ExamGecko
Search Search Login
Home Home / Cisco / 300-715

Cisco 300-715 Practice Test - Questions Answers, Page 25

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

An administrator must block access to BYOD endpoints that were onboarded without a certificate and have been reported as stolen in the Cisco ISE My Devices Portal. Which condition must be used when configuring an authorization policy that sets DenyAccess permission?
Refer to the exhibit. An engineer is configuring Cisco ISE for guest services They would like to have any unregistered guests redirected to the guest portal for authentication then have a CoA provide them with full access to the network that is segmented via firewalls Why is the given configuration failing to accomplish this goal?
An organization is hosting a conference and must make guest accounts for several of the speakers attending. The conference ended two days early but the guest accounts are still being used to access the network. What must be configured to correct this?
What are two components of the posture requirement when configuring Cisco ISE posture? (Choose two)
DRAG DROP An engineer needs to configure a compliance policy on Cisco ISE to ensure that the latest encryption software is running on the C drive of all endpoints. Drag and drop the configuration steps from the left into the sequence on the right to accomplish this task.
What occurs when a Cisco ISE distributed deployment has two nodes and the secondary node is deregistered?
A network engineer is configuring a network device that needs to filter traffic based on security group tags using a security policy on a routed into this task?
DRAG DROP Drag and drop the configuration steps from the left into the sequence on the right to install two Cisco ISE nodes in a distributed deployment.
An engineer is configuring a posture policy for Windows 10 endpoints and wants to ensure that users in each AD group have different conditions to meet to be compliant. What must be done to accomplish this task?
While configuring Cisco TrustSec on Cisco IOS devices the engineer must set the CTS device ID and password in order for the devices to authenticate with each other. However after this is complete the devices are not able to property authenticate What issue would cause this to happen even if the device ID and passwords are correct?

Question 241

Report
Export
Collapse

An engineer is working on a switch and must tag packets with SGT values such that it learns via SXP. Which command must be entered to meet this requirement?

A.

ip source guard

A.

ip source guard

Answers
B.

ip dhcp snooping

B.

ip dhcp snooping

Answers
C.

ip device tracking maximum

C.

ip device tracking maximum

Answers
D.

ip arp inspection

D.

ip arp inspection

Answers
Suggested answer: C

Explanation:

The ip device tracking maximum command is used to configure the maximum number of IP-to-SGT bindings that can be learned via SXP on a switch1. This command also enables the switch to tag packets with SGT values based on the bindings learned from SXP peers. The other commands are not related to SGT tagging or SXP learning.

Question 242

Report
Export
Collapse

An enterprise uses a separate PSN for each of its four remote sites. Recently, a user reported receiving an 'EAP-TLS authentication failed' message when moving between remote sites. Which configuration must be applied on Cisco ISE?

A.

Use a third-party certificate on the network device.

A.

Use a third-party certificate on the network device.

Answers
B.

Add the device to all PSN nodes in the deployment.

B.

Add the device to all PSN nodes in the deployment.

Answers
C.

Renew the expired certificate on one of the PSN.

C.

Renew the expired certificate on one of the PSN.

Answers
D.

Configure an authorization profile for the end users.

D.

Configure an authorization profile for the end users.

Answers
Suggested answer: B

Explanation:

When using separate PSNs for different sites, the network device must be added to all PSN nodes in the deployment, so that the device can communicate with the appropriate PSN based on the location of the user1. If the device is not added to all PSN nodes, the user may encounter an EAP-TLS authentication failure when moving between sites, as the device may not be able to reach the PSN that issued the certificate2. The other options are not relevant for this scenario, as they do not address the issue of PSN communication.

Total 242 questions
Go to page: of 25
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms