ExamGecko
Search Search Login
Home Home / Cisco / 300-715

Cisco 300-715 Practice Test - Questions Answers, Page 19

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

An administrator must block access to BYOD endpoints that were onboarded without a certificate and have been reported as stolen in the Cisco ISE My Devices Portal. Which condition must be used when configuring an authorization policy that sets DenyAccess permission?
DRAG DROP An engineer needs to configure a compliance policy on Cisco ISE to ensure that the latest encryption software is running on the C drive of all endpoints. Drag and drop the configuration steps from the left into the sequence on the right to accomplish this task.
Refer to the exhibit. An engineer is configuring Cisco ISE for guest services They would like to have any unregistered guests redirected to the guest portal for authentication then have a CoA provide them with full access to the network that is segmented via firewalls Why is the given configuration failing to accomplish this goal?
An organization is hosting a conference and must make guest accounts for several of the speakers attending. The conference ended two days early but the guest accounts are still being used to access the network. What must be configured to correct this?
What occurs when a Cisco ISE distributed deployment has two nodes and the secondary node is deregistered?
What are two components of the posture requirement when configuring Cisco ISE posture? (Choose two)
A network engineer is configuring a network device that needs to filter traffic based on security group tags using a security policy on a routed into this task?
While configuring Cisco TrustSec on Cisco IOS devices the engineer must set the CTS device ID and password in order for the devices to authenticate with each other. However after this is complete the devices are not able to property authenticate What issue would cause this to happen even if the device ID and passwords are correct?
The security team identified a rogue endpoint with MAC address 00:46:91:02:28:4A attached to the network. Which action must security engineer take within Cisco ISE to effectively restrict network access for this endpoint?
DRAG DROP Drag and drop the configuration steps from the left into the sequence on the right to install two Cisco ISE nodes in a distributed deployment.

Question 181

Report
Export
Collapse

An administrator enables the profiling service for Cisco ISE to use for authorization policies while in closed mode. When the endpoints connect, they receive limited access so that the profiling probes can gather information and Cisco ISE can assign the correct profiles. They are using the default values within Cisco ISE. but the devices do not change their access due to the new profile. What is the problem'?

A.

In closed mode, profiling does not work unless CDP is enabled.

A.

In closed mode, profiling does not work unless CDP is enabled.

Answers
B.

The profiling probes are not able to collect enough information to change the device profile

B.

The profiling probes are not able to collect enough information to change the device profile

Answers
C.

The profiler feed is not downloading new information so the profiler is inactive

C.

The profiler feed is not downloading new information so the profiler is inactive

Answers
D.

The default profiler configuration is set to No CoA for the reauthentication setting

D.

The default profiler configuration is set to No CoA for the reauthentication setting

Answers
Suggested answer: D

Question 182

Report
Export
Collapse

Which RADIUS attribute is used to dynamically assign the inactivity active timer for MAB users from the Cisco ISE node'?

A.

radius-server timeout

A.

radius-server timeout

Answers
B.

session-timeout

B.

session-timeout

Answers
C.

idle-timeout

C.

idle-timeout

Answers
D.

termination-action

D.

termination-action

Answers
Suggested answer: C

Question 183

Report
Export
Collapse

An administrator is configuring cisco ISE lo authenticate users logging into network devices using TACACS+ The administrator is not seeing any oí the authentication in the TACACS+ live logs. Which action ensures the users are able to log into the network devices?

A.

Enable the device administration service in the Administration persona

A.

Enable the device administration service in the Administration persona

Answers
B.

Enable the session services in the administration persona

B.

Enable the session services in the administration persona

Answers
C.

Enable the service sessions in the PSN persona.

C.

Enable the service sessions in the PSN persona.

Answers
D.

Enable the device administration service in the PSN persona.

D.

Enable the device administration service in the PSN persona.

Answers
Suggested answer: D

Explanation:

https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ISE_admin_guide_24/m_ise_tacacs_device_admin.html

Question 184

Report
Export
Collapse

DRAG DROP

Drag the steps to configure a Cisco ISE node as a primary administration node from the left into the correct order on the right.


Question 184
Correct answer: Question 184

Explanation:

Reference: https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_dis_deploy.html

Question 185

Report
Export
Collapse

DRAG DROP

Drag the Cisco ISE node types from the left onto the appropriate purposes on the right.


Question 185
Correct answer: Question 185

Question 186

Report
Export
Collapse

DRAG DROP

An organization wants to implement 802.1X and is debating whether to use PEAP-MSCHAPv2 or PEAP-EAP-TLS for authentication. Drag the characteristics on the left to the corresponding protocol on the right


Question 186
Correct answer: Question 186

Question 187

Report
Export
Collapse

DRAG DROP

Drag the descriptions on the left onto the components of 802.1X on the right.


Question 187
Correct answer: Question 187

Explanation:

Authenticator – device that controls physical access to the network based on the authentication status

Supplicant - software on the endpoint that communicates with EAP at layer 2

Authentication server – device that validates the identity of the endpoint and provides results to another device

Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_8021x/configuration/xe3se/3850/sec-user-8021x-xe-

3se-3850-book/config-ieee-802x-pba.html

Question 188

Report
Export
Collapse

DRAG DROP

Drag and drop the description from the left onto the protocol on the right that is used to carry out system authentication, authorization, and accounting.


Question 188
Correct answer: Question 188

Explanation:

Reference: https://www.cisco.com/c/en/us/support/docs/security-vpn/remote-authentication-dial-userservice-radius/13838-10.html

Question 189

Report
Export
Collapse

An engineer is configuring the remote access VPN to use Cisco ISE for AAA and needs to conduct posture checks on the connecting endpoints After the endpoint connects, it receives its initial authorization result and continues onto the compliance scan What must be done for this AAA configuration to allow compliant access to the network?

A.

Configure the posture authorization so it defaults to unknown status

A.

Configure the posture authorization so it defaults to unknown status

Answers
B.

Fix the CoA port number

B.

Fix the CoA port number

Answers
C.

Ensure that authorization only mode is not enabled

C.

Ensure that authorization only mode is not enabled

Answers
D.

Enable dynamic authorization within the AAA server group

D.

Enable dynamic authorization within the AAA server group

Answers
Suggested answer: D

Question 190

Report
Export
Collapse

Which two Cisco ISE deployment models require two nodes configured with dedicated PAN and MnT personas? (Choose two.)

A.

three PSN nodes

A.

three PSN nodes

Answers
B.

seven PSN nodes with one PxGrid node

B.

seven PSN nodes with one PxGrid node

Answers
C.

five PSN nodes with one PxGrid node

C.

five PSN nodes with one PxGrid node

Answers
D.

two PSN nodes with one PxGrid node

D.

two PSN nodes with one PxGrid node

Answers
E.

six PSN nodes

E.

six PSN nodes

Answers
Suggested answer: C, D
Total 242 questions
Go to page: of 25
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms