Cisco 300-715 Practice Test - Questions Answers, Page 17
Question list
List of questions
Related questions
An engineer is configuring TACACS+ within Cisco ISE for use with a non-Cisco network device. They need to send special attributes in the Access-Accept response to ensure that the users are given the appropriate access. What must be configured to accomplish this'?
dACLs to enforce the various access policies for the users
custom access conditions for defining the different roles
shell profiles with custom attributes that define the various roles
TACACS+ command sets to provide appropriate access
An engineer is configuring Cisco ISE policies to support MAB for devices that do not have 802.1X capabilities. The engineer is configuring new endpoint identity groups as conditions to be used in the AuthZ policies, but noticed that the endpoints are not hitting the correct policies. What must be done in order to get the devices into the right policies?
Manually add the MAC addresses of the devices to endpoint ID groups in the context visibility database.
Create an AuthZ policy to identify Unknown devices and provide partial network access prior to profiling.
Add an identity policy to dynamically add the IP address of the devices to their endpoint identity groups.
Identify the non 802.1 * supported device types and create custom profiles for them to profile into.
An administrator is configuring a Cisco WLC for web authentication Which two client profiling methods are enabled by default if the Apply Cisco ISE Default Settings check box has been selected'?
(Choose two.)
CDP
DHCP
HTTP
SNMP
LLDP
An administrator needs to allow guest devices to connect to a private network without requiring usernames and passwords. Which two features must be configured to allow for this? (Choose two.)
hotspot guest portal
device registration WebAuth
central WebAuth
local WebAuth
self-registered guest portal
An engineer is enabling a newly configured wireless SSID for tablets and needs visibility into which other types of devices are connecting to it. What must be done on the Cisco WLC to provide this information to Cisco ISE9
enable IP Device Tracking
enable MAC filtering
enable Fast Transition
enable mDNS snooping
A network administrator is currently using Cisco ISE to authenticate devices and users via 802 1X There is now a need to also authorize devices and users using EAP-TLS. Which two additional components must be configured in Cisco ISE to accomplish this'? (Choose two.)
Network Device Group
Serial Number attribute that maps to a CA Server
Common Name attribute that maps to an identity store
Certificate Authentication Profile
EAP Authorization Profile
An engineer is configuring sponsored guest access and needs to limit each sponsored guest to a maximum of two devices. There are other guest services in production that rely on the default guest types. How should this configuration change be made without disrupting the other guest services currently offering three or more guest devices per user?
Create an ISE identity group to add users to and limit the number of logins via the group configuration.
Create a new guest type and set the maximum number of devices sponsored guests can register
Create an LDAP login for each guest and tag that in the guest portal for authentication.
Create a new sponsor group and adjust the settings to limit the devices for each guest.
A Cisco ISE administrator needs to ensure that guest endpoint registrations are only valid for 1 day.
When testing the guest policy flow, the administrator sees that the Cisco ISE does not delete the endpoint in the Guest Endpoints identity store after one day and allows access to the guest network after that period. Which configuration is causing this problem?
The RADIUS policy set for guest access is set to allow repeated authentication of the same device.
The length of access is set to 7 days in the Guest Portal Settings.
The Endpoint Purge Policy is set to 30 days for guest devices.
The Guest Account Purge Policy is set to 15 days.
An employee must access the internet through the corporate network from a new mobile device that does not support native supplicant provisioning provided by Cisco ISE. Which portal must the employee use to provision to the device?
BYOD
Personal Device
My Devices
Client Provisioning
What are two differences between the RADIUS and TACACS+ protocols'? (Choose two.)
RADIUS is a Cisco proprietary protocol, whereas TACACS+ is an open standard protocol
TACACS+uses TCP port 49. whereas RADIUS uses UDP ports 1812 and 1813.
RADIUS offers multiprotocol support, whereas TACACS+ does not
RADIUS combines authentication and authorization, whereas TACACS+ does not
RADIUS enables encryption of all the packets, whereas with TACACS+. only the password is encrypted.
Question