How Many Questions Of 300-715 Actual Exam

NEW QUESTION 1
Which two features are available when the primary admin node is down and the secondary admin node has not been promoted? (Choose two.)

• A. new AD user 802.1X authentication
• B. hotspot
• C. posture
• D. guest AUP
• E. BYOD

Answer: BD

NEW QUESTION 2
How is policy services node redundancy achieved in a deployment?

• A. by creating a node group
• B. by deploying both primary and secondary node
• C. by enabling VIP
• D. by utilizing RADIUS server list on the NAD

Answer: B

NEW QUESTION 3
Which command displays all 802.1X/MAB sessions that are active on the switch ports of a Cisco Catalyst switch?

• A. show authentication sessions interface Gi1/0/x output
• B. show authentication sessions
• C. show authentication sessions output
• D. show authentication sessions interface Gi 1/0/x

Answer: D

Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/s1/sec-s1-xe-3se-3850-cr-book/sec-s1-xe-3se-3850-cr-book_chapter_01.html#wp3404908137

NEW QUESTION 4
What are two requirements of generating a single certificate in Cisco ISE by using a certificate provisioning portal, without generating a certificate signing request? (Choose two.)

• A. Enter the IP address of the device.
• B. Enter the common name.
• C. Choose the hashing method.
• D. Locate the CSV file for the device MAC.
• E. Select the certificate template.

Answer: BE

Explanation:
Reference: https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/200534-ISE-2-0-Certificate-Provisioning-Portal.html

NEW QUESTION 5
Which default endpoint identity group does an endpoint that does not match any profile in Cisco ISE become a member of?

• A. blacklist
• B. unknown
• C. whitelist
• D. profiled
• E. endpoint

Answer: B

Explanation:
Reference: https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_man_identities.html

NEW QUESTION 6
Which configuration is required in the Cisco ISE authentication policy to allow Central Web Authentication?

• A. MAB and if user not found, continue
• B. MAB and if authentication failed, continue
• C. Dot1x and if authentication failed, continue
• D. Dot1x and if user not found, continue

Answer: A

NEW QUESTION 7
Which two responses from the RADIUS server to NAS are valid during the authentication process? (Choose two.)

• A. access-challenge
• B. access-accept
• C. access-request
• D. access-reserved
• E. access-response

Answer: AB

NEW QUESTION 8
A network administrator has just added a front desk receptionist account to the Cisco ISE Guest Service sponsor group. Using the Cisco ISE Guest Sponsor Portal, which guest services can the receptionist provide?

• A. Keep track of guest user activities.
• B. Create and manage guest user accounts.
• C. Configure authorization settings for guest users.
• D. Authenticate guest users to Cisco ISE.

Answer: B

NEW QUESTION 9
When configuring Active Directory groups, what does the Cisco ISE use to resolve ambiguous group names?

• A. MIB
• B. SID
• C. MAB
• D. TGT

Answer: B

Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/ise/2-0/ise_active_directory_integration/b_ISE_AD_integration_2x.html

NEW QUESTION 10
Which statement about configuring certificates for BYOD is true?

• A. The SAN field is populated with the end user name.
• B. The CN field is populated with the endpoint host name.
• C. An endpoint certificate is mandatory for the Cisco ISE BYOD.
• D. An Android endpoint uses EST, whereas other operating systems use SCEP for enrollment.

Answer: C

NEW QUESTION 11
DRAG DROP
Drag the steps to configure a Cisco ISE node as a primary administration node from the left into the correct order on the right.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Reference: https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_dis_deploy.html

NEW QUESTION 12
Which portal is used to customize the settings for a user to log in and download the compliance module?

• A. Client Provisioning
• B. Client Endpoint
• C. Client Profiling
• D. Client Guest

Answer: A

NEW QUESTION 13
What sends the redirect ACL that is configured in the authorization profile back to the Cisco WLC?

• A. State attribute
• B. Class attribute
• C. Event
• D. Cisco-av-pair

Answer: D

Explanation:
Reference: https://community.cisco.com/t5/network-access-control/ise-airespace-acl-wlc-problem/td-p/2110491

NEW QUESTION 14
Which term refers to an endpoint agent that tries to join an 802.1X- enabled network?

• A. EAP server
• B. authenticator
• C. supplicant
• D. client

Answer: C

NEW QUESTION 15
Which permission is common to the Active Directory Join and Leave operations?

• A. Remove the Cisco ISE machine account from the domain.
• B. Search Active Directory to see if a Cisco ISE machine account already exists.
• C. Set attributes on the Cisco ISE machine account.
• D. Create a Cisco ISE machine account in the domain if the machine account does not already exist.

Answer: B

NEW QUESTION 16
Which two probes must be enabled for the ARP cache to function in the Cisco ISE profiling service so that a user can reliably bind the IP addresses and MAC addresses of endpoints? (Choose two.)

• A. SNMP
• B. HTTP
• C. RADIUS
• D. DHCP
• E. NetFlow

Answer: CD

Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_010100.html

NEW QUESTION 17
In which two ways can users and endpoints be classified for TrustSec? (Choose two.)

• A. VLAN
• B. dynamic
• C. QoS
• D. SGACL
• E. SXP

Answer: AD

NEW QUESTION 18
Which port does Cisco ISE use for native supplicant provisioning of a Windows laptop?

• A. TCP 8905
• B. TCP 8909
• C. TCP 443
• D. UDP 1812

Answer: B

Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_010101.html

NEW QUESTION 19
What is the purpose of the ip http server
command on a switch?

• A. It enables the https server for users for web authentication.
• B. It enables dot1x authentication on the switch.
• C. It enables MAB authentication on the switch.
• D. It enables the switch to redirect users for web authentication.

Answer: C

NEW QUESTION 20
Which RADIUS attribute is used to dynamically assign the Inactivity active timer for MAB users from the Cisco ISE node?

• A. session-timeout
• B. termination-action
• C. radius-server timeout
• D. idle-timeout

Answer: D

NEW QUESTION 21
Which two task types are included in the Cisco ISE common tasks support for TACACS+ profiles? (Choose two.)

• A. ASA
• B. Firepower
• C. Shell
• D. WLC
• E. IOS

Answer: CD

Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/ise/2--1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_0100010.html

NEW QUESTION 22
What allows an endpoint to obtain a digital certificate from Cisco ISE during a BYOD flow?

• A. Application Visibility and Control
• B. Supplicant Provisioning Wizard
• C. My Devices Portal
• D. Network Access Control

Answer: C

NEW QUESTION 23
DRAG DROP
Drag the Cisco ISE node types from the left onto the appropriate purposes on the right.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 24
What are two components of the posture requirement when configuring Cisco ISE posture? (Choose two.)

• A. Client Provisioning portal
• B. remediation actions
• C. updates
• D. access policy
• E. conditions

Answer: BE

NEW QUESTION 25
......