Cisco 300-715 Online Practice Questions and Exam Preparation

Cisco 300-715 Online Questions & Answers

• Question 161:

  An administrator plans to use Cisco ISE to deploy posture policies to assess Microsoft Windows endpoints that run Cisco Secure Client. The administrator wants to minimize the occurrence of messages related to unknown posture profiles if Cisco ISE fails to determine the posture of the endpoint. Secure Client is deployed to all the endpoints, and all the required Cisco ISE authentication, authorization, and posture policy configurations were performed. Which action must be taken next to complete the configuration?

  A. Configure a native supplicant on the endpoints to support the posture policies
  B. Install the compliance module on the endpoints
  C. Install the latest version of the Secure Client dent on the endpoints
  D. Enable Cisco ISE posture on Secure Client configuration.
  B. Install the compliance module on the endpoints

  ---

  To minimize messages related to unknown posture profiles when Cisco ISE cannot determine an endpoint's posture, it's essential to install the compliance module on the endpoints. The compliance module enables Cisco Secure Client to assess the endpoint's compliance status effectively. Without it, the posture assessment may remain in an "Unknown" state, leading to such messages.

• Question 162:

  An administrator must enable helpdesk users to view users' information on wireless LAN controllers in a Cisco ISE environment. The solution must meet these requirements:

  1.

  Authenticate the helpdesk users against the local ISE database.

  2.

  Allow the helpdesk users to access the Monitor tab tor the WLC.

  These configurations were performed:

  1.

  added a wireless LAN controller

  2.

  configured user accounts

  3.

  enabled Device Admin Service in Cisco ISE

  4.

  configured a TACACS profile

  5.

  configured a policy set

  6.

  configured an authentication policy

  7.

  configured an authorization policy

  Which two actions must be taken in Cisco ISE? (Choose two.)

  A. Configure an authentication profile
  B. Assign the Monitor role in the TACACS profile
  C. Configure an identity group.
  D. Assign the Wireless role in the TACACS profile
  E. Configure TACACS command sets.
  B. Assign the Monitor role in the TACACS profile
  E. Configure TACACS command sets.

  ---

  To enable helpdesk users to view user information on the Wireless LAN Controller (WLC) and meet the specified requirements, you must ensure the TACACS+ configuration includes appropriate roles and permissions. Assign the Monitor role in the TACACS profile 1. The TACACS profile in Cisco ISE determines what privileges the authenticated user has on the WLC. 2. To allow helpdesk users to view user information, the Monitor role must be assigned in the TACACS profile, granting them read-only access to the required sections of the WLC. Configure TACACS command sets 1. TACACS command sets allow fine-grained control over which CLI commands helpdesk users can execute on the WLC. 2. For this use case, the command set should be configured to include commands for viewing user information, such as commands under show and other non-disruptive options.

• Question 163:

  A network administrator notices that after a company-wide shut down, many users cannot connect their laptops to the corporate SSID.

  What must be done to permit access in a timely manner?

  A. Connect this system as a guest user and then redirect the web auth protocol to log in to the network.
  B. Allow authentication for expired certificates within the EAP-TLS section under the allowed protocols.
  C. Add a certificate issue from the CA server, revoke the expired certificate, and add the new certificate in system.
  D. Authenticate the user's system to the secondary Cisco ISE node and move this user to the primary with the renewed certificate.
  B. Allow authentication for expired certificates within the EAP-TLS section under the allowed protocols.

• Question 164:

  Which file extension is required when deploying Cisco ISE using a ZTP configuration file in Microsoft Hyper-V?

  A. .txt
  B. .img
  C. .tar
  D. .iso
  D. .iso

• Question 165:

  An organization is implementing Cisco ISE posture services and must ensure that a host-based firewall is in place on every Windows and Mac computer that attempts to access the network They have multiple vendors' firewall applications for their devices, so the engineers creating the policies are unable to use a specific application check in order to validate the posture for this

  What should be done to enable this type of posture check?

  A. Use the file registry condition to ensure that the firewal is installed and running appropriately.
  B. Use a compound condition to look for the Windows or Mac native firewall applications.
  C. Enable the default rewall condition to check for any vendor rewall application.
  D. Enable the default application condition to identify the applications installed and validade the rewall app.
  C. Enable the default rewall condition to check for any vendor rewall application.

  ---

  https://www.youtube.com/watch?v=6Kj8P8Hn7dYandt=109sandab_channel=CiscoISE-IdentityServicesEngine

• Question 166:

  An engineer is deploying a new Cisco ISE environment for a company. The company wants the deployment to use TACACS+. The engineer verifies that Cisco ISE has a Device Administration license. What must be configured to enable TACACS+ operations?

  A. Device Administration Work Center
  B. Device Admin service
  C. Device Administration Deployment settings
  D. Device Admin Policy Sets settings
  B. Device Admin service

• Question 167:

  On which port does Cisco ISE present the Admin certificate for posture and client provisioning?

  A. TCP/8000
  B. TCP/8080
  C. TCP/8905
  D. TCP/8999
  C. TCP/8905

• Question 168:

  A customer requires a Cisco ISE deployment where quests must log in to a webpage with unique credentials in the form username. User1 and Password: A463646808. Which deployment should the customer use?

  A. mobile number field using the guest page
  B. hotspot portal authentication
  C. single credentials login to guest portal
  D. captcha protection self-registration
  C. single credentials login to guest portal

• Question 169:

  DRAG DROP

  An organization wants to implement 802.1X and is debating whether to use PEAP-MSCHAPv2 or PEAP-EAP-TLS for authentication. Drag the characteristics on the left to the corresponding protocol on the right.

  Select and Place:

  

  

• Question 170:

  An administrator must configure Cisco ISE to authenticate the administrative superuser to manage a Cisco Adaptive Security Appliance firewall. The solution must meet the requirements:

  1.

  The user must be authenticated against Microsoft AD.

  2.

  The user must have full management administrative access to the Cisco Adaptive Security Appliance firewall.

  3.

  The user must not use the enable command.

  The configurations were performed:

  1.

  joined Cisco ISE to AD and retrieved AD groups

  2.

  added the Cisco Adaptive Security Appliance firewall

  3.

  enabled Device Admin Service in Cisco ISE

  4.

  configured TACACS command sets

  5.

  configured a TACACS profile

  6.

  configured an authorization policy

  7.

  configured the Cisco Adaptive Security Appliance firewall for authentication and authorization

  Which two actions must be performed in Cisco ISE? (Choose two.)

  A. Configure an authentication profile on Cisco ISE.
  B. Set Default Privilege to 1 and Maximum Privilege to 15 in the TACACS profile.
  C. Add all authorized admin commands to the TACACS profile.
  D. Set Default Privilege to 15 and Maximum Privilege to 15 in the TACACS profile.
  E. Select "Permit any command that is not listed below" in the TACACS profile.
  B. Set Default Privilege to 1 and Maximum Privilege to 15 in the TACACS profile.
  C. Add all authorized admin commands to the TACACS profile.