ExamGecko
Search Search Login
Home Home / Cisco / 300-715

Cisco 300-715 Practice Test - Questions Answers

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

An administrator must block access to BYOD endpoints that were onboarded without a certificate and have been reported as stolen in the Cisco ISE My Devices Portal. Which condition must be used when configuring an authorization policy that sets DenyAccess permission?
Refer to the exhibit. An engineer is configuring Cisco ISE for guest services They would like to have any unregistered guests redirected to the guest portal for authentication then have a CoA provide them with full access to the network that is segmented via firewalls Why is the given configuration failing to accomplish this goal?
DRAG DROP An engineer needs to configure a compliance policy on Cisco ISE to ensure that the latest encryption software is running on the C drive of all endpoints. Drag and drop the configuration steps from the left into the sequence on the right to accomplish this task.
An organization is hosting a conference and must make guest accounts for several of the speakers attending. The conference ended two days early but the guest accounts are still being used to access the network. What must be configured to correct this?
What occurs when a Cisco ISE distributed deployment has two nodes and the secondary node is deregistered?
What are two components of the posture requirement when configuring Cisco ISE posture? (Choose two)
A network engineer is configuring a network device that needs to filter traffic based on security group tags using a security policy on a routed into this task?
The security team identified a rogue endpoint with MAC address 00:46:91:02:28:4A attached to the network. Which action must security engineer take within Cisco ISE to effectively restrict network access for this endpoint?
DRAG DROP Drag and drop the configuration steps from the left into the sequence on the right to install two Cisco ISE nodes in a distributed deployment.
An engineer is configuring a posture policy for Windows 10 endpoints and wants to ensure that users in each AD group have different conditions to meet to be compliant. What must be done to accomplish this task?

Question 1

Report
Export
Collapse

What are two components of the posture requirement when configuring Cisco ISE posture? (Choose two)

A.

updates

A.

updates

Answers
B.

remediation actions

B.

remediation actions

Answers
C.

Client Provisioning portal

C.

Client Provisioning portal

Answers
D.

conditions

D.

conditions

Answers
E.

access policy

E.

access policy

Answers
Suggested answer: B, D

Question 2

Report
Export
Collapse

What is a method for transporting security group tags throughout the network?

A.

by enabling 802.1AE on every network device

A.

by enabling 802.1AE on every network device

Answers
B.

by the Security Group Tag Exchange Protocol

B.

by the Security Group Tag Exchange Protocol

Answers
C.

by embedding the security group tag in the IP header

C.

by embedding the security group tag in the IP header

Answers
D.

by embedding the security group tag in the 802.1Q header

D.

by embedding the security group tag in the 802.1Q header

Answers
Suggested answer: B

Question 3

Report
Export
Collapse

Which two ports must be open between Cisco ISE and the client when you configure posture on Cisco ISE? (Choose two).

A.

TCP 8443

A.

TCP 8443

Answers
B.

TCP 8906

B.

TCP 8906

Answers
C.

TCP 443

C.

TCP 443

Answers
D.

TCP 80

D.

TCP 80

Answers
E.

TCP 8905

E.

TCP 8905

Answers
Suggested answer: A, E

Question 4

Report
Export
Collapse

Which profiling probe collects the user-agent string?

A.

DHCP

A.

DHCP

Answers
B.

AD

B.

AD

Answers
C.

HTTP

C.

HTTP

Answers
D.

NMAP

D.

NMAP

Answers
Suggested answer: C

Question 5

Report
Export
Collapse

Which supplicant(s) and server(s) are capable of supporting EAP-CHAINING?

A.

Cisco AnyConnect NAM and Cisco Identity Service Engine

A.

Cisco AnyConnect NAM and Cisco Identity Service Engine

Answers
B.

Cisco AnyConnect NAM and Cisco Access Control Server

B.

Cisco AnyConnect NAM and Cisco Access Control Server

Answers
C.

Cisco Secure Services Client and Cisco Access Control Server

C.

Cisco Secure Services Client and Cisco Access Control Server

Answers
D.

Windows Native Supplicant and Cisco Identity Service Engine

D.

Windows Native Supplicant and Cisco Identity Service Engine

Answers
Suggested answer: A

Question 6

Report
Export
Collapse

Which two values are compared by the binary comparison (unction in authentication that is based on Active Directory?

A.

subject alternative name and the common name

A.

subject alternative name and the common name

Answers
B.

MS-CHAPv2 provided machine credentials and credentials stored in Active Directory

B.

MS-CHAPv2 provided machine credentials and credentials stored in Active Directory

Answers
C.

user-presented password hash and a hash stored in Active Directory

C.

user-presented password hash and a hash stored in Active Directory

Answers
D.

user-presented certificate and a certificate stored in Active Directory

D.

user-presented certificate and a certificate stored in Active Directory

Answers
Suggested answer: A

Explanation:

Basic certificate checking does not require an identity source. If you want binary comparison checking for the certificates, you must select an identity source. If you select Active Directory as an identity source, subject and common name and subject alternative name (all values) can be used to look up a user. https://www.cisco.com/c/en/us/td/docs/security/ise/1- 3/admin_guide/b_ise_admin_guide_13/ b_ise_admin_guide_sample_chapter_01110.html

Question 7

Report
Export
Collapse

Which three default endpoint identity groups does cisco ISE create? (Choose three)

A.

Unknown

A.

Unknown

Answers
B.

whitelist

B.

whitelist

Answers
C.

end point

C.

end point

Answers
D.

profiled

D.

profiled

Answers
E.

blacklist

E.

blacklist

Answers
Suggested answer: A, D, E

Explanation:

Default Endpoint Identity Groups Created for Endpoints

Cisco ISE creates the following five endpoint identity groups by default: Blacklist, GuestEndpoints, Profiled, RegisteredDevices, and Unknown. In addition, it creates two more identity groups, such as Cisco-IP-Phone and Workstation, which are associated to the Profiled (parent) identity group. A parent group is the default identity group that exists in the system.

https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ise_admin_guide_24/b_ise_admin_guide_24_new_chapter_010101.html#ID1678

Question 8

Report
Export
Collapse

Which Cisco ISE service allows an engineer to check the compliance of endpoints before connecting to the network?

A.

personas

A.

personas

Answers
B.

qualys

B.

qualys

Answers
C.

nexpose

C.

nexpose

Answers
D.

posture

D.

posture

Answers
Suggested answer: D

Explanation:

https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_010110.htmlPosture is a service in Cisco Identity Services Engine (Cisco ISE) that allows you to check the state,also known as posture, of all the endpoints that are connecting to a network for compliance withcorporate security policies. This allows you to control clients to access protected areas of a network.

Question 9

Report
Export
Collapse

Which default endpoint identity group does an endpoint that does not match any profile in Cisco ISE become a member of?

A.

Endpoint

A.

Endpoint

Answers
B.

unknown

B.

unknown

Answers
C.

blacklist

C.

blacklist

Answers
D.

white list

D.

white list

Answers
E.

profiled

E.

profiled

Answers
Suggested answer: B

Explanation:

If you do not have a matching profiling policy, you can assign an unknown profiling policy. The endpoint is therefore profiled as Unknown. The endpoint that does not match any profile is grouped within the Unknown identity group. The endpoint profiled to the Unknown profile requires that you create a profile with an attribute or a set of attributes collected for that endpoint.

https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_man_identities.html

Question 10

Report
Export
Collapse

Refer to the exhibit:

Which command is typed within the CU of a switch to view the troubleshooting output?

A.

show authentication sessions mac 000e.84af.59af details

A.

show authentication sessions mac 000e.84af.59af details

Answers
B.

show authentication registrations

B.

show authentication registrations

Answers
C.

show authentication interface gigabitethemet2/0/36

C.

show authentication interface gigabitethemet2/0/36

Answers
D.

show authentication sessions method

D.

show authentication sessions method

Answers
Suggested answer: A
Total 242 questions
Go to page: of 25
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms