Cisco 300-715 Practice Test - Questions Answers, Page 16
Question list
List of questions
Related questions
A network administrator notices that after a company-wide shut down, many users cannot connect their laptops to the corporate SSID. What must be done to permit access in a timely manner?
Authenticate the user's system to the secondary Cisco ISE node and move this user to the primary with the renewed certificate.
Connect this system as a guest user and then redirect the web auth protocol to log in to the network.
Add a certificate issue from the CA server, revoke the expired certificate, and add the new certificate in system.
Allow authentication for expired certificates within the EAP-TLS section under the allowed protocols.
An administrator adds a new network device to the Cisco ISE configuration to authenticate endpoints to the network. The RADIUS test fails after the administrator configures all of the settings in Cisco ISE and adds the proper configurations to the switch. What is the issue"?
The endpoint profile is showing as "unknown."
The endpoint does not have the appropriate credentials for network access.
The shared secret is incorrect on the switch or on Cisco ISE.
The certificate on the switch is self-signed not a CA-provided certificate.
An engineer tests Cisco ISE posture services on the network and must configure the compliance module to automatically download and install on endpoints Which action accomplishes this task for VPN users?
Create a Cisco AnyConnect configuration and Client Provisioning policy within Cisco ISE.
Configure the compliance module to be downloaded from within the posture policy.
Push the compliance module from Cisco FTD prior to attempting posture.
Use a compound posture condition to check for the compliance module and download if needed.
Users in an organization report issues about having to remember multiple usernames and passwords. The network administrator wants the existing Cisco ISE deployment to utilize an external identity source to alleviate this issue. Which two requirements must be met to implement this change? (Choose two.)
Enable IPC access over port 80.
Ensure that the NAT address is properly configured
Establish access to one Global Catalog server.
Provide domain administrator access to Active Directory.
Configure a secure LDAP connection.
Which two external identity stores support EAP-TLS and PEAP-TLS? (Choose two.)
Active Directory
RADIUS Token
Internal Database
RSA SecurlD
LDAP
What is a function of client provisioning?
It ensures an application process is running on the endpoint.
It checks a dictionary' attribute with a value.
It ensures that endpoints receive the appropriate posture agents
It checks the existence date and versions of the file on a client.
An administrator is troubleshooting an endpoint that is supposed to bypass 802 1X and use MAB. The endpoint is bypassing 802.1X and successfully getting network access using MAB. however the endpoint cannot communicate because it cannot obtain an IP address. What is the problem?
The DHCP probe for Cisco ISE is not working as expected.
The 802.1 X timeout period is too long.
The endpoint is using the wrong protocol to authenticate with Cisco ISE.
An AC I on the port is blocking HTTP traffic
A Cisco ISE administrator must restrict specific endpoints from accessing the network while in closed mode. The requirement is to have Cisco ISE centrally store the endpoints to restrict access from.
What must be done to accomplish this task''
Add each MAC address manually to a blocklist identity group and create a policy denying access
Create a logical profile for each device's profile policy and block that via authorization policies.
Create a profiling policy for each endpoint with the cdpCacheDeviceld attribute.
Add each IP address to a policy denying access.
An engineer deploys Cisco ISE and must configure Active Directory to then use information from Active Directory in an authorization policy. Which two components must be configured, in addition to Active Directory groups, to achieve this goat? (Choose two )
Active Directory External Identity Sources
Library Condition for External Identity: External Groups
Identity Source Sequences
LDAP External Identity Sources
Library Condition for Identity Group: User Identity Group
An engineer is working with a distributed deployment of Cisco ISE and needs to configure various network probes to collect a set of attributes from the endpoints on the network. Which node should be used to accomplish this task?
PSN
primary PAN
pxGrid
MnT
Question