[Nov 20, 2021] Prepare For The 300-715 Question Papers In Advance [Q44-Q68]

[Nov 20, 2021] Prepare For The 300-715 Question Papers In Advance

300-715 PDF Dumps Real 2021 Recently Updated Questions

NEW QUESTION 44
An administrator is configuring posture with Cisco ISE and wants to check that specific services are present on the workstations that are attempting to access the network. What must be configured to accomplish this goal?

• A. Create a registry posture condition using a non-OPSWAT API version.
• B. Create a compound posture condition using a OPSWAT API version.
• C. Create an application posture condition using a OPSWAT API version.
• D. Create a service posture condition using a non-OPSWAT API version.

Answer: D

 

NEW QUESTION 45
An administrator for a small network is configuring Cisco ISE to provide dynamic network access to users. Management needs Cisco ISE to not automatically trigger a CoA whenever a profile change is detected. Instead, the administrator needs to verify the new profile and manually trigger a CoA.
What must be configuring in the profiler to accomplish this goal?

• A. No CoA
• B. Session Query
• C. Reauth
• D. Port Bounce

Answer: A

Explanation:
Reference:
https://ciscocustomer.lookbookhq.com/iseguidedjourney/ISE-profiling-policies

 

NEW QUESTION 46
Which two components are required for creating a Native Supplicant Profile within a BYOD flow? (Choose two )

• A. Windows Settings
• B. iOS Settings
• C. Redirect ACL
• D. Connection Type
• E. Operating System

Answer: B,E

 

NEW QUESTION 47
During BYOD flow, from where does a Microsoft Windows PC download the Network Setup Assistant?

• A. Cisco App Store
• B. Cisco ISE directly
• C. Microsoft App Store
• D. Native OTA functionality

Answer: A

 

NEW QUESTION 48
An engineer is configuring 802.1X and wants it to be transparent from the users' point of view. The implementation should provide open authentication on the switch ports while providing strong levels of security for non-authenticated devices. Which deployment mode should be used to achieve this?

• A. low-impact
• B. open
• C. closed
• D. high-impact

Answer: B

 

NEW QUESTION 49
What are two components of the posture requirement when configuring Cisco ISE posture? (Choose two)

• A. conditions
• B. access policy
• C. Client Provisioning portal
• D. remediation actions
• E. updates

Answer: A,D

 

NEW QUESTION 50
An engineer is designing a BYOD environment utilizing Cisco ISE for devices that do not support native supplicants Which portal must the security engineer configure to accomplish this task?

• A. BYOD
• B. Client provisioning
• C. My devices
• D. MDM

Answer: C

Explanation:
Explanation
https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/admin_guide/b_ise_admin_guide_22/b_ise_admin_guide

 

NEW QUESTION 51
Which two features are available when the primary admin node is down and the secondary admin node has not been promoted? (Choose two)

• A. BYOD
• B. hotspot
• C. new AD user 802 1X authentication
• D. guest AUP

Answer: A,C

 

NEW QUESTION 52
An administrator is configuring TACACS+ on a Cisco switch but cannot authenticate users with Cisco ISE.
The configuration contains the correct key of Cisc039712287. but the switch is not receiving a response from the Cisco ISE instance What must be done to validate the AAA configuration and identify the problem with the TACACS+ servers?

• A. Validate that the key value is correct using the test aaa authentication admin <key> legacy command.
• B. Test the user account on the server using the test aaa group radius server CUCS user admin pass <key> legacy command.
• C. Check for server reachability using the test aaa group tacacs+ admin <key> legacy command.
• D. Conrm the authorization policies are correct using the test aaa authorization admin drop legacy command.

Answer: C

Explanation:
Explanation
https://medium.com/training-course-ccna-security-210-260/ccna-security-part-3-implementing-aaa-in-cisco-ios-4

 

NEW QUESTION 53
Which use case validates a change of authorization?

• A. Endpoints are created through device registration for the guests
• B. An authenticated, wired EAP-capable endpoint is discovered
• C. An endpoint profiling policy is changed for authorization policy.
• D. An endpoint that is disconnected from the network is discovered

Answer: C

Explanation:
Explanation
https://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_prof_pol.html

 

NEW QUESTION 54
A new employee just connected their workstation to a Cisco IP phone. The network administrator wants to ensure that the Cisco IP phone remains online when the user disconnects their Workstation from the corporate network Which CoA configuration meets this requirement?

• A. NoCoA
• B. Disconnect
• C. Reauth
• D. Port Bounce

Answer: A

 

NEW QUESTION 55
Which two values are compared by the binary comparison (unction in authentication that is based on Active Directory?

• A. user-presented certificate and a certificate stored in Active Directory
• B. subject alternative name and the common name
• C. user-presented password hash and a hash stored in Active Directory
• D. MS-CHAPv2 provided machine credentials and credentials stored in Active Directory

Answer: B,D

Explanation:
Explanation
Basic certificate checking does not require an identity source. If you want binary comparison checking for the certificates, you must select an identity source. If you select Active Directory as an identity source, subject and common name and subject alternative name (all values) can be used to look up a user.
https://www.cisco.com/c/en/us/td/docs/security/ise/1-3/admin_guide/b_ise_admin_guide_13/b_ise_admin_guide_sample_chapter_01110.html

 

NEW QUESTION 56
Which term refers to an endpoint agent that tries to join an 802 1X-enabled network?

• A. client
• B. authenticator
• C. EAP server
• D. supplicant

Answer: D

Explanation:
Reference:
https://www.oreilly.com/library/view/cisco-ise-for/9780133103632/ch16.html#:~:text=What%20is%20a%20supplicant%3F,networks%2C%20both%20wired%20and%20wireless.&text=The%20802.1X%20transactions%20are,Identity%20Services%20Engine%20(ISE).

 

NEW QUESTION 57
An organization wants to improve their BYOD processes to have Cisco ISE issue certificates to the BYOD endpoints. Currently, they have an active certificate authority and do not want to replace it with Cisco ISE.
What must be configured within Cisco ISE to accomplish this goal?

• A. Add an OCSP profile and configure the root certificate authority as secondary.
• B. Create an SCEP profile to link Cisco ISE with the root certificate authority.
• C. Add the root certificate authority to the trust store and enable it for authentication.
• D. Create a certificate signing request and have the root certificate authority sign it.

Answer: B

 

NEW QUESTION 58
A customer wants to set up the Sponsor portal and delegate the authentication flow to a third party for added security while using Kerberos Which database should be used to accomplish this goal?

• A. Local Database
• B. RSA Token Server
• C. LDAP
• D. Active Directory

Answer: D

Explanation:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-6/admin_guide/b_ise_admin_guide_26/b_ise_admin_guide_26_chapter_01111.html#concept_srz_bkb_4db

 

NEW QUESTION 59
Which two ports do network devices typically use for CoA? (Choose two )

• A. 0
• B. 1
• C. 2
• D. 3
• E. 4

Answer: A,E

 

NEW QUESTION 60
Which two ports must be open between Cisco ISE and the client when you configure posture on Cisco ISE?
(Choose two).

• A. TCP 8905
• B. TCP 80
• C. TCP 8906
• D. TCP 443
• E. TCP 8443

Answer: A,B

 

NEW QUESTION 61
A network engineer has been tasked with enabling a switch to support standard web authentication for Cisco ISE. This must include the ability to provision for URL redirection on authentication Which two commands must be entered to meet this requirement? (Choose two)

• A. Ip http redirection
• B. Ip http secure-authentication
• C. Ip http secure-server
• D. Ip http server
• E. Ip http authentication

Answer: C,D

Explanation:
https://www.cisco.com/en/US/docs/switches/lan/catalyst3850/software/release/3.2_0_se/multibook/configuration_guide/b_consolidated_config_guide_3850_chapter_0111001.html

 

NEW QUESTION 62
An administrator is adding a switch to a network that is running Cisco ISE and is only for IP Phones. The phones do not have the ability to auto switch port for authentication?

• A. enable bypass-MAC
• B. enable network-authentication
• C. dot1x system-auth-control
• D. mab

Answer: D

 

NEW QUESTION 63
Which permission is common to the Active Directory Join and Leave operations?

• A. Search Active Directory to see if a Cisco ISE machine account already ex.sts.
• B. Remove the Cisco ISE machine account from the domain.
• C. Create a Cisco ISE machine account in the domain if the machine account does not already exist
• D. Set attributes on the Cisco ISE machine account

Answer: A

Explanation:
Explanation
https://www.cisco.com/c/en/us/td/docs/security/ise/2-0/ise_active_directory_integration/b_ISE_AD_integration_

 

NEW QUESTION 64
An administrator is configuring new probes to use with Cisco ISE and wants to use metadata to help profile the endpoints. The metadata must contain traffic information relating to the endpoints instead of industry-standard protocol information Which probe should be enabled to meet these requirements?

• A. NetFlow probe
• B. DNS probe
• C. DHCP probe
• D. SNMP query probe

Answer: C

Explanation:
Reference:
http://www.network-node.com/blog/2016/1/2/ise-20-profiling

 

NEW QUESTION 65
When setting up profiling in an environment using Cisco ISE for network access control, an organization must use non-proprietary protocols for collecting the information at layer 2. Which two probes will provide this information without forwarding SPAN packets to Cisco ISE? {Choose two.)

• A. DHCP SPAN probe
• B. NetFlow probe
• C. DNS probe
• D. RADIUS probe
• E. SNMP query probe

Answer: D,E

Explanation:
Reference:
https://ciscocustomer.lookbookhq.com/iseguidedjourney/ISE-profiling-design

 

NEW QUESTION 66
In a standalone Cisco ISE deployment, which two personas are configured on a node? (Choose two )

• A. administration
• B. primary
• C. publisher
• D. policy service
• E. subscriber

Answer: A,D

Explanation:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-0/admin_guide/b_ise_admin_guide_20/b_ise_admin_guide_20_chapter_010.html

 

NEW QUESTION 67
What is a characteristic of the UDP protocol?

• A. UDP can detect when a server is down.
• B. UDP offers information about a non-existent server
• C. UDP can detect when a server is slow
• D. UDP offers best-effort delivery

Answer: D

Explanation:
https://www.cisco.com/c/en/us/support/docs/security-vpn/remote-authentication-dial-user-service-radius/13838-10.html

 

NEW QUESTION 68
......

Understanding functional and technical aspects of Implementing and Configuring Cisco Identity Services Engine (300-715 SISE) Network access device administration

The following will be discussed in CISCO 300-715 dumps:

• Configure the compliance module
• Configure posture conditions and policy, and client provisioning
• Configure TACACS+ device administration and command authorization
• Describe supplicant, supplicant options, authenticator, and server
• Configure Cisco ISE posture agents and operational modes
• Compare AAA protocols
• Describe endpoint compliance, posture services, and client provisioning

 

300-715 Dumps and Practice Test (153 Exam Questions): https://www.guidetorrent.com/300-715-pdf-free-download.html

Released Cisco 300-715 Updated Questions PDF: https://drive.google.com/open?id=1XUtK7ELvpZVp_UQXSt1m5uI6G6S-oln3