Cisco 300-715 Online Practice Questions and Exam Preparation

Cisco 300-715 Online Questions & Answers

• Question 131:

  An engineer is configuring a posture policy for Windows 10 endpoints and wants to ensure that users in each AD group have different conditions to meet to be compliant. What must be done to accomplish this task?

  A. Identify the users groups needed for different policies and create service conditions to map each one to its posture requirement.
  B. Configure a simple condition for each AD group and use it in the posture policy for each use case
  C. Use the authorization policy within the policy set to group each AD group with their respective posture policy
  D. Change the posture requirements to use an AD group lor each use case then use those requirements in the posture policy
  A. Identify the users groups needed for different policies and create service conditions to map each one to its posture requirement.

• Question 132:

  What is a difference between TACACS+ and RADIUS protocol traffic?

  A. TACACS+ uses UDP at the transport layer, and RADIUS uses TCP at the transport layer.
  B. TACACS+ separates each AAA function, and RADIUS combines authentication and authorization.
  C. TACACS+ encrypts passwords only, and RADIUS encrypts the entire packet payload.
  D. TACACS+ supports IP traffic only at the network layer, and RADIUS supports multiple protocols.
  B. TACACS+ separates each AAA function, and RADIUS combines authentication and authorization.

• Question 133:

  An engineer tests Cisco ISE posture services on the network and must configure the compliance module to automatically download and install on endpoints. Which action accomplishes this task for VPN users?

  A. Push the compliance module from Cisco FTD prior to attempting posture.
  B. Use a compound posture condition to check for the compliance module and download, if needed.
  C. Configure the compliance module to be downloaded from within the posture policy.
  D. Create a Cisco AnyConnect configuration and Client Provisioning policy within Cisco ISE.
  D. Create a Cisco AnyConnect configuration and Client Provisioning policy within Cisco ISE.

  ---

  Explanation Explanation/Reference:https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ISE_admin_guide_24/m_configure_client_provisioning.html

• Question 134:

  A policy is being created in order to provide device administration access to the switches on a network. There is a requirement to ensure that if the session is not actively being used, after 10 minutes, it will be disconnected.

  Which task must be configured in order to meet this requirement?

  A. session timeout
  B. idle time
  C. monitor
  D. set attribute as
  A. session timeout

  ---

  https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ISE_admin_guide_24/m_admin_accesspolicy_settings.html#reference_0E24B8FB FAB248219E1194435670347F

• Question 135:

  An engineer is configuring a new Cisco ISE node. Context-sensitive information must be shared between the Cisco ISE and a Cisco ASA. Which persona must be enabled?

  A. pxGrid
  B. Administration
  C. Policy Service
  D. Monitoring
  A. pxGrid

  ---

  To share context-sensitive information, such as user identity, device posture, or Security Group Tags (SGTs), between Cisco ISE and a Cisco ASA, the pxGrid (Platform Exchange Grid) persona must be enabled. pxGrid allows Cisco ISE to exchange contextual data with external systems, including Cisco ASA, enabling the enforcement of dynamic security policies. Use Case: 1. Cisco ASA can use pxGrid to retrieve real-time context from Cisco ISE, such as user identities or device compliance posture, to apply granular security rules and ensure proper network segmentation. 2. pxGrid also facilitates seamless integration for dynamic policy enforcement based on context, such as threat intelligence or user roles.

• Question 136:

  Which compliance status is set when a matching posture policy has been defined for that endpomt, but all the mandatory requirements during posture assessment are not met?

  A. unauthorized
  B. untrusted
  C. non-compliant
  D. unknown
  C. non-compliant

• Question 137:

  Which two actions occur when a Cisco ISE server device administrator logs in to a device? (Choose two.)

  A. The device queries the internal identity store.
  B. The Cisco ISE server queries the internal identity store.
  C. The device queries the internal identity store.
  D. The Cisco ISE server queries the external identity store.
  E. The device queries the Cisco ISE authorization server.
  B. The Cisco ISE server queries the internal identity store.
  D. The Cisco ISE server queries the external identity store.

• Question 138:

  Which Cisco ISE service allows an engineer to check the compliance of endpoints before connecting to the network?

  A. personas
  B. qualys
  C. nexpose
  D. posture
  D. posture

  ---

  https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_010110.html Posture is a service in Cisco Identity Services Engine (Cisco ISE) that allows you to check the state, also known as posture, of all the endpoints that are connecting to a network for compliance with corporate security policies. This allows you to control clients to access protected areas of a network.

• Question 139:

  An engineer is working on a switch and must tag packets with SGT values such that it learns via SXP. Which command must be entered to meet this requirement?

  A. ip source guard
  B. ip arp inspection
  C. ip device tracking maximum
  D. ip dhcp snooping
  C. ip device tracking maximum

• Question 140:

  What is needed to configure wireless guest access on the network?

  A. endpoint already profiled in ISE
  B. WEBAUTH ACL for redirection
  C. valid user account in Active Directory
  D. Captive Portal Bypass turned on
  B. WEBAUTH ACL for redirection