Updated [2022] Cisco SISE 300-715 PDF Dumps For Passing 300-715 Exam

 Passing the 300-715 Implementing and Configuring Cisco Identity Services Engine (SISE) test using DumpsBase's updated 300-715 pdf dumps must be a solid solution. All in all, the 300-715 dumps V14.02 come with 189 practice exam questions and answers, providing you with all the necessary study materials and top-level 300-715 practice questions and answers to pass the 300-715 Implementing and Configuring Cisco Identity Services Engine Exam on your first attempt.

Check Cisco SISE 300-715 Free Dumps First

1. An administrator is adding a switch to a network that is running Cisco ISE and is only for IP Phones The phones do not have the ability to authenticate via 802 1X.

Which command is needed on each switch port for authentication?

dot1x system-auth-control

enable bypass-mac

enable network-authentication

mab

2. A network administrator must configura endpoints using an 802 1X authentication method with EAP identity certificates that are provided by the Cisco ISE When the endpoint presents the identity certificate to Cisco ISE to validate the certificate, endpoints must be authorized to connect to the network.

Which EAP type must be configured by the network administrator to complete this task?

EAP-PEAP-MSCHAPv2

EAP-TTLS

EAP-FAST

EAP-TLS

3. Which advanced option within a WLAN must be enabled to trigger Central Web Authentication for Wireless users on AireOS controller?

DHCP server

static IP tunneling

override Interface ACL

AAA override

4. Which two actions occur when a Cisco ISE server device administrator logs in to a device? (Choose two)

The device queries the internal identity store

The Cisco ISE server queries the internal identity store

The device queries the external identity store

The Cisco ISE server queries the external identity store.

The device queries the Cisco ISE authorization server

5. Refer to the exhibit.

An engineer is configuring Cisco ISE for guest services They would like to have any unregistered guests redirected to the guest portal for authentication then have a CoA provide them with full access to the network that is segmented via firewalls

Why is the given configuration failing to accomplish this goal?

The Guest Flow condition is not in the line that gives access to the quest portal

The Network_Access_Authentication_Passed condition will not work with guest services for portal access.

The Permit Access result is not set to restricted access in its policy line

The Guest Portal and Guest Access policy lines are in the wrong order

6. When creating a policy within Cisco ISE for network access control, the administrator wants to allow different access restrictions based upon the wireless SSID to which the device is connecting .

Which policy condition must be used in order to accomplish this?

Network Access NetworkDeviceName CONTAINS <SSID Name>

DEVICE Device Type CONTAINS <SSID Name>

Radius Called-Station-ID CONTAINS <SSID Name>

Airespace Airespace-Wlan-ld CONTAINS <SSID Name>

7. A network administrator notices that after a company-wide shut down, many users cannot connect their laptops to the corporate SSID .

What must be done to permit access in a timely manner?

Authenticate the user's system to the secondary Cisco ISE node and move this user to the primary with the renewed certificate.

Connect this system as a guest user and then redirect the web auth protocol to log in to the network.

Add a certificate issue from the CA server, revoke the expired certificate, and add the new certificate in system.

Allow authentication for expired certificates within the EAP-TLS section under the allowed protocols.

8. An engineer tests Cisco ISE posture services on the network and must configure the compliance module to automatically download and install on endpoints.

Which action accomplishes this task for VPN users?

Create a Cisco AnyConnect configuration and Client Provisioning policy within Cisco IS

Configure the compliance module to be downloaded from within the posture policy.

Push the compliance module from Cisco FTD prior to attempting posture.

Use a compound posture condition to check for the compliance module and download if needed.

9. Refer to the exhibit.

Which switch configuration change will allow only one voice and one data endpoint on each port?

Multi-auth to multi-domain

Mab to dot1x

Auto to manual

Multi-auth to single-auth

10. DRAG DROP

Drag the descriptions on the left onto the components of 802.1X on the right.

11. Which two methods should a sponsor select to create bulk guest accounts from the sponsor portal? (Choose two)

Random

Monthly

Daily

Imported

Known

12. Which use case validates a change of authorization?

An authenticated, wired EAP-capable endpoint is discovered

An endpoint profiling policy is changed for authorization policy.

An endpoint that is disconnected from the network is discovered

Endpoints are created through device registration for the guests

13. A Cisco ISE administrator needs to ensure that guest endpoint registrations are only valid for one day When testing the guest policy flow, the administrator sees that the Cisco ISE does not delete the endpoint in the Guest Endpoints identity store after one day and allows access to the guest network after that period .

Which configuration is causing this problem?

The Endpoint Purge Policy is set to 30 days for guest devices

The RADIUS policy set for guest access is set to allow repeated authentication of the same device

The length of access is set to 7 days in the Guest Portal Settings

The Guest Account Purge Policy is set to 15 days

14. There is a need within an organization for a new policy to be created in Cisco ISE. It must validate that a specific anti-virus application is not only installed, but running on a machine before it is allowed access to the network .

Which posture condition should the administrator configure in order for this policy to work?

file

registry

application

service

15. An administrator adds a new network device to the Cisco ISE configuration to authenticate endpoints to the network. The RADIUS test fails after the administrator configures all of the settings in Cisco ISE and adds the proper configurations to the switch .

What is the issue"?

The endpoint profile is showing as "unknown."

The endpoint does not have the appropriate credentials for network access.

The shared secret is incorrect on the switch or on Cisco IS

The certificate on the switch is self-signed not a CA-provided certificate.

16. An organization is hosting a conference and must make guest accounts for several of the speakers attending. The conference ended two days early but the guest accounts are still being used to access the network .

What must be configured to correct this?

Create an authorization rule denying sponsored guest access.

Navigate to the Guest Portal and delete the guest accounts.

Create an authorization rule denying guest access.

Navigate to the Sponsor Portal and suspend the guest accounts.

17. A network administrator is currently using Cisco ISE to authenticate devices and users via 802 1X There is now a need to also authorize devices and users using EAP-TLS .

Which two additional components must be configured in Cisco ISE to accomplish this'? (Choose two.)

Network Device Group

Serial Number attribute that maps to a CA Server

Common Name attribute that maps to an identity store

Certificate Authentication Profile

EAP Authorization Profile

18. DRAG DROP

Drag the steps to configure a Cisco ISE node as a primary administration node from the left into the correct order on the night.

19. An engineer is configuring a guest password policy and needs to ensure that the password complexity requirements are set to mitigate brute force attacks .

Which two requirement complete this policy? (Choose two)

minimum password length

active username limit

access code control

gpassword expiration period

username expiration date

20. Which two task types are included in the Cisco ISE common tasks support for TACACS+ profiles? (Choose two)

Firepower

WLC

IOS

ASA

Shell

21. An engineer is using Cisco ISE and configuring guest services to allow wireless devices to access the network .

Which action should accomplish this task?

Create the redirect ACL on the WLC and add it to the WLC policy

Create the redirect ACL on the WLC and add it to the Cisco ISE policy.

Create the redirect ACL on Cisco ISE and add it to the WLC policy

Create the redirect ACL on Cisco ISE and add it to the Cisco ISE Policy

22. What sends the redirect ACL that is configured in the authorization profile back to the Cisco WLC?

Cisco-av-pair

Class attribute

Event

State attribute

23. DRAG DROP

Drag and drop the description from the left onto the protocol on the right that is used to carry out system authentication, authentication, and accounting.

24. An administrator is adding network devices for a new medical building into Cisco ISE. These devices must be in a network device group that is identifying them as "Medical Switch" so that the policies can be made separately for the endpoints connecting through them .

Which configuration item must be changed in the network device within Cisco ISE to accomplish this goal?

Change the device type to Medical Switch.

Change the device profile to Medical Switch.

Change the model name to Medical Switch.

Change the device location to Medical Switch.

25. An engineer is designing a BYOD environment utilizing Cisco ISE for devices that do not support native supplicants.

Which portal must the security engineer configure to accomplish this task?

MDM

Client provisioning

My devices

BYOD

26. An administrator needs to give the same level of access to the network devices when users are logging into them using TACACS+ However, the administrator must restrict certain commands based on one of three user roles that require different commands

How is this accomplished without creating too many objects using Cisco ISE?

Create one shell profile and multiple command sets.

Create multiple shell profiles and multiple command sets.

Create one shell profile and one command set.

Create multiple shell profiles and one command set

27. Which two ports do network devices typically use for CoA? (Choose two)

443

19005

8080

3799

1700

28. When configuring an authorization policy, an administrator cannot see specific Active Directory groups present in their domain to be used as a policy condition. However, other groups that are in the same domain are seen What is causing this issue?

Cisco ISE only sees the built-in groups, not user created ones

The groups are present but need to be manually typed as conditions

Cisco ISE's connection to the AD join point is failing

The groups are not added to Cisco ISE under the AD join point

29. An administrator is configuring a switch port for use with 802 1X What must be done so that the port will allow voice and multiple data endpoints?

Configure the port with the authentication host-mode multi-auth command

Connect the data devices to the port, then attach the phone behind them.

Use the command authentication host-mode multi-domain on the port

Connect a hub to the switch port to allow multiple devices access after authentication

30. DRAG DROP

31. Which two roles are taken on by the administration person within a Cisco ISE distributed environment? (Choose two.)

backup

secondary

standby

primary

active

32. Which Cisco ISE deployment model provides redundancy by having every node in the deployment configured with the Administration. Policy Service, and Monitoring personas to protect from a complete node failure?

distributed

dispersed

two-node

hybrid

33. What is a characteristic of the UDP protocol?

UDP can detect when a server is down.

UDP offers best-effort delivery

UDP can detect when a server is slow

UDP offers information about a non-existent server

34. Which command displays all 802 1X/MAB sessions that are active on the switch ports of a Cisco Catalyst switch?

show authentication sessions output

Show authentication sessions

show authentication sessions interface Gi 1/0/x

show authentication sessions interface Gi1/0/x output

35. Users in an organization report issues about having to remember multiple usernames and passwords. The network administrator wants the existing Cisco ISE deployment to utilize an external identity source to alleviate this issue .

Which two requirements must be met to implement this change? (Choose two.)

Enable IPC access over port 80.

Ensure that the NAT address is properly configured

Establish access to one Global Catalog server.

Provide domain administrator access to Active Directory.

Configure a secure LDAP connection.

36. What is the deployment mode when two Cisco ISE nodes are configured in an environment?

distributed

active

standalone

standard

37. Which RADIUS attribute is used to dynamically assign the Inactivity active timer for MAB users from the Cisco ISE node?

session timeout

idle timeout

radius-server timeout

termination-action

38. Which two ports must be open between Cisco ISE and the client when you configure posture on Cisco ISE? (Choose two).

TCP 8443

TCP 8906

TCP 443

TCP 80

TCP 8905

39. Which two features are available when the primary admin node is down and the secondary admin node has not been promoted? (Choose two.)

hotspot

new AD user 802 1X authentication

posture

BYOD

guest AUP

40. Refer to the exhibit.

In which scenario does this switch configuration apply?

when allowing a hub with multiple clients connected

when passing IP phone authentication

when allowing multiple IP phones to be connected

when preventing users with hypervisor

41. DRAG DROP

Select and Place

42. Which configuration is required in the Cisco ISE authentication policy to allow Central Web Authentication?

MAB and if user not found, continue

MAB and if authentication failed, continue

Dot1x and if user not found, continue

Dot1x and if authentication failed, continue

43. Which statement about configuring certificates for BYOD is true?

An Android endpoint uses EST, whereas other operating systems use SCEP for enrollment

The SAN field is populated with the end user name.

An endpoint certificate is mandatory for the Cisco ISE BYOD

The CN field is populated with the endpoint host name

44. Which two events trigger a CoA for an endpoint when CoA is enabled globally for ReAuth? (Choose two.)

endpoint marked as lost in My Devices Portal

addition of endpoint to My Devices Portal

endpoint profile transition from Apple-Device to Apple-iPhone

endpoint profile transition from Unknown to Windows 10-Workstation

updating of endpoint dAC

45. Refer to the exhibit:

Which command is typed within the CU of a switch to view the troubleshooting output?

show authentication sessions mac 000e.84af.59af details

show authentication registrations

show authentication interface gigabitethemet2/0/36

show authentication sessions method

46. Which two fields are available when creating an endpoint on the context visibility page of Cisco IS? (Choose two)

Policy Assignment

Endpoint Family

Identity Group Assignment

Security Group Tag

IP Address

47. An engineer is configuring Cisco ISE and needs to dynamically identify the network endpoints and ensure that endpoint access is protected .

Which service should be used to accomplish this task?

Profiling

Guest access

Client provisioning

Posture

48. An engineer is tasked with placing a guest access anchor controller in the DMZ .

Which two ports or port sets must be opened up on the firewall to accomplish this task? (Choose two.)

UDP port 1812 RADIUS

TCP port 161

TCP port 514

UDP port 79

UDP port 16666

49. What does the dot1x system-auth-control command do?

causes a network access switch not to track 802.1x sessions

globally enables 802.1x

enables 802.1x on a network access device interface

causes a network access switch to track 802.1x sessions

50. What are two components of the posture requirement when configuring Cisco ISE posture? (Choose two)

updates

remediation actions

Client Provisioning portal

conditions

access policy

51. A user reports that the RADIUS accounting packets are not being seen on the Cisco ISE server.

Which command is the user missing in the switch’s configuration?

radius-server vsa send accounting

aaa accounting network default start-stop group radius

aaa accounting resource default start-stop group radius

aaa accounting exec default start-stop group radios

52. An administrator is configuring a Cisco ISE posture agent in the client provisioning policy and needs to ensure that the posture policies that interact with clients are monitored, and end users are required to comply with network usage rules.

Which two resources must be added in Cisco ISE to accomplish this goal? (Choose two)

AnyConnect

Supplicant

Cisco ISE NAC

PEAP

Posture Agent

53. A network security engineer needs to configure 802.1X port authentication to allow a single host to be authenticated for data and another single host to be authenticated for voice .

Which command should the engineer run on the interface to accomplish this goal?

authentication host-mode single-host

authentication host-mode multi-auth

authentication host-mode multi-host

authentication host-mode multi-domain

54. An employee logs on to the My Devices portal and marks a currently on-boarded device as ‘Lost’.

Which two actions occur within Cisco ISE as a result oí this action? (Choose two)

Certificates provisioned to the device are not revoked

BYOD Registration status is updated to No

The device access has been denied

BYOD Registration status is updated to Unknown.

The device status is updated to Stolen

55. Which two components are required for creating a Native Supplicant Profile within a BYOD flow? (Choose two)

Windows Settings

Connection Type

iOS Settings

Redirect ACL

Operating System

56. Which Cisco ISE service allows an engineer to check the compliance of endpoints before connecting to the network?

personas

qualys

nexpose

posture

57. Which are two characteristics of TACACS+? (Choose two)

It uses TCP port 49.

It combines authorization and authentication functions.

It separates authorization and authentication functions.

It encrypts the password only.

It uses UDP port 49.

58. When setting up profiling in an environment using Cisco ISE for network access control, an organization must use non-proprietary protocols for collecting the information at layer 2 .

Which two probes will provide this information without forwarding SPAN packets to Cisco ISE? {Choose two.)

DHCP SPAN probe

SNMP query probe

NetFlow probe

RADIUS probe

DNS probe

59. An organization has a fully distributed Cisco ISE deployment When implementing probes, an administrator must scan for unknown endpoints to learn the IP-to-MAC address bindings. The scan is complete on one FPSN. but the information is not available on the others .

What must be done to make the information available?

Scanning must be initiated from the PSN that last authenticated the endpoint

Cisco ISE must learn the IP-MAC binding of unknown endpoints via DHCP profiling, not via scanning

Scanning must be initiated from the MnT node to centrally gather the information

Cisco ISE must be configured to learn the IP-MAC binding of unknown endpoints via RADIUS authentication, not via scanning

60. An engineer is configuring sponsored guest access and needs to limit each sponsored guest to a maximum of two devices. There are other guest services in production that rely on the default guest types .

How should this configuration change be made without disrupting the other guest services currently offering three or more guest devices per user?

Create an ISE identity group to add users to and limit the number of logins via the group configuration.

Create a new guest type and set the maximum number of devices sponsored guests can register

Create an LDAP login for each guest and tag that in the guest portal for authentication.

Create a new sponsor group and adjust the settings to limit the devices for each guest.