Cisco 300-715 Practice Test - Questions Answers, Page 11
Question list
Related questions
What is a function of client provisioning?
Client provisioning ensures that endpoints receive the appropriate posture agents.
Client provisioning checks a dictionary attribute with a value.
Client provisioning ensures an application process is running on the endpoint.
Client provisioning checks the existence, date, and versions of the file on a client.
An engineer is testing Cisco ISE policies in a lab environment with no support for a deployment server. In order to push supplicant profiles to the workstations for testing, firewall ports will need to be opened. From which Cisco ISE persona should this traffic be originating?
monitoring
policy service
administration
authentication
What is an advantage of using EAP-TLS over EAP-MS-CHAPv2 for client authentication?
EAP-TLS uses a username and password for authentication to enhance security, while EAP-MSCHAPv2 does not.
EAP-TLS secures the exchange of credentials, while EAP-MS-CHAPv2 does not.
EAP-TLS uses a device certificate for authentication to enhance security, while EAP-MS-CHAPv2 does not.
EAP-TLS uses multiple forms of authentication, while EAP-MS-CHAPv2 only uses one.
There are several devices on a network that are considered critical and need to be placed into the ISE database and a policy used for them. The organization does not want to use profiling. What must be done to accomplish this goal?
Enter the MAC address in the correct Endpoint Identity Group.
Enter the MAC address in the correct Logical Profile.
Enter the IP address in the correct Logical Profile.
Enter the IP address in the correct Endpoint Identity Group.
An engineer is tasked with placing a guest access anchor controller in the DMZ. Which two ports or port sets must be opened up on the firewall to accomplish this task? (Choose two.)
UDP port 1812 RADIUS
TCP port 161
TCP port 514
UDP port 79
UDP port 16666
A network administrator is configuring authorization policies on Cisco ISE There is a requirement to use AD group assignments to control access to network resources After a recent power failure and Cisco ISE rebooting itself, the AD group assignments no longer work What is the cause of this issue?
The AD join point is no longer connected.
The AD DNS response is slow.
The certificate checks are not being conducted.
The network devices ports are shut down.
An administrator is adding a switch to a network that is running Cisco ISE and is only for IP Phones The phones do not have the ability to authenticate via 802 1X Which command is needed on each switch port for authentication?
dot1x system-auth-control
enable bypass-mac
enable network-authentication
mab
A network administrator is setting up wireless guest access and has been unsuccessful in testing client access. The endpoint is able to connect to the SSID but is unable to grant access to the guest network through the guest portal. What must be done to identify the problem?
Use context visibility to verify posture status.
Use the endpoint ID to execute a session trace.
Use the identity group to validate the authorization rules.
Use traceroute to ensure connectivity.
An administrator is configuring new probes to use with Cisco ISE and wants to use metadata to help profile the endpoints. The metadata must contain traffic information relating to the endpoints instead of industry-standard protocol information Which probe should be enabled to meet these requirements?
NetFlow probe
DNS probe
DHCP probe
SNMP query probe
An organization wants to standardize the 802 1X configuration on their switches and remove static ACLs on the switch ports while allowing Cisco ISE to communicate to the switch what access to provide What must be configured to accomplish this task?
security group tag within the authorization policy
extended access-list on the switch for the client
port security on the switch based on the client's information
dynamic access list within the authorization profile
Question