ExamGecko
Login
Home / Cisco / 300-715 / List of questions
Ask Question

Cisco 300-715 Practice Test - Questions Answers

List of questions

Question 1

Report
Export
Collapse

What are two components of the posture requirement when configuring Cisco ISE posture? (Choose two)

updates

updates

remediation actions

remediation actions

Client Provisioning portal

Client Provisioning portal

conditions

conditions

access policy

access policy
Suggested answer: B, D
asked 07/10/2024
Rajeev Parameswaran
38 questions

Question 2

Report
Export
Collapse

What is a method for transporting security group tags throughout the network?

by enabling 802.1AE on every network device

by enabling 802.1AE on every network device

by the Security Group Tag Exchange Protocol

by the Security Group Tag Exchange Protocol

by embedding the security group tag in the IP header

by embedding the security group tag in the IP header

by embedding the security group tag in the 802.1Q header

by embedding the security group tag in the 802.1Q header
Suggested answer: B
asked 07/10/2024
Reselan Govender
33 questions

Question 3

Report
Export
Collapse

Which two ports must be open between Cisco ISE and the client when you configure posture on Cisco ISE? (Choose two).

TCP 8443

TCP 8443

TCP 8906

TCP 8906

TCP 443

TCP 443

TCP 80

TCP 80

TCP 8905

TCP 8905
Suggested answer: A, E
asked 07/10/2024
Nika Longley
38 questions

Question 4

Report
Export
Collapse

Which profiling probe collects the user-agent string?

DHCP

DHCP

AD

AD

HTTP

HTTP

NMAP

NMAP
Suggested answer: C
asked 07/10/2024
Kyle Norton
37 questions

Question 5

Report
Export
Collapse

Which supplicant(s) and server(s) are capable of supporting EAP-CHAINING?

Cisco AnyConnect NAM and Cisco Identity Service Engine

Cisco AnyConnect NAM and Cisco Identity Service Engine

Cisco AnyConnect NAM and Cisco Access Control Server

Cisco AnyConnect NAM and Cisco Access Control Server

Cisco Secure Services Client and Cisco Access Control Server

Cisco Secure Services Client and Cisco Access Control Server

Windows Native Supplicant and Cisco Identity Service Engine

Windows Native Supplicant and Cisco Identity Service Engine
Suggested answer: A
asked 07/10/2024
Christopher Dawe
41 questions

Question 6

Report
Export
Collapse

Which two values are compared by the binary comparison (unction in authentication that is based on Active Directory?

subject alternative name and the common name

subject alternative name and the common name

MS-CHAPv2 provided machine credentials and credentials stored in Active Directory

MS-CHAPv2 provided machine credentials and credentials stored in Active Directory

user-presented password hash and a hash stored in Active Directory

user-presented password hash and a hash stored in Active Directory

user-presented certificate and a certificate stored in Active Directory

user-presented certificate and a certificate stored in Active Directory
Suggested answer: A

Explanation:

Basic certificate checking does not require an identity source. If you want binary comparison checking for the certificates, you must select an identity source. If you select Active Directory as an identity source, subject and common name and subject alternative name (all values) can be used to look up a user. https://www.cisco.com/c/en/us/td/docs/security/ise/1- 3/admin_guide/b_ise_admin_guide_13/ b_ise_admin_guide_sample_chapter_01110.html

asked 07/10/2024
Herlinda Cantu
40 questions

Question 7

Report
Export
Collapse

Which three default endpoint identity groups does cisco ISE create? (Choose three)

Unknown

Unknown

whitelist

whitelist

end point

end point

profiled

profiled

blacklist

blacklist
Suggested answer: A, D, E

Explanation:

Default Endpoint Identity Groups Created for Endpoints

Cisco ISE creates the following five endpoint identity groups by default: Blacklist, GuestEndpoints, Profiled, RegisteredDevices, and Unknown. In addition, it creates two more identity groups, such as Cisco-IP-Phone and Workstation, which are associated to the Profiled (parent) identity group. A parent group is the default identity group that exists in the system.

https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ise_admin_guide_24/b_ise_admin_guide_24_new_chapter_010101.html#ID1678

asked 07/10/2024
Shane Cook
33 questions

Question 8

Report
Export
Collapse

Which Cisco ISE service allows an engineer to check the compliance of endpoints before connecting to the network?

personas

personas

qualys

qualys

nexpose

nexpose

posture

posture
Suggested answer: D

Explanation:

https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_010110.htmlPosture is a service in Cisco Identity Services Engine (Cisco ISE) that allows you to check the state,also known as posture, of all the endpoints that are connecting to a network for compliance withcorporate security policies. This allows you to control clients to access protected areas of a network.

asked 07/10/2024
Sharanjit Kareer
41 questions

Question 9

Report
Export
Collapse

Which default endpoint identity group does an endpoint that does not match any profile in Cisco ISE become a member of?

Endpoint

Endpoint

unknown

unknown

blacklist

blacklist

white list

white list

profiled

profiled
Suggested answer: B

Explanation:

If you do not have a matching profiling policy, you can assign an unknown profiling policy. The endpoint is therefore profiled as Unknown. The endpoint that does not match any profile is grouped within the Unknown identity group. The endpoint profiled to the Unknown profile requires that you create a profile with an attribute or a set of attributes collected for that endpoint.

https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_man_identities.html

asked 07/10/2024
Kinzonji Tavares
42 questions

Question 10

Report
Export
Collapse

Refer to the exhibit:

Cisco 300-715 image Question 10 113875 10072024010105000000

Which command is typed within the CU of a switch to view the troubleshooting output?

show authentication sessions mac 000e.84af.59af details

show authentication sessions mac 000e.84af.59af details

show authentication registrations

show authentication registrations

show authentication interface gigabitethemet2/0/36

show authentication interface gigabitethemet2/0/36

show authentication sessions method

show authentication sessions method
Suggested answer: A
asked 07/10/2024
Norman Camacho
47 questions
Total 242 questions
Go to page: of 25
Open VPLUS File
Convert VPLUS to PDF

Related questions

An organization is hosting a conference and must make guest accounts for several of the speakers attending. The conference ended two days early but the guest accounts are still being used to access the network. What must be configured to correct this?
Refer to the exhibit. An engineer is configuring Cisco ISE for guest services They would like to have any unregistered guests redirected to the guest portal for authentication then have a CoA provide them with full access to the network that is segmented via firewalls Why is the given configuration failing to accomplish this goal?
An administrator is attempting to replace the built-in self-signed certificates on a Cisco ISE appliance. The CA is requesting some information about the appliance in order to sign the new certificate. What must be done in order to provide the CA this information?
What are two components of the posture requirement when configuring Cisco ISE posture? (Choose two)
DRAG DROP An engineer needs to configure a compliance policy on Cisco ISE to ensure that the latest encryption software is running on the C drive of all endpoints. Drag and drop the configuration steps from the left into the sequence on the right to accomplish this task.
An engineer is configuring 802.1X and wants it to be transparent from the users' point of view. The implementation should provide open authentication on the switch ports while providing strong levels of security for non-authenticated devices. Which deployment mode should be used to achieve this?
Which two probes must be enabled for the ARP cache to function in the Cisco ISE profile service so that a user can reliably bind the IP address and MAC addresses of endpoints? (Choose two.)
An administrator is configuring RADIUS on a Cisco switch with a key set to Cisc403012128 but is receiving the error "Authentication failed: 22040 Wrong password or invalid shared secret. "what must be done to address this issue?
An engineer has been tasked with standing up a new guest portal for customers that are waiting in the lobby. There is a requirement to allow guests to use their social media logins to access the guest network to appeal to more customers What must be done to accomplish this task?
A network engineer needs to deploy 802.1x using Cisco ISE in a wired network environment where thin clients download their system image upon bootup using PXE. For which mode must the switch ports be configured?