ExamGecko
Search Search Login
Home Home / Cisco / 300-715

Cisco 300-715 Practice Test - Questions Answers, Page 8

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

DRAG DROP An engineer needs to configure a compliance policy on Cisco ISE to ensure that the latest encryption software is running on the C drive of all endpoints. Drag and drop the configuration steps from the left into the sequence on the right to accomplish this task.
An administrator must block access to BYOD endpoints that were onboarded without a certificate and have been reported as stolen in the Cisco ISE My Devices Portal. Which condition must be used when configuring an authorization policy that sets DenyAccess permission?
Refer to the exhibit. An engineer is configuring Cisco ISE for guest services They would like to have any unregistered guests redirected to the guest portal for authentication then have a CoA provide them with full access to the network that is segmented via firewalls Why is the given configuration failing to accomplish this goal?
An organization is hosting a conference and must make guest accounts for several of the speakers attending. The conference ended two days early but the guest accounts are still being used to access the network. What must be configured to correct this?
What occurs when a Cisco ISE distributed deployment has two nodes and the secondary node is deregistered?
What are two components of the posture requirement when configuring Cisco ISE posture? (Choose two)
A network engineer is configuring a network device that needs to filter traffic based on security group tags using a security policy on a routed into this task?
While configuring Cisco TrustSec on Cisco IOS devices the engineer must set the CTS device ID and password in order for the devices to authenticate with each other. However after this is complete the devices are not able to property authenticate What issue would cause this to happen even if the device ID and passwords are correct?
The security team identified a rogue endpoint with MAC address 00:46:91:02:28:4A attached to the network. Which action must security engineer take within Cisco ISE to effectively restrict network access for this endpoint?
DRAG DROP Drag and drop the configuration steps from the left into the sequence on the right to install two Cisco ISE nodes in a distributed deployment.

Question 71

Report
Export
Collapse

In a Cisco ISE split deployment model, which load is split between the nodes?

A.

AAA

A.

AAA

Answers
B.

network admission

B.

network admission

Answers
C.

log collection

C.

log collection

Answers
D.

device admission

D.

device admission

Answers
Suggested answer: A

Explanation:

https://www.cisco.com/c/en/us/td/docs/security/ise/2-6/install_guide/b_ise_InstallationGuide26.pdf

Question 72

Report
Export
Collapse

An engineer is implementing Cisco ISE and needs to configure 802.1X. The port settings are configured for port-based authentication. Which command should be used to complete this configuration?

A.

dot1x pae authenticator

A.

dot1x pae authenticator

Answers
B.

dot1x system-auth-control

B.

dot1x system-auth-control

Answers
C.

authentication port-control auto

C.

authentication port-control auto

Answers
D.

aaa authentication dot1x default group radius

D.

aaa authentication dot1x default group radius

Answers
Suggested answer: B

Explanation:

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/31sg/configuration/guide/conf/dot1x.html#wp1133395

Question 73

Report
Export
Collapse

Which two default endpoint identity groups does Cisco ISE create? (Choose two )

A.

block list

A.

block list

Answers
B.

endpoint

B.

endpoint

Answers
C.

profiled

C.

profiled

Answers
D.

allow list

D.

allow list

Answers
E.

unknown

E.

unknown

Answers
Suggested answer: C, E

Explanation:

https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_010100.htmlDefault Endpoint Identity Groups Created for EndpointsCisco ISE creates the following five endpoint identity groups by default: Blacklist, GuestEndpoints,Profiled, RegisteredDevices, and Unknown. In addition, it creates two more identity groups, such asCisco-IP-Phone and Workstation, which are associated to the Profiled (parent) identity group. Aparent group is the default identity group that exists in the system.

Cisco ISE creates the following endpoint identity groups:

Blacklist—This endpoint identity group includes endpoints that are statically assigned to this group in Cisco ISE and endpoints that are block listed in the device registration portal. An authorization profile can be defined in Cisco ISE to permit, or deny network access to endpoints in this group.

GuestEndpoints—This endpoint identity group includes endpoints that are used by guest users.

Profiled—This endpoint identity group includes endpoints that match endpoint profiling policies except Cisco IP phones and workstations in Cisco ISE.

RegisteredDevices—This endpoint identity group includes endpoints, which are registered devices that are added by an employee through the devices registration portal. The profiling service continues to profile these devices normally when they are assigned to this group. Endpoints are statically assigned to this group in Cisco ISE, and the profiling service cannot reassign them to any other identity group. These devices will appear like any other endpoint in the endpoints list. You can edit, delete, and block these devices that you added through the device registration portal from the endpoints list in the Endpoints page in Cisco ISE. Devices that you have blocked in the device registration portal are assigned to the Blacklist endpoint identity group, and an authorization profile that exists in Cisco ISE redirects blocked devices to a URL, which displays "Unauthorised Network Access", a default portal page to the blocked devices.

Unknown—This endpoint identity group includes endpoints that do not match any profile in Cisco ISE.

In addition to the above system created endpoint identity groups, Cisco ISE creates the following endpoint identity groups, which are associated to the Profiled identity group:

Cisco-IP-Phone—An identity group that contains all the profiled Cisco IP phones on your network.

Workstation—An identity group that contains all the profiled workstations on your network.

Question 74

Report
Export
Collapse

In a standalone Cisco ISE deployment, which two personas are configured on a node? (Choose two )

A.

publisher

A.

publisher

Answers
B.

administration

B.

administration

Answers
C.

primary

C.

primary

Answers
D.

policy service

D.

policy service

Answers
E.

subscriber

E.

subscriber

Answers
Suggested answer: B, D

Explanation:

https://www.cisco.com/c/en/us/td/docs/security/ise/2-0/admin_guide/b_ise_admin_guide_20/b_ise_admin_guide_20_chapter_010.html

Question 75

Report
Export
Collapse

What happens when an internal user is configured with an external identity store for authentication, but an engineer uses the Cisco ISE admin portal to select an internal identity store as the identity source?

A.

Authentication is redirected to the internal identity source.

A.

Authentication is redirected to the internal identity source.

Answers
B.

Authentication is redirected to the external identity source.

B.

Authentication is redirected to the external identity source.

Answers
C.

Authentication is granted.

C.

Authentication is granted.

Answers
D.

Authentication fails.

D.

Authentication fails.

Answers
Suggested answer: D

Question 76

Report
Export
Collapse

An engineer is configuring web authentication and needs to allow specific protocols to permit DNS traffic. Which type of access list should be used for this configuration?

A.

reflexive ACL

A.

reflexive ACL

Answers
B.

extended ACL

B.

extended ACL

Answers
C.

standard ACL

C.

standard ACL

Answers
D.

numbered ACL

D.

numbered ACL

Answers
Suggested answer: B

Question 77

Report
Export
Collapse

Which two features should be used on Cisco ISE to enable the TACACS+ feature? (Choose two )

A.

External TACACS Servers

A.

External TACACS Servers

Answers
B.

Device Admin Service

B.

Device Admin Service

Answers
C.

Device Administration License

C.

Device Administration License

Answers
D.

Server Sequence

D.

Server Sequence

Answers
E.

Command Sets

E.

Command Sets

Answers
Suggested answer: B, C

Question 78

Report
Export
Collapse

A network engineer must enforce access control using special tags, without re-engineering the network design. Which feature should be configured to achieve this in a scalable manner?

A.

SGT

A.

SGT

Answers
B.

dACL

B.

dACL

Answers
C.

VLAN

C.

VLAN

Answers
D.

RBAC

D.

RBAC

Answers
Suggested answer: A

Question 79

Report
Export
Collapse

An engineer is configuring a virtual Cisco ISE deployment and needs each persona to be on a different node. Which persona should be configured with the largest amount of storage in this environment?

A.

policy Services

A.

policy Services

Answers
B.

Primary Administration

B.

Primary Administration

Answers
C.

Monitoring and Troubleshooting

C.

Monitoring and Troubleshooting

Answers
D.

Platform Exchange Grid

D.

Platform Exchange Grid

Answers
Suggested answer: C

Question 80

Report
Export
Collapse

An engineer is configuring Cisco ISE and needs to dynamically identify the network endpoints and ensure that endpoint access is protected. Which service should be used to accomplish this task?

Profiling

Guest access

Client provisioning

Posture

A.


A.


Answers
B.


B.


Answers
C.


C.


Answers
D.


D.


Answers
Suggested answer:
Total 242 questions
Go to page: of 25
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms