March Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70special

Cisco 300-715 Implementing and Configuring Cisco Identity Services Engine (SISE) Exam Practice Test

Page: 1 / 24
Total 243 questions

Implementing and Configuring Cisco Identity Services Engine (SISE) Questions and Answers

Testing Engine

  • Product Type: Testing Engine
$40.5  $134.99

PDF Study Guide

  • Product Type: PDF Study Guide
$34.5  $114.99
Question 1

Which protocol must be allowed for a BYOD device to access the BYOD portal?

Options:

A.

HTTP

B.

SMTP

C.

HTTPS

D.

SSH

Question 2

An administrator is trying to collect metadata information about the traffic going across the network to gam added visibility into the hosts. This Information will be used to create profiling policies for devices us mg Cisco ISE so that network access policies can be used What must be done to accomplish this task?

Options:

A.

Configure the RADIUS profiling probe within Cisco ISE

B.

Configure NetFlow to be sent to me Cisco ISE appliance.

C.

Configure SNMP to be used with the Cisco ISE appliance

D.

Configure the DHCP probe within Cisco ISE

Question 3

An organization wants to standardize the 802 1X configuration on their switches and remove static ACLs on the switch ports while allowing Cisco ISE to communicate to the switch what access to provide What must be configured to accomplish this task?

Options:

A.

security group tag within the authorization policy

B.

extended access-list on the switch for the client

C.

port security on the switch based on the client's information

D.

dynamic access list within the authorization profile

Question 4

In which two ways can users and endpoints be classified for TrustSec?

(Choose Two.)

Options:

A.

VLAN

B.

SXP

C.

dynamic

D.

QoS

E.

SGACL

Question 5

A network security engineer needs to configure 802.1X port authentication to allow a single host to be authenticated for data and another single host to be authenticated for voice. Which command should the engineer run on the interface to accomplish this goal?

Options:

A.

authentication host-mode single-host

B.

authentication host-mode multi-auth

C.

authentication host-mode multi-host

D.

authentication host-mode multi-domain

Question 6

Refer to the exhibit Which switch configuration change will allow only one voice and one data endpoint on each port?

Options:

A.

Multi-auth to multi-domain

B.

Mab to dot1x

C.

Auto to manual

D.

Multi-auth to single-auth

Question 7

A network administrator is setting up wireless guest access and has been unsuccessful in testing client access. The endpoint is able to connect to the SSID but is unable to grant access to the guest network through the guest portal. What must be done to identify the problem?

Options:

A.

Use context visibility to verify posture status.

B.

Use the endpoint ID to execute a session trace.

C.

Use the identity group to validate the authorization rules.

D.

Use traceroute to ensure connectivity.

Question 8

An organization is adding nodes to their Cisco ISE deployment and has two nodes designated as primary and secondary PAN and MnT nodes. The organization also has four PSNs An administrator is adding two more PSNs to this deployment but is having problems adding one of them What is the problem?

Options:

A.

The new nodes must be set to primary prior to being added to the deployment

B.

The current PAN is only able to track a max of four nodes

C.

Only five PSNs are allowed to be in the Cisco ISE cube if configured this way.

D.

One of the new nodes must be designated as a pxGrid node

Question 9

Refer to the exhibit.

A network engineers configuring the switch to accept downloadable ACLs from a Cisco ISC server Which two commands should be run to complete the configuration? (Choose two)

Options:

A.

aaa authorization auth-proxy default group radius

B.

radius server vsa sand authentication

C.

radius-server attribute 8 include-in-access-req

D.

ip device tracking

E.

dot1x system-auth-control

Question 10

A network administrator must configura endpoints using an 802 1X authentication method with EAP identity certificates that are provided by the Cisco ISE When the endpoint presents the identity certificate to Cisco ISE to validate the certificate, endpoints must be authorized to connect to the network Which EAP type must be configured by the network administrator to complete this task?

Options:

A.

EAP-PEAP-MSCHAPv2

B.

EAP-TTLS

C.

EAP-FAST

D.

EAP-TLS

Question 11

What is the maximum number of PSN nodes supported in a medium-sized deployment?

Options:

A.

three

B.

five

C.

two

D.

eight

Question 12

An administrator must block access to BYOD endpoints that were onboarded without a certificate and have been reported as stolen in the Cisco ISE My Devices Portal. Which condition must be used when configuring an authorization policy that sets DenyAccess permission?

Options:

A.

Endpoint Identity Group is Blocklist, and the BYOD state is Registered.

B.

Endpoint Identify Group is Blocklist, and the BYOD state is Pending.

C.

Endpoint Identity Group is Blocklist, and the BYOD state is Lost.

D.

Endpoint Identity Group is Blocklist, and the BYOD state is Reinstate.

Question 13

An organization is adding new profiling probes to the system to improve profiling on Oseo ISE The probes must support a common network management protocol to receive information about the endpoints and the ports to which they are connected What must be configured on the network device to accomplish this goal?

Options:

A.

ARP

B.

SNMP

C.

WCCP

D.

ICMP

Question 14

A network administrator must use Cisco ISE to check whether endpoints have the correct version of antivirus installed Which action must be taken to allow this capability?

Options:

A.

Configure a native supplicant profile to be used for checking the antivirus version

B.

Configure Cisco ISE to push the HostScan package to the endpoints to check for the antivirus version.

C.

Create a Cisco AnyConnect Network Visibility Module configuration profile to send the antivirus information of the endpoints to Cisco ISE.

D.

Create a Cisco AnyConnect configuration within Cisco ISE for the Compliance Module and associated configuration files

Question 15

An administrator needs to give the same level of access to the network devices when users are logging into them using TACACS+ However, the administrator must restrict certain commands based on one of three user roles that require different commands How is this accomplished without creating too many objects using Cisco ISE?

Options:

A.

Create one shell profile and multiple command sets.

B.

Create multiple shell profiles and multiple command sets.

C.

Create one shell profile and one command set.

D.

Create multiple shell profiles and one command set

Question 16

Which command displays all 802 1X/MAB sessions that are active on the switch ports of a Cisco Catalyst switch?

Options:

A.

show authentication sessions output

B.

Show authentication sessions

C.

show authentication sessions interface Gi 1/0/x

D.

show authentication sessions interface Gi1/0/x output

Question 17

What occurs when a Cisco ISE distributed deployment has two nodes and the secondary node is deregistered?

Options:

A.

The primary node restarts

B.

The secondary node restarts.

C.

The primary node becomes standalone

D.

Both nodes restart.

Question 18

An administrator is configuring a switch port for use with 802 1X What must be done so that the port will allow voice and multiple data endpoints?

Options:

A.

Configure the port with the authentication host-mode multi-auth command

B.

Connect the data devices to the port, then attach the phone behind them.

C.

Use the command authentication host-mode multi-domain on the port

D.

Connect a hub to the switch port to allow multiple devices access after authentication

Question 19

Which are two characteristics of TACACS+? (Choose two)

Options:

A.

It uses TCP port 49.

B.

It combines authorization and authentication functions.

C.

It separates authorization and authentication functions.

D.

It encrypts the password only.

E.

It uses UDP port 49.

Question 20

Which two authentication protocols are supported by RADIUS but not by TACACS+? (Choose two.)

Options:

A.

MSCHAPv1

B.

PAP

C.

EAP

D.

CHAP

E.

MSCHAPV2

Question 21

An engineer is testing Cisco ISE policies in a lab environment with no support for a deployment server. In order to push supplicant profiles to the workstations for testing, firewall ports will need to be opened. From which Cisco ISE persona should this traffic be originating?

Options:

A.

monitoring

B.

policy service

C.

administration

D.

authentication

Question 22

What is a difference between RADIUS and TACACS+?

Options:

A.

RADIUS uses connection-oriented transport, and TACACS+ uses best-effort delivery.

B.

RADIUS offers multiprotocol support, and TACACS+ supports only IP traffic.

C.

RADIUS combines authentication and authorization functions, and TACACS+ separates them.

D.

RADIUS supports command accounting, and TACACS+ does not.

Question 23

A security administrator is using Cisco ISE to create a BYOD onboarding solution for all employees who use personal devices on the corporate network. The administrator generates a Certificate Signing Request and signs the request using an external Certificate Authority server. Which certificate usage option must be selected when importing the certificate into ISE?

Options:

A.

RADIUS

B.

DLTS

C.

Portal

D.

Admin

Question 24

An administrator needs to connect ISE to Active Directory as an external authentication source and allow the proper ports through the firewall. Which two ports should be opened to accomplish this task? (Choose two)

Options:

A.

TELNET 23

B.

LDAP 389

C.

HTTP 80

D.

HTTPS 443

E.

MSRPC 445

Question 25

An administrator connects an HP printer to a dot1x enable port, but the printer in not accessible Which feature must the administrator enable to access the printer?

Options:

A.

MAC authentication bypass

B.

change of authorization

C.

TACACS authentication

D.

RADIUS authentication

Question 26

Refer to the exhibit:

Which command is typed within the CU of a switch to view the troubleshooting output?

Options:

A.

show authentication sessions mac 000e.84af.59af details

B.

show authentication registrations

C.

show authentication interface gigabitethemet2/0/36

D.

show authentication sessions method

Question 27

Which two actions must be verified to confirm that the internet is accessible via guest access when configuring a guest portal? (Choose two.)

Options:

A.

The guest device successfully associates with the correct SSID.

B.

The guest user gets redirected to the authentication page when opening a browser.

C.

The guest device has internal network access on the WLAN.

D.

The guest device can connect to network file shares.

E.

Cisco ISE sends a CoA upon successful guest authentication.

Question 28

An engineer needs to configure a new certificate template in the Cisco ISE Internal Certificate Authority to prevent BYOD devices from needing to re-enroll when their MAC address changes. Which option must be selected in the Subject Alternative Name field?

Options:

A.

Common Name and GUID

B.

MAC Address and GUID

C.

Distinguished Name

D.

Common Name

Question 29

An administrator is attempting to replace the built-in self-signed certificates on a Cisco ISE appliance. The CA is requesting some information about the appliance in order to sign the new certificate. What must be done in order to provide the CA this information?

Options:

A.

Install the Root CA and intermediate CA.

B.

Generate the CSR.

C.

Download the intermediate server certificate.

D.

Download the CA server certificate.

Question 30

A user is attempting to register a BYOD device to the Cisco ISE deployment, but needs to use the onboarding policy to request a digital certificate and provision the endpoint. What must be configured to accomplish this task?

Options:

A.

A native supplicant provisioning policy to redirect them to the BYOD portal for onboarding

B.

The Cisco AnyConnect provisioning policy to provision the endpoint for onboarding

C.

The BYOD flow to ensure that the endpoint will be provisioned prior to registering

D.

The posture provisioning policy to give the endpoint all necessary components prior to registering

Question 31

An organization wants to improve their BYOD processes to have Cisco ISE issue certificates to the BYOD endpoints. Currently, they have an active certificate authority and do not want to replace it with Cisco ISE. What must be configured within Cisco ISE to accomplish this goal?

Options:

A.

Create a certificate signing request and have the root certificate authority sign it.

B.

Add the root certificate authority to the trust store and enable it for authentication.

C.

Create an SCEP profile to link Cisco ISE with the root certificate authority.

D.

Add an OCSP profile and configure the root certificate authority as secondary.

Question 32

An engineer is designing a BYOD environment utilizing Cisco ISE for devices that do not support native supplicants Which portal must the security engineer configure to accomplish this task?

Options:

A.

MDM

B.

Client provisioning

C.

My devices

D.

BYOD

Question 33

When setting up profiling in an environment using Cisco ISE for network access control, an organization must use non-proprietary protocols for collecting the information at layer 2. Which two probes will provide this information without forwarding SPAN packets to Cisco ISE? {Choose two.)

Options:

A.

DHCP SPAN probe

B.

SNMP query probe

C.

NetFlow probe

D.

RADIUS probe

E.

DNS probe

Question 34

An engineer is configuring posture assessment for their network access control and needs to use an agent that supports using service conditions as conditions for the assessment. The agent should be run as a background process to avoid user interruption but when it is run. the user can see it. What is the problem?

Options:

A.

The engineer is using the "Anyconnect” posture agent but should be using the "Stealth Anyconnect posture agent

B.

The posture module was deployed using the headend instead of installing it with SCCM

C.

The user was in need of remediation so the agent appeared m the notifications

D.

The proper permissions were no! given to the temporal agent to conduct the assessment

Question 35

Users in an organization report issues about having to remember multiple usernames and passwords. The network administrator wants the existing Cisco ISE deployment to utilize an external identity source to alleviate this issue. Which two requirements must be met to implement this change? (Choose two.)

Options:

A.

Enable IPC access over port 80.

B.

Ensure that the NAT address is properly configured

C.

Establish access to one Global Catalog server.

D.

Provide domain administrator access to Active Directory.

E.

Configure a secure LDAP connection.

Page: 1 / 24
Total 243 questions