300-715 | ExamData

Question#71

There are several devices on a network that are considered critical and need to be placed into the ISE database and a policy used for them. The organization does not want to use profiling.
What must be done to accomplish this goal?

A. Enter the MAC address in the correct Endpoint Identity Group.
B. Enter the IP address in the correct Endpoint Identity Group.
C. Enter the IP address in the correct Logical Profile.
D. Enter the MAC address in the correct Logical Profile.

Discover Answer

A

Question#72

An administrator is configuring a new profiling policy within Cisco ISE. The organization has several endpoints that are the same device type, and all have the same Block ID in their MAC address. The profiler does not currently have a profiling policy created to categorize these endpoints, therefore a custom profiling policy must be created.
Which condition must the administrator use in order to properly profile an ACME AI Connector endpoint for network access with MAC address 01:41:14:65:50:AB?

A. CDP_cdpCacheDeviceID_CONTAINS_<MAC ADDRESS>
B. MAC_MACAddress_CONTAINS_<MAC ADDRESS>
C. Radius_Called_Station-ID_STARTSWITH_<MAC ADDRESS>
D. MAC_OUI_STARTSWITH_<MAC ADDRESS>

Discover Answer

C
Reference:
https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/17-5/config-guide/b_wl_17_5_cg/m_radius-call-station-identifier.pdf

Question#73

Users in an organization report issues about having to remember multiple usernames and passwords. The network administrator wants the existing Cisco ISE deployment to utilize an external identity source to alleviate this issue.
Which two requirements must be met to implement this change? (Choose two.)

A. Establish access to one Global Catalog server
B. Ensure that the NAT address is properly configured
C. Provide domain administrator access to Active Directory
D. Configure a secure LDAP connection
E. Enable IPC access over port 80

Discover Answer

AC

Question#74

What should be considered when configuring certificates for BYOD?

A. The SAN field is populated with the end user name.
B. The CN field is populated with the endpoint host name.
C. An endpoint certificate is mandatory for the Cisco ISE BYOD.
D. An Android endpoint uses EST, whereas other operating systems use SCEP for enrollment.

Discover Answer

C

Question#75

During BYOD flow, where does a Microsoft Windows PC download the Network Setup Assistant?

A. Microsoft App Store
B. Cisco App Store
C. Cisco ISE directly
D. Native OTA functionality

Discover Answer

C
Reference:
https://ciscocustomer.lookbookhq.com/iseguidedjourney/BYOD-configuration

Question#76

What allows an endpoint to obtain a digital certificate from Cisco ISE during a BYOD flow?

A. Application Visibility and Control
B. Supplicant Provisioning Wizard
C. My Devices Portal
D. Network Access Control

Discover Answer

C

Question#77

Which protocol must be allowed for a BYOD device to access the BYOD portal?

A. HTTPS
B. HTTP
C. SSH
D. SMTP

Discover Answer

A

Question#78

Which two components are required for creating a Native Supplicant Profile within a BYOD flow? (Choose two.)

A. Redirect ACL
B. Connection Type
C. Operating System
D. Windows Settings
E. iOS Settings

Discover Answer

CE

Question#79

If a user reports a device lost or stolen, which portal should be used to prevent the device from accessing the network while still providing information about why the device is blocked?

A. Client Provisioning
B. BYOD
C. Guest
D. Block list

Discover Answer

D
Reference:
https://www.cisco.com/c/en/us/td/docs/security/ise/1-3/admin_guide/b_ise_admin_guide_13/b_ise_admin_guide_sample_chapter_010000.html

Question#80

An engineer is configuring a dedicated SSID for onboarding devices.
Which SSID type accomplishes this configuration?

A. hidden
B. guest
C. dual
D. broadcast

Discover Answer

B
Reference:
https://community.cisco.com/t5/security-documents/ise-byod-dual-vs-single-ssid-onboarding/ta-p/3641422