before buying full access. This page keeps the free 300-715 question set organized by page so visitors and search engines can reach the canonical -questions.html URL directly.

Updated Sep 05, 2025 42 Questions 3 Pages

Get 300-715 Full Access

Question 16 Selectable Answer

A network administrator changed a Cisco ISE deployment from pilot to production and noticed that the JVM memory utilization increased significantly. The administrator suspects this is due to replication between the nodes.
What must be configured to minimize performance degradation?

A. Review the profiling policies for any misconfiguration
B. Enable the endpoint attribute filter
C. Change the reauthenticate interval.
D. Ensure that Cisco ISE is updated with the latest profiler feed update

Answer:
Explanation:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/admin_guide/b_ise_admin_guide_23/b_ise_admin_guide_23_chapter_010111.html

Question 17 Written Answer

DRAG DROP
Drag and drop the description from the left onto the protocol on the right that is used to carry out system authentication, authentication, and accounting.

Answer:

Explanation:
Graphical user interface, chart, application
Description automatically generated
https://www.mbne.net/tech-notes/aaa-tacacs-radius

Question 18 Selectable Answer

An organization is hosting a conference and must make guest accounts for several of the speakers attending. The conference ended two days early but the guest accounts are still being used to access the network .
What must be configured to correct this?

A. Create an authorization rule denying sponsored guest access.
B. Navigate to the Guest Portal and delete the guest accounts.
C. Create an authorization rule denying guest access.
D. Navigate to the Sponsor Portal and suspend the guest accounts.

Answer:

Question 19 Selectable Answer

Refer to the exhibit.

Which component must be configured to apply the SGACL?

A. egress router
B. host
C. secure server
D. ingress router

Answer:
Explanation:
https://www.cisco.com/c/en/us/td/docs/switches/lan/trustsec/configuration/guide/trustsec/ar ch_over.html#52796

Question 20 Selectable Answer

An adminístrator is migrating device administration access to Cisco ISE from the legacy TACACS+ solution that used only privilege 1 and 15 access levels. The organization requires more granular controls of the privileges and wants to customize access levels 2-5 to correspond with different roles and access needs.
Besides defining a new shell profile in Cisco ISE. what must be done to accomplish this configuration?

A. Enable the privilege levels in Cisco ISE
B. Enable the privilege levels in the IOS devices.
C. Define the command privileges for levels 2-5 in the IOS devices
D. Define the command privileges for levels 2-5 in Cisco ISE

Answer:
Explanation:
https://learningnetwork.cisco.com/s/blogs/a0D3i000002eeWTEAY/cisco-ios-privilege-levels

Question 21 Written Answer

DRAG DROP
Drag the descriptions on the left onto the components of 802.1X on the right.

Answer:

Explanation:
https://netlabz.wordpress.com/2016/09/24/cisco-ise-fundamentals/

Question 22 Selectable Answer

A network administrator is configuring authorization policies on Cisco ISE There is a requirement to use AD group assignments to control access to network resources After a recent power failure and Cisco ISE rebooting itself, the AD group assignments no longer work.
What is the cause of this issue?

A. The AD join point is no longer connected.
B. The AD DNS response is slow.
C. The certificate checks are not being conducted.
D. The network devices ports are shut down.

Answer:
Explanation:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/ise_active_directory_integration/b_ISE_AD_integration_2x.html#ID612

Question 23 Selectable Answer

Which RADIUS attribute is used to dynamically assign the inactivity active timer for MAB users from the Cisco ISE node'?

A. radius-server timeout
B. session-timeout
C. idle-timeout
D. termination-action

Answer:

Question 24 Selectable Answer

What is a characteristic of the UDP protocol?

A. UDP can detect when a server is down.
B. UDP offers best-effort delivery
C. UDP can detect when a server is slow
D. UDP offers information about a non-existent server

Answer:
Explanation:
https://www.cisco.com/c/en/us/support/docs/security-vpn/remote-authentication-dial-user-service-radius/13838-10.html

Question 25 Selectable Answer

An engineer is configuring 802.1X and wants it to be transparent from the users' point of view. The implementation should provide open authentication on the switch ports while providing strong levels of security for non-authenticated devices .
Which deployment mode should be used to achieve this?

A. closed
B. low-impact
C. open
D. high-impact

Answer:
Explanation:
https://www.lookingpoint.com/blog/cisco-ise-wired-802.1x-deployment-monitormode#:~:text=Low%20impact%20mode%20works%20similar,DHCP%2C%20 PXE%20boot%2C%20etc.

Question 26 Selectable Answer

What is a valid guest portal type?

A. Sponsored-Guest
B. My Devices
C. Sponsor
D. Captive-Guest

Answer:

Question 27 Selectable Answer

Which command displays all 802 1X/MAB sessions that are active on the switch ports of aCisco Catalyst switch?

A. show authentication sessions output
B. Show authentication sessions
C. show authentication sessions interface Gi 1/0/x
D. show authentication sessions interface Gi1/0/x output

Answer:

Question 28 Selectable Answer

Which two features should be used on Cisco ISE to enable the TACACS+ feature? (Choose two )

A. External TACACS Servers
B. Device Admin Service
C. Device Administration License
D. Server Sequence
E. Command Sets

Answer:

Question 29 Selectable Answer

An engineer is configuring Cisco ISE policies to support MAB for devices that do not have 802.1X capabilities. The engineer is configuring new endpoint identity groups as conditions to be used in the AuthZ policies, but noticed that the endpoints are not hitting the correct policies .
What must be done in order to get the devices into the right policies?

A. Manually add the MAC addresses of the devices to endpoint ID groups in the context visibility database.
B. Create an AuthZ policy to identify Unknown devices and provide partial network access prior to profiling.
C. Add an identity policy to dynamically add the IP address of the devices to their endpoint identity groups.
D. Identify the non 802.1X supported device types and create custom profiles for them to profile into.

Answer:

Question 30 Selectable Answer

Refer to the exhibit. An engineer is creating a new TACACS* command set and cannot use any show commands after togging into the device with this command set authorization.
Which configuration is causing this issue?

A. Question marks are not allowed as wildcards for command sets.
B. The command set is allowing all commands that are not in the command list
C. The wildcard command listed is in the wrong format
D. The command set is working like an ACL and denying every command.

Answer:

Current Exam

300-715

Cisco
Implementing and Configuring Cisco Identity Services Engine (SISE)

View Full 300-715 Package