Cisco 300-715 Practice Test - Questions Answers, Page 10
Question list
List of questions
Related questions
What must be configured on the WLC to configure Central Web Authentication using Cisco ISE and a WLC?
Set the NAC State option to SNMP NAC.
Set the NAC State option to RADIUS NAC.
Use the radius-server vsa send authentication command.
Use the ip access-group webauth in command.
Refer to the exhibit.
An organization recently implemented network device administration using Cisco ISE. Upon testing the ability to access all of the required devices, a user in the Cisco ISE group IT Admins is attempting to login to a device in their organization's finance department but is unable to. What is the problem?
The IT training rule is taking precedence over the IT Admins rule.
The authorization conditions wrongly allow IT Admins group no access to finance devices.
The finance location is not a condition in the policy set.
The authorization policy doesn't correctly grant them access to the finance devices.
When creating a policy within Cisco ISE for network access control, the administrator wants to allow different access restrictions based upon the wireless SSID to which the device is connecting. Which policy condition must be used in order to accomplish this?
Network Access NetworkDeviceName CONTAINS <SSID Name>
DEVICE Device Type CONTAINS <SSID Name>
Radius Called-Station-ID CONTAINS <SSID Name>
Airespace Airespace-Wlan-ld CONTAINS <SSID Name>
There is a need within an organization for a new policy to be created in Cisco ISE. It must validate that a specific anti-virus application is not only installed, but running on a machine before it is allowed access to the network. Which posture condition should the administrator configure in order for this policy to work?
file
registry
application
service
An organization wants to improve their BYOD processes to have Cisco ISE issue certificates to the BYOD endpoints. Currently, they have an active certificate authority and do not want to replace it with Cisco ISE. What must be configured within Cisco ISE to accomplish this goal?
Create a certificate signing request and have the root certificate authority sign it.
Add the root certificate authority to the trust store and enable it for authentication.
Create an SCEP profile to link Cisco ISE with the root certificate authority.
Add an OCSP profile and configure the root certificate authority as secondary.
An administrator is adding network devices for a new medical building into Cisco ISE. These devices must be in a network device group that is identifying them as "Medical Switch" so that the policies can be made separately for the endpoints connecting through them. Which configuration item must be changed in the network device within Cisco ISE to accomplish this goal?
Change the device type to Medical Switch.
Change the device profile to Medical Switch.
Change the model name to Medical Switch.
Change the device location to Medical Switch.
An engineer is designing a new distributed deployment for Cisco ISE in the network and is considering failover options for the admin nodes. There is a need to ensure that an admin node is available for configuration of policies at all times.
What is the requirement to enable this feature?
one primary admin and one secondary admin node in the deployment
one policy services node and one secondary admin node
one policy services node and one monitoring and troubleshooting node
one primary admin node and one monitoring and troubleshooting node
A company manager is hosting a conference. Conference participants must connect to an open guest SSID and only use a preassigned code that they enter into the guest portal prior to gaining access to the network. How should the manager configure Cisco ISE to accomplish this goal?
Create entries in the guest identity group for all participants.
Create an access code to be entered in the AUP page.
Create logins for each participant to give them sponsored access.
Create a registration code to be entered on the portal splash page.
A network security engineer needs to configure 802.1X port authentication to allow a single host to be authenticated for data and another single host to be authenticated for voice. Which command should the engineer run on the interface to accomplish this goal?
authentication host-mode single-host
authentication host-mode multi-auth
authentication host-mode multi-host
authentication host-mode multi-domain
When setting up profiling in an environment using Cisco ISE for network access control, an organization must use non-proprietary protocols for collecting the information at layer 2. Which two probes will provide this information without forwarding SPAN packets to Cisco ISE? {Choose two.)
DHCP SPAN probe
SNMP query probe
NetFlow probe
RADIUS probe
DNS probe
Question