Home Exams
Log In Sign Up
Exams > Cisco > 300-715: Implementing and Configuring Cisco Identity Services Engine (300-715 SISE)
300-715: Implementing and Configuring Cisco Identity Services Engine (300-715 SISE)
Page 2 out of 19 pages Questions 11-20 out of 184 questions
Question#11

An administrator connects an HP printer to a dot1x enable port, but the printer is nor accessible.
Which feature must the administrator enable to access the printer?

  • A. change of authorization
  • B. MAC authentication bypass
  • C. TACACS authentication
  • D. RADIUS authentication
Discover Answer Hide Answer

B
Reference:
https://community.cisco.com/t5/network-access-control/ise-mab-soa/td-p/2214921

Question#12

When configuring an authorization policy, an administrator cannot see specific Active Directory groups present in their domain to be used as a policy condition.
However, other groups that are in the same domain are seen.
What is causing this issue?

  • A. Cisco ISE's connection to the AD join point is failing.
  • B. Cisco ISE only sees the built-in groups, not user created ones.
  • C. The groups are not added to Cisco ISE under the AD join point.
  • D. The groups are present but need to be manually typed as conditions.
Discover Answer Hide Answer

C
Reference:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/ise_active_directory_integration/b_ISE_AD_integration_2x.html

Question#13

An engineer is implementing network access control using Cisco ISE and needs to separate the traffic based on the network device ID and use the IOS device sensor capability.
Which probe must be used to accomplish this task?

  • A. NetFlow probe
  • B. HTTP probe
  • C. RADIUS probe
  • D. network scan probe
Discover Answer Hide Answer

C
Reference:
https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/200292-Configure-Device-Sensor-for-ISE-Profilin.html

Question#14

What is an advantage of using EAP-TLS over EAP-MS-CHAPv2 for client authentication?

  • A. EAP-TLS uses a username and password for authentication to enhance security, while EAP-MS-CHAPv2 does not.
  • B. EAP-TLS uses multiple forms of authentication, while EAP-MS-CHAPv2 only uses one.
  • C. EAP-TLS uses a device certificate for authentication to enhance security, while EAP-MS-CHAPv2 does not.
  • D. EAP-TLS secures the exchange of credentials, while EAP-MS-CHAPv2 does not.
Discover Answer Hide Answer

C
Reference:
https://www.securew2.com/blog/eap-tls-vs-peap-mschapv2-which-authentication-protocol-is-superior

Question#15

What must be configured on the WLC to configure Central Web Authentication using Cisco ISE and a WLC?

  • A. Use the ip access-group webauth in command.
  • B. Use the radius-server vsa send authentication command.
  • C. Set the NAC State option to SNMP NAC.
  • D. Set the NAC State option to RADIUS NAC.
Discover Answer Hide Answer

D
Reference:
https://www.cisco.com/c/en/us/td/docs/wireless/controller/7-6/configuration-guide/b_cg76/b_cg76_chapter_0110001.pdf

Question#16

A network administrator is configuring authorization policies in Cisco ISE. There is a requirement to use AD group assignments to control access to network resources. After a recent power failure and Cisco ISE rebooting itself, the AD group assignments no longer work.
What is the cause of this issue?

  • A. The AD join point is no longer connected.
  • B. The certificate checks are not being conducted.
  • C. The network devices ports are shut down.
  • D. The AD DNS response time is slow.
Discover Answer Hide Answer

A
Reference:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/ise_active_directory_integration/b_ISE_AD_integration_2x.html#ID612

Question#17


Refer to the exhibit.
Which component must be configured to apply the SGACL?

  • A. secure server
  • B. host
  • C. egress router
  • D. ingress router
Discover Answer Hide Answer

C
Reference:
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SY/configuration/guide/sy_swcg/trustsec.pdf

Question#18

A laptop was stolen and a network engineer added it to the block list endpoint identity group.
What must be done on a new Cisco ISE deployment to redirect the laptop and restrict access?

  • A. Select DROP under If Auth fail within the authentication policy.
  • B. Ensure that access to port 8444 is allowed within the ACL.
  • C. Ensure that access to port 8443 is allowed within the ACL.
  • D. Select DenyAccess within the authentication policy.
Discover Answer Hide Answer

A

Question#19

When creating a policy within Cisco ISE for network access control, the administrator wants to allow different access restrictions based upon the wireless SSID to which the device is connecting.
Which policy condition must be used in order to accomplish this?

  • A. Network Access NetworkDeviceName CONTAINS <SSID Name>
  • B. DEVICE Device Type CONTAINS <SSID Name>
  • C. Airespace Airespace-Wlan-Id CONTAINS <SSID Name>
  • D. Radius Called-Station-ID CONTAINS <SSID Name>
Discover Answer Hide Answer

D
Reference:
https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115734-ise-policies-ssid-00.html

Question#20

A company manager is hosting a conference. Conference participants must connect to an open guest SSID and only use a preassigned code that they enter into the guest portal prior to gaining access to the network.
How should the manager configure Cisco ISE to accomplish this goal?

  • A. Create logins for each participant to give them sponsored access.
  • B. Create entries in the guest identity group for all participants.
  • C. Create an access code to be entered in the AUP mode.
  • D. Create a registration code to be entered on the portal splash page.
Discover Answer Hide Answer

C
Reference:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-6/admin_guide/b_ISE_26_admin_guide/b_ISE_admin_26_guest.html

chevron rightPrevious Nextchevron right
Email: support@exam-data.com
Copyright © 2024 Exam Data. All rights reserved.
Home Exams
chevron
Public Agreement Privacy Policy Sales and Refunds