Cisco 300-715 Practice Test - Questions Answers, Page 20
Question list
List of questions
Related questions
Which compliance status is set when a matching posture policy has been defined for that endpomt. but all the mandatory requirements during posture assessment are not met?
unauthorized
untrusted
non-compliant
unknown
A Cisco device has a port configured in multi-authentication mode and is accepting connections only from hosts assigned the SGT of SGT_0422048549 The VLAN trunk link supports a maximum of 8 VLANS What is the reason for these restrictions?
The device is performing inline tagging without acting as a SXP speaker
The device is performing mime tagging while acting as a SXP speaker
The IP subnet addresses are dynamically mapped to an SGT.
The IP subnet addresses are statically mapped to an SGT
An administrator wants to configure network device administration and is trying to decide whether to use TACACS* or RADIUS. A reliable protocol must be used that can check command authorization Which protocol meets these requirements and why?
TACACS+ because it runs over TCP
RADIUS because it runs over UDP
RADIUS because it runs over TCP.
TACACS+ because it runs over UDP
An administrator has added a new Cisco ISE PSN to their distributed deployment. Which two features must the administrator enable to accept authentication requests and profile the endpoints correctly, and add them to their respective endpoint identity groups? (Choose two )
Session Services
Endpoint Attribute Filter
Posture Services
Profiling Services
Radius Service
Refer to the exhibit.
Which two configurations are needed on a catalyst switch for it to be added as a network access device in a Cisco ISE that is being used for 802 1X authentications? (Choose two )
Option A
Option B
Option C
Option D
Option E
An administrator is configuring sponsored guest access using Cisco ISE Access must be restricted to the sponsor portal to ensure that only necessary employees can issue sponsored accounts and employees must be classified to do so
What must be done to accomplish this task?
Configure an identity-based access list in Cisco ISE to restrict the users allowed to login
Edit the sponsor portal to only accept members from the selected groups
Modify the sponsor groups assigned to reflect the desired user groups
Create an authorization rule using the Guest Flow condition to authorize the administrators
Refer to the exhibit.
An engineer is configuring a client but cannot authenticate to Cisco ISE During troubleshooting, the show authentication sessions command was issued to display the authentication status of each port Which command gives additional information to help identify the problem with the authentication?
show authentication sessions
show authentication sessions Interface Gil/0/1 output
show authentication sessions interface Gi1/0/1 details
show authentication sessions output
An administrator is manually adding a device to a Cisco ISE identity group to ensure that it is able to access the network when needed without authentication Upon testing, the administrator notices that the device never hits the correct authorization policy line using the condition EndPoints LogicalProfile EQUALS static_list Why is this occurring?
The dynamic logical profile is overriding the statically assigned profile
The device is changing identity groups after profiling instead ot remaining static
The logical profile is being statically assigned instead of the identity group
The identity group is being assigned instead of the logical profile
An engineer is creating a new authorization policy to give the endpoints access to VLAN 310 upon successful authentication The administrator tests the 802.1X authentication for the endpoint and sees that it is authenticating successfully
What must be done to ensure that the endpoint is placed into the correct VLAN?
Configure the switchport access vlan 310 command on the switch port
Ensure that the security group is not preventing the endpoint from being in VLAN 310
Add VLAN 310 in the common tasks of the authorization profile
Ensure that the endpoint is using The correct policy set
An engineer is configuring posture assessment for their network access control and needs to use an agent that supports using service conditions as conditions for the assessment. The agent should be run as a background process to avoid user interruption but when it is run. the user can see it. What is the problem?
The engineer is using the "Anyconnect” posture agent but should be using the "Stealth Anyconnect posture agent
The posture module was deployed using the headend instead of installing it with SCCM
The user was in need of remediation so the agent appeared m the notifications
The proper permissions were no! given to the temporal agent to conduct the assessment
Question