ExamGecko
Search Search Login
Home Home / Cisco / 300-715

Cisco 300-715 Practice Test - Questions Answers, Page 15

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

DRAG DROP An engineer needs to configure a compliance policy on Cisco ISE to ensure that the latest encryption software is running on the C drive of all endpoints. Drag and drop the configuration steps from the left into the sequence on the right to accomplish this task.
An administrator must block access to BYOD endpoints that were onboarded without a certificate and have been reported as stolen in the Cisco ISE My Devices Portal. Which condition must be used when configuring an authorization policy that sets DenyAccess permission?
Refer to the exhibit. An engineer is configuring Cisco ISE for guest services They would like to have any unregistered guests redirected to the guest portal for authentication then have a CoA provide them with full access to the network that is segmented via firewalls Why is the given configuration failing to accomplish this goal?
What are two components of the posture requirement when configuring Cisco ISE posture? (Choose two)
An organization is hosting a conference and must make guest accounts for several of the speakers attending. The conference ended two days early but the guest accounts are still being used to access the network. What must be configured to correct this?
What occurs when a Cisco ISE distributed deployment has two nodes and the secondary node is deregistered?
While configuring Cisco TrustSec on Cisco IOS devices the engineer must set the CTS device ID and password in order for the devices to authenticate with each other. However after this is complete the devices are not able to property authenticate What issue would cause this to happen even if the device ID and passwords are correct?
A network engineer is configuring a network device that needs to filter traffic based on security group tags using a security policy on a routed into this task?
An engineer is configuring Cisco ISE to reprofile endpoints based only on new requests of INITREBOOT and SELECTING message types. Which probe should be used to accomplish this task?
The security team identified a rogue endpoint with MAC address 00:46:91:02:28:4A attached to the network. Which action must security engineer take within Cisco ISE to effectively restrict network access for this endpoint?

Question 141

Report
Export
Collapse

An engineer is implementing network access control using Cisco ISE and needs to separate the traffic based on the network device ID and use the IOS device sensor capability. Which probe must be used to accomplish this task?

A.

HTTP probe

A.

HTTP probe

Answers
B.

NetFlow probe

B.

NetFlow probe

Answers
C.

network scan probe

C.

network scan probe

Answers
D.

RADIUS probe

D.

RADIUS probe

Answers
Suggested answer: D

Explanation:

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/200292-Configure-Device-Sensor-for-ISE-Profilin.htmlhttp://www.network-node.com/blog/2016/1/2/ise-20-profiling

Question 142

Report
Export
Collapse

An administrator is trying to collect metadata information about the traffic going across the network to gam added visibility into the hosts. This Information will be used to create profiling policies for devices us mg Cisco ISE so that network access policies can be used What must be done to accomplish this task?

A.

Configure the RADIUS profiling probe within Cisco ISE

A.

Configure the RADIUS profiling probe within Cisco ISE

Answers
B.

Configure NetFlow to be sent to me Cisco ISE appliance.

B.

Configure NetFlow to be sent to me Cisco ISE appliance.

Answers
C.

Configure SNMP to be used with the Cisco ISE appliance

C.

Configure SNMP to be used with the Cisco ISE appliance

Answers
D.

Configure the DHCP probe within Cisco ISE

D.

Configure the DHCP probe within Cisco ISE

Answers
Suggested answer: D

Question 143

Report
Export
Collapse

A laptop was stolen and a network engineer added it to the block list endpoint identity group What must be done on a new Cisco ISE deployment to redirect the laptop and restrict access?

A.

Select DenyAccess within the authorization policy.

A.

Select DenyAccess within the authorization policy.

Answers
B.

Ensure that access to port 8443 is allowed within the ACL.

B.

Ensure that access to port 8443 is allowed within the ACL.

Answers
C.

Ensure that access to port 8444 is allowed within the ACL.

C.

Ensure that access to port 8444 is allowed within the ACL.

Answers
D.

Select DROP under If Auth fail within the authentication policy.

D.

Select DROP under If Auth fail within the authentication policy.

Answers
Suggested answer: C

Explanation:

https://www.cisco.com/c/en/us/td/docs/security/ise/1-3/admin_guide/b_ise_admin_guide_13/b_ise_admin_guide_sample_chapter_010000.html

Question 144

Report
Export
Collapse

An adminístrator is migrating device administration access to Cisco ISE from the legacy TACACS+ solution that used only privilege 1 and 15 access levels. The organization requires more granular controls of the privileges and wants to customize access levels 2-5 to correspond with different roles and access needs. Besides defining a new shell profile in Cisco ISE. what must be done to accomplish this configuration?

A.

Enable the privilege levels in Cisco ISE

A.

Enable the privilege levels in Cisco ISE

Answers
B.

Enable the privilege levels in the IOS devices.

B.

Enable the privilege levels in the IOS devices.

Answers
C.

Define the command privileges for levels 2-5 in the IOS devices

C.

Define the command privileges for levels 2-5 in the IOS devices

Answers
D.

Define the command privileges for levels 2-5 in Cisco ISE

D.

Define the command privileges for levels 2-5 in Cisco ISE

Answers
Suggested answer: B

Explanation:

https://learningnetwork.cisco.com/s/blogs/a0D3i000002eeWTEAY/cisco-ios-privilege-levels

Question 145

Report
Export
Collapse

An administrator is configuring RADIUS on a Cisco switch with a key set to Cisc403012128 but is receiving the error "Authentication failed: 22040 Wrong password or invalid shared secret. "what must be done to address this issue?

A.

Add the network device as a NAD inside Cisco ISE using the existing key.

A.

Add the network device as a NAD inside Cisco ISE using the existing key.

Answers
B.

Configure the key on the Cisco ISE instead of the Cisco switch.

B.

Configure the key on the Cisco ISE instead of the Cisco switch.

Answers
C.

Use a key that is between eight and ten characters.

C.

Use a key that is between eight and ten characters.

Answers
D.

Validate that the key is correct on both the Cisco switch as well as Cisco ISE.

D.

Validate that the key is correct on both the Cisco switch as well as Cisco ISE.

Answers
Suggested answer: D

Question 146

Report
Export
Collapse

What is the maximum number of PSN nodes supported in a medium-sized deployment?

A.

three

A.

three

Answers
B.

five

B.

five

Answers
C.

two

C.

two

Answers
D.

eight

D.

eight

Answers
Suggested answer: B

Question 147

Report
Export
Collapse

An organization has a fully distributed Cisco ISE deployment When implementing probes, an administrator must scan for unknown endpoints to learn the IP-to-MAC address bindings. The scan is complete on one FPSN. but the information is not available on the others. What must be done to make the information available?

A.

Scanning must be initiated from the PSN that last authenticated the endpoint

A.

Scanning must be initiated from the PSN that last authenticated the endpoint

Answers
B.

Cisco ISE must learn the IP-MAC binding of unknown endpoints via DHCP profiling, not via scanning

B.

Cisco ISE must learn the IP-MAC binding of unknown endpoints via DHCP profiling, not via scanning

Answers
C.

Scanning must be initiated from the MnT node to centrally gather the information

C.

Scanning must be initiated from the MnT node to centrally gather the information

Answers
D.

Cisco ISE must be configured to learn the IP-MAC binding of unknown endpoints via RADIUS authentication, not via scanning

D.

Cisco ISE must be configured to learn the IP-MAC binding of unknown endpoints via RADIUS authentication, not via scanning

Answers
Suggested answer: B

Question 148

Report
Export
Collapse

An administrator is configuring a new profiling policy within Cisco ISE The organization has several endpoints that are the same device type and all have the same Block ID in their MAC address. The profiler does not currently have a profiling policy created to categorize these endpoints. therefore a custom profiling policy must be created Which condition must the administrator use in order to properly profile an ACME Al Connector endpoint for network access with MAC address <MAC ADDRESS>?

A.

MAC_OUI_STARTSWITH_<MACADDRESS>

A.

MAC_OUI_STARTSWITH_<MACADDRESS>

Answers
B.

CDP_cdpCacheDevicelD_CONTAINS_<MACADDRESS>

B.

CDP_cdpCacheDevicelD_CONTAINS_<MACADDRESS>

Answers
C.

MAC_MACAddress_CONTAINS_<MACADDRESS>

C.

MAC_MACAddress_CONTAINS_<MACADDRESS>

Answers
D.

Radius Called Station-ID STARTSWITH <MACADDRESS>

D.

Radius Called Station-ID STARTSWITH <MACADDRESS>

Answers
Suggested answer: D

Question 149

Report
Export
Collapse

A network administrator is configuring client provisioning resource policies for client machines and must ensure that an agent pop-up is presented to the client when attempting to connect to the network Which configuration item needs to be added to allow for this'?

A.

the client provisioning URL in the authorization policy

A.

the client provisioning URL in the authorization policy

Answers
B.

a temporal agent that gets installed onto the system

B.

a temporal agent that gets installed onto the system

Answers
C.

a remote posture agent proxying the network connection

C.

a remote posture agent proxying the network connection

Answers
D.

an API connection back to the client

D.

an API connection back to the client

Answers
Suggested answer: C

Question 150

Report
Export
Collapse

A network administrator must configure Cisco SE Personas in the company to share session information via syslog. Which Cisco ISE personas must be added to syslog receivers to accomplish this goal?

A.

pxGrid

A.

pxGrid

Answers
B.

admin

B.

admin

Answers
C.

policy services

C.

policy services

Answers
D.

monitor

D.

monitor

Answers
Suggested answer: D
Total 242 questions
Go to page: of 25
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms