Exams > Cisco > 300-715: Implementing and Configuring Cisco Identity Services Engine (300-715 SISE)
300-715: Implementing and Configuring Cisco Identity Services Engine (300-715 SISE)
Page 3 out of 19 pages Questions 21-30 out of 184 questions
Question#21

An organization has a fully distributed Cisco ISE deployment. When implementing probes, an administrator must scan for unknown endpoints to learn the IP-to-
MAC address bindings. The scan is complete on one PSN, but the information is not available on the others.
What must be done to make the information available?

  • A. Cisco ISE must be configured to learn the IP-MAC binding of unknown endpoints via RADIUS authentication, not via scanning.
  • B. Cisco ISE must learn the IP-MAC binding of unknown endpoints via DHCP profiling, not via scanning.
  • C. Scanning must be initiated from the MnT node to centrally gather the information.
  • D. Scanning must be initiated from the PSN that last authenticated the endpoint.
Discover Answer Hide Answer

B
Reference:
https://community.cisco.com/t5/security-documents/ise-profiling-design-guide/ta-p/3739456

Question#22

An administrator is configuring a switch port for use with 802.1X.
What must be done so that the port will allow voice and multiple data endpoints?

  • A. Connect a hub to the switch port to allow multiple devices access after authentication.
  • B. Configure the port with the authentication host-mode multi-auth command.
  • C. Connect the data devices to the port, then attach the phone behind them.
  • D. Use the command authentication host-mode multi-domain on the port.
Discover Answer Hide Answer

B
Reference:
https://networklessons.com/cisco/ccie-routing-switching-written/mac-authentication-bypass-mab

Question#23

An administrator is troubleshooting an endpoint that is supposed to bypass 802.1X and use MAB. The endpoint is bypassing 802.1X and successfully getting network access using MAB, however the endpoint cannot communicate because it cannot obtain an IP address.
What is the problem?

  • A. The endpoint is using the wrong protocol to authenticate with Cisco ISE.
  • B. The 802.1X timeout period is too long.
  • C. The DHCP probe for Cisco ISE is not working as expected.
  • D. An ACL on the port is blocking HTTP traffic.
Discover Answer Hide Answer

B

Question#24

A Cisco ISE administrator must restrict specific endpoints from accessing the network while in closed mode. The requirement is to have Cisco ISE centrally store the endpoints to restrict access from.
What must be done to accomplish this task?

  • A. Create a profiling policy for each endpoint with the cdpCacheDeviceId attribute.
  • B. Create a logical profile for each device's profile policy and block that via authorization policies.
  • C. Add each MAC address manually to a blocklist identity group and create a policy denying access.
  • D. Add each IP address to a policy denying access.
Discover Answer Hide Answer

B

Question#25

An engineer is using profiling to determine what access an endpoint must receive. After configuring both Cisco ISE and the network devices for 802.1X and profiling, the endpoints do not profile prior to authentication.
What are two reasons this is happening? (Choose two.)

  • A. Closed mode is restricting the collection of the attributes prior to authentication.
  • B. The HTTP probe is malfunctioning due to closed mode being enabled.
  • C. The SNMP probe is not enabled.
  • D. NetFlow is not enable on the switch, so the attributes will not be collected.
  • E. The switch is collecting the attributes via RADIUS but the probes are not sending them.
Discover Answer Hide Answer

CE

Question#26

Which two external identity stores support EAP-TLS and PEAP-TLS? (Choose two.)

  • A. RSA SecurID
  • B. RADIUS Token
  • C. Active Directory
  • D. Internal Database
  • E. LDAP
Discover Answer Hide Answer

CE
Reference:
https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/214975-configure-eap-tls-authentication-with-is.html

Question#27

An engineer deploys Cisco ISE and must configure Active Directory to then use information from Active Directory in an authorization policy.
Which two components must be configured, in addition to Active Directory groups, to achieve this goal? (Choose two.)

  • A. Identity Source Sequences
  • B. LDAP External Identity Sources
  • C. Active Directory External Identity Sources
  • D. Library Condition for Identity Group: User Identity Group
  • E. Library Condition for External Identity: External Groups
Discover Answer Hide Answer

AC

Question#28

Which deployment mode allows for one or more policy service nodes to be used for session failover?

  • A. centralized
  • B. secondary
  • C. standalone
  • D. distributed
Discover Answer Hide Answer

D

Question#29

A network administrator has just added a front desk receptionist account to the Cisco ISE Guest Service sponsor group.
Using the Cisco ISE Guest Sponsor Portal, which guest services can the receptionist provide?

  • A. Keep track of guest user activities.
  • B. Create and manage guest user accounts.
  • C. Configure authorization settings for guest users.
  • D. Authenticate guest users to Cisco ISE.
Discover Answer Hide Answer

B

Question#30

What is needed to configure wireless guest access on the network?

  • A. endpoint already profiled in ISE
  • B. WEBAUTH ACL for redirection
  • C. Captive Portal Bypass turned on
  • D. valid user account in Active Directory
Discover Answer Hide Answer

C

chevron rightPrevious Nextchevron right