Cisco 300-715 Online Practice Questions and Exam Preparation

Cisco 300-715 Online Questions & Answers

• Question 101:

  A user changes the status of a device to stolen in the My Devices Portal of Cisco ISE. The device was originally onboarded in the BYOD wireless Portal without a certificate. The device is found later, but the user cannot re-onboard the device because Cisco ISE assigned the device to the Blocklist endpoint identity group. What must the user do in the My Devices Portal to resolve this issue?

  A. Manually remove the device from the Blocklist endpoint identity group.
  B. Change the device state from Stolen to Not Registered.
  C. Change the BYOD registration attribute of the device to None.
  D. Delete the device, and then re-add the device.
  D. Delete the device, and then re-add the device.

• Question 102:

  An engineer must configure an HTTP probe on a Cisco ISE virtual appliance running on VMWare using a dedicated interface for profiling. The interface is assigned to the VM Network port group. The engineer is logged into the hypervisor with a user account that only provides access to the Cisco ISE VM and the network settings for the VM.

  Which security setting must be changed for this interface to accept SPAN traffic?

  A. Set Promiscuous mode to inherit from vSwitch in the Port Group properties.
  B. Set Promiscuous mode to inherit from Port Group in the vSwitch properties.
  C. Set Promiscuous mode to Accept in the Port Group properties.
  D. Set Promiscuous mode to Accept in the vSwitch properties.
  C. Set Promiscuous mode to Accept in the Port Group properties.

• Question 103:

  Which two task types are included in the Cisco ISE common tasks support for TACACS+ profiles?

  (Choose two.)

  A. Firepower
  B. WLC
  C. IOS
  D. ASA
  E. Shell
  B. WLC
  E. Shell

  ---

  https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_0100010.html TACACS+ ProfileTACACS+ profiles control the initial login session of the device administrator. A session refers to each individual authentication, authorization, or accounting request. A session authorization request to a network device elicits an ISE response. The response includes a token that is interpreted by the network device, which limits the commands that may be executed for the duration of a session. The authorization policy for a device administration access service can contain a single shell profile and multiple command sets. The TACACS+ profile definitions are split into two components: 1. Common tasks 2. Custom attributes There are two views in the TACACS+ Profiles page (Work Centers > Device Administration > Policy Elements > Results > TACACS Profiles)--Task Attribute View and Raw View. Common tasks can be entered using the Task Attribute View and custom attributes can be created in the Task Attribute View as well as the Raw View. The Common Tasks section allows you to select and configure the frequently used attributes for a profile. The attributes that are included here are those defined by the TACACS+ protocol draft specifications. However, the values can be used in the authorization of requests from other services. In the Task Attribute View, the ISE administrator can set the privileges that will be assigned to the device administrator. The common task types are: 1. Shell 2. WLC 3. Nexus 4. Generic The Custom Attributes section allows you to configure additional attributes. It provides a list of attributes that are not recognized by the Common Tasks section. Each definition consists of the attribute name, an indication of whether the attribute is mandatory or optional, and the value for the attribute. In the Raw View, you can enter the mandatory attributes using a equal to (=) sign between the attribute name and its value and optional attributes are entered using an asterisk (*) between the attribute name and its value. The attributes entered in the Raw View are reflected in the Custom Attributes section in the Task Attribute View and vice versa. The Raw View is also used to copy paste the attribute list (for example, another product's attribute list) from the clipboard onto ISE. Custom attributes can be defined for nonshell services.

• Question 104:

  An engineer wants to preselect AD groups to be used in the access policy after integrating Cisco ISE with an active directory. Which configuration steps must the engineer take to assign groups to the AD on the identity management page?

  A. external identity sources > active directory > groups
  B. user identity groups > groups
  C. external identity sources > groups > active directory
  D. groups > user identity groups
  A. external identity sources > active directory > groups

• Question 105:

  An engineer is configuring static SGT classification. Which configuration should be used when authentication is disabled and third-party switches are in use?

  A. VLAN to SGT mapping
  B. IP Address to SGT mapping
  C. L3IF to SGT mapping
  D. Subnet to SGT mapping
  A. VLAN to SGT mapping

• Question 106:

  MacOS users are complaining about having to read through wordy instructions when remediating their workstations to gam access to the network Which alternate method should be used to tell users how to remediate?

  A. URL link
  B. message text
  C. executable
  D. file distribution
  A. URL link

  ---

  Explanation Explanation/Reference:https://www.sciencedirect.com/topics/computer-science/remediation-action

• Question 107:

  A security administrator is using Cisco ISE to create a BYOD onboarding solution for all employees who use personal devices on the corporate network. The administrator generates a Certificate Signing Request and signs the request using an external Certificate Authority server. Which certificate usage option must be selected when importing the certificate into ISE?

  A. RADIUS
  B. DLTS
  C. Portal
  D. Admin
  C. Portal

• Question 108:

  An organization is using Cisco ISE to provide AAA services to non-Cisco switches with IP phones connected. An engineer needs to use Profiling Services to authorize network access for IP phones that do not support 802.1X. What must be configured to accomplish this goal?

  A. DHCP
  B. SNMPTRAP
  C. SNMPQUERY
  D. RADIUS
  A. DHCP

• Question 109:

  An engineer needs to configure a Cisco ISE server to issue a CoA for endpoints already authenticated to access the network. The CoA option must be enforced on a session, even if there are multiple active sessions on a port. What must be configured to accomplish this task?

  A. the Reauth CoA option in the Cisco ISE system profiling settings enabled
  B. an endpoint profiling policy with the No CoA option enabled
  C. an endpoint profiling policy with the Port Bounce CoA option enabled
  D. the Port Bounce CoA option in the Cisco ISE system profiling settings enabled
  A. the Reauth CoA option in the Cisco ISE system profiling settings enabled

• Question 110:

  An administrator must configure Cisco ISE profiling services and the Cisco switch device sensor feature to provide user access using the AD-Join-Point and AD-Operating-System attributes from the Active Directory Probe. These configurations were performed:

  1.

  configured all the required Cisco Wireless LAN Controller configurations

  2.

  enabled Active Directory probes

  3.

  configured a custom profiling policy

  4.

  joined Cisco ISE to Active Directory

  5.

  configured the authorization rule with full access permission

  Which two actions complete the configuration? (Choose two.)

  A. Configure an identity group for endpoints.
  B. Enable the SNMP probe.
  C. Configure a profiling logical profile.
  D. Configure custom profiling conditions.
  E. Enable the RADIUS probe.
  D. Configure custom profiling conditions.
  E. Enable the RADIUS probe.