ExamGecko
Search Search Login
Home Home / Cisco / 300-715
Ask QuestionAsk Question

Cisco 300-715 Practice Test - Questions Answers

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

An organization is hosting a conference and must make guest accounts for several of the speakers attending. The conference ended two days early but the guest accounts are still being used to access the network. What must be configured to correct this?
Refer to the exhibit. An engineer is configuring Cisco ISE for guest services They would like to have any unregistered guests redirected to the guest portal for authentication then have a CoA provide them with full access to the network that is segmented via firewalls Why is the given configuration failing to accomplish this goal?
An administrator is attempting to replace the built-in self-signed certificates on a Cisco ISE appliance. The CA is requesting some information about the appliance in order to sign the new certificate. What must be done in order to provide the CA this information?
What are two components of the posture requirement when configuring Cisco ISE posture? (Choose two)
DRAG DROP An engineer needs to configure a compliance policy on Cisco ISE to ensure that the latest encryption software is running on the C drive of all endpoints. Drag and drop the configuration steps from the left into the sequence on the right to accomplish this task.
An engineer is configuring 802.1X and wants it to be transparent from the users' point of view. The implementation should provide open authentication on the switch ports while providing strong levels of security for non-authenticated devices. Which deployment mode should be used to achieve this?
Which two probes must be enabled for the ARP cache to function in the Cisco ISE profile service so that a user can reliably bind the IP address and MAC addresses of endpoints? (Choose two.)
An administrator is configuring RADIUS on a Cisco switch with a key set to Cisc403012128 but is receiving the error "Authentication failed: 22040 Wrong password or invalid shared secret. "what must be done to address this issue?
An engineer has been tasked with standing up a new guest portal for customers that are waiting in the lobby. There is a requirement to allow guests to use their social media logins to access the guest network to appeal to more customers What must be done to accomplish this task?
A network engineer needs to deploy 802.1x using Cisco ISE in a wired network environment where thin clients download their system image upon bootup using PXE. For which mode must the switch ports be configured?

Question 1

Report
Export
Collapse

What are two components of the posture requirement when configuring Cisco ISE posture? (Choose two)

A.

updates

A.

updates
Answers
B.

remediation actions

B.

remediation actions
Answers
C.

Client Provisioning portal

C.

Client Provisioning portal
Answers
D.

conditions

D.

conditions
Answers
E.

access policy

E.

access policy
Answers
Suggested answer: B, D
asked 07/10/2024
Rajeev Parameswaran
38 questions

Question 2

Report
Export
Collapse

What is a method for transporting security group tags throughout the network?

A.

by enabling 802.1AE on every network device

A.

by enabling 802.1AE on every network device
Answers
B.

by the Security Group Tag Exchange Protocol

B.

by the Security Group Tag Exchange Protocol
Answers
C.

by embedding the security group tag in the IP header

C.

by embedding the security group tag in the IP header
Answers
D.

by embedding the security group tag in the 802.1Q header

D.

by embedding the security group tag in the 802.1Q header
Answers
Suggested answer: B
asked 07/10/2024
Reselan Govender
33 questions

Question 3

Report
Export
Collapse

Which two ports must be open between Cisco ISE and the client when you configure posture on Cisco ISE? (Choose two).

A.

TCP 8443

A.

TCP 8443
Answers
B.

TCP 8906

B.

TCP 8906
Answers
C.

TCP 443

C.

TCP 443
Answers
D.

TCP 80

D.

TCP 80
Answers
E.

TCP 8905

E.

TCP 8905
Answers
Suggested answer: A, E
asked 07/10/2024
Nika Longley
38 questions

Question 4

Report
Export
Collapse

Which profiling probe collects the user-agent string?

A.

DHCP

A.

DHCP
Answers
B.

AD

B.

AD
Answers
C.

HTTP

C.

HTTP
Answers
D.

NMAP

D.

NMAP
Answers
Suggested answer: C
asked 07/10/2024
Kyle Norton
37 questions

Question 5

Report
Export
Collapse

Which supplicant(s) and server(s) are capable of supporting EAP-CHAINING?

A.

Cisco AnyConnect NAM and Cisco Identity Service Engine

A.

Cisco AnyConnect NAM and Cisco Identity Service Engine
Answers
B.

Cisco AnyConnect NAM and Cisco Access Control Server

B.

Cisco AnyConnect NAM and Cisco Access Control Server
Answers
C.

Cisco Secure Services Client and Cisco Access Control Server

C.

Cisco Secure Services Client and Cisco Access Control Server
Answers
D.

Windows Native Supplicant and Cisco Identity Service Engine

D.

Windows Native Supplicant and Cisco Identity Service Engine
Answers
Suggested answer: A
asked 07/10/2024
Christopher Dawe
41 questions

Question 6

Report
Export
Collapse

Which two values are compared by the binary comparison (unction in authentication that is based on Active Directory?

A.

subject alternative name and the common name

A.

subject alternative name and the common name
Answers
B.

MS-CHAPv2 provided machine credentials and credentials stored in Active Directory

B.

MS-CHAPv2 provided machine credentials and credentials stored in Active Directory
Answers
C.

user-presented password hash and a hash stored in Active Directory

C.

user-presented password hash and a hash stored in Active Directory
Answers
D.

user-presented certificate and a certificate stored in Active Directory

D.

user-presented certificate and a certificate stored in Active Directory
Answers
Suggested answer: A

Explanation:

Basic certificate checking does not require an identity source. If you want binary comparison checking for the certificates, you must select an identity source. If you select Active Directory as an identity source, subject and common name and subject alternative name (all values) can be used to look up a user. https://www.cisco.com/c/en/us/td/docs/security/ise/1- 3/admin_guide/b_ise_admin_guide_13/ b_ise_admin_guide_sample_chapter_01110.html

asked 07/10/2024
Herlinda Cantu
40 questions

Question 7

Report
Export
Collapse

Which three default endpoint identity groups does cisco ISE create? (Choose three)

A.

Unknown

A.

Unknown
Answers
B.

whitelist

B.

whitelist
Answers
C.

end point

C.

end point
Answers
D.

profiled

D.

profiled
Answers
E.

blacklist

E.

blacklist
Answers
Suggested answer: A, D, E

Explanation:

Default Endpoint Identity Groups Created for Endpoints

Cisco ISE creates the following five endpoint identity groups by default: Blacklist, GuestEndpoints, Profiled, RegisteredDevices, and Unknown. In addition, it creates two more identity groups, such as Cisco-IP-Phone and Workstation, which are associated to the Profiled (parent) identity group. A parent group is the default identity group that exists in the system.

https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ise_admin_guide_24/b_ise_admin_guide_24_new_chapter_010101.html#ID1678

asked 07/10/2024
Shane Cook
33 questions

Question 8

Report
Export
Collapse

Which Cisco ISE service allows an engineer to check the compliance of endpoints before connecting to the network?

A.

personas

A.

personas
Answers
B.

qualys

B.

qualys
Answers
C.

nexpose

C.

nexpose
Answers
D.

posture

D.

posture
Answers
Suggested answer: D

Explanation:

https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_010110.htmlPosture is a service in Cisco Identity Services Engine (Cisco ISE) that allows you to check the state,also known as posture, of all the endpoints that are connecting to a network for compliance withcorporate security policies. This allows you to control clients to access protected areas of a network.

asked 07/10/2024
Sharanjit Kareer
41 questions

Question 9

Report
Export
Collapse

Which default endpoint identity group does an endpoint that does not match any profile in Cisco ISE become a member of?

A.

Endpoint

A.

Endpoint
Answers
B.

unknown

B.

unknown
Answers
C.

blacklist

C.

blacklist
Answers
D.

white list

D.

white list
Answers
E.

profiled

E.

profiled
Answers
Suggested answer: B

Explanation:

If you do not have a matching profiling policy, you can assign an unknown profiling policy. The endpoint is therefore profiled as Unknown. The endpoint that does not match any profile is grouped within the Unknown identity group. The endpoint profiled to the Unknown profile requires that you create a profile with an attribute or a set of attributes collected for that endpoint.

https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_man_identities.html

asked 07/10/2024
Kinzonji Tavares
42 questions

Question 10

Report
Export
Collapse

Refer to the exhibit:

Which command is typed within the CU of a switch to view the troubleshooting output?

A.

show authentication sessions mac 000e.84af.59af details

A.

show authentication sessions mac 000e.84af.59af details
Answers
B.

show authentication registrations

B.

show authentication registrations
Answers
C.

show authentication interface gigabitethemet2/0/36

C.

show authentication interface gigabitethemet2/0/36
Answers
D.

show authentication sessions method

D.

show authentication sessions method
Answers
Suggested answer: A
asked 07/10/2024
Norman Camacho
47 questions
Total 242 questions
Go to page: of 25
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy policy
Terms
Disclaimer
Refund policy
Copyright
Twitter X
Facebook
Medium