Cisco 300-715 Online Practice
Questions and Exam Preparation
300-715 Exam Details
Exam Code
:300-715
Exam Name
:Implementing and Configuring Cisco Identity Services Engine (SISE)
Certification
:CCNP Security
Vendor
:Cisco
Total Questions
:448 Q&As
Last Updated
:May 25, 2026
Cisco 300-715 Online Questions &
Answers
Question 181:
Which two default endpoint identity groups does Cisco ISE create? (Choose two )
A. Unknown B. whitelist C. end point D. profiled E. blacklist
A. Unknown D. profiled Default Endpoint Identity Groups Created for EndpointsCisco ISE creates the following five endpoint identity groups by default: Blacklist, GuestEndpoints, Profiled, RegisteredDevices, and Unknown. In addition, it creates two more identity groups, such as Cisco-IP-Phone and Workstation, which are associated to the Profiled (parent) identity group. A parent group is the default identity group that exists in the system. Cisco ISE creates the following endpoint identity groups: 1. Blacklist--This endpoint identity group includes endpoints that are statically assigned to this group in Cisco ISE and endpoints that are block listed in the device registration portal. An authorization profile can be defined in Cisco ISE to permit, or deny network access to endpoints in this group. 2. GuestEndpoints--This endpoint identity group includes endpoints that are used by guest users. 3. Profiled--This endpoint identity group includes endpoints that match endpoint profiling policies except Cisco IP phones and workstations in Cisco ISE. 4. RegisteredDevices--This endpoint identity group includes endpoints, which are registered devices that are added by an employee through the devices registration portal. The profiling service continues to profile these devices normally when they are assigned to this group. Endpoints are statically assigned to this group in Cisco ISE, and the profiling service cannot reassign them to any other identity group. These devices will appear like any other endpoint in the endpoints list. You can edit, delete, and block these devices that you added through the device registration portal from the endpoints list in the Endpoints page in Cisco ISE. Devices that you have blocked in the device registration portal are assigned to the Blacklist endpoint identity group, and an authorization profile that exists in Cisco ISE redirects blocked devices to a URL, which displays "Unauthorised Network Access", a default portal page to the blocked devices. 5. Unknown--This endpoint identity group includes endpoints that do not match any profile in Cisco ISE. In addition to the above system created endpoint identity groups, Cisco ISE creates the following endpoint identity groups, which are associated to the Profiled identity group: 1. Cisco-IP-Phone--An identity group that contains all the profiled Cisco IP phones on your network. 2. Workstation--An identity group that contains all the profiled workstations on your network. https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_010100.html
Question 182:
A network engineer is configuring a new certificate template on the internal CA within Cisco ISE to provision certificates to BYOD devices that must be enrolled in the network. What must be configured in the SAN field of the certificate to identify the devices after enrollment?
A. MAC address B. email address C. user principal name D. common name
A. MAC address
Question 183:
A network administrator adds network access devices to Cisco ISE. After a security breach, the management team mandates that all network devices must comply with certain standards. All network devices must authenticate through Cisco ISE. Some devices use nondefault CoA ports.
What must be configured in Cisco ISE?
A. Network device profile with a port specified B. Network access manager with a port specified C. Network device group with a port specified D. Network device with a port specified
C. Network device group with a port specified
Question 184:
Which two probes provide IP-to-MAC address binding information to the ARP cache in Cisco ISE? (Choose two.)
A. HTTP B. RADIUS C. DHCP D. DNS E. NetFlow
B. RADIUS C. DHCP
Question 185:
Which two ports must be open between Cisco ISE and the client when you configure posture on Cisco ISE? (Choose two).
A. TCP 8443 B. TCP 8906 C. TCP 443 D. DTCP80 E. TCP 8905
A. TCP 8443 E. TCP 8905
Question 186:
An engineer is configuring a dedicated SSID for onboarding devices. Which SSID type accomplishes this configuration?
A. dual B. hidden C. broadcast D. guest
D. guest Explanation Explanation/Reference:https://community.cisco.com/t5/security-documents/ise-byod-dual-vs-single-ssid-onboarding/ta-p/3641422 https://www.youtube.com/watch?v=HH_Xasqd9k4andab_channel=CiscoISE-IdentityServicesEngine http://www.labminutes.com/sec0053_ise_1_1_byod_wireless_onboarding_dual_ssid
Question 187:
An organization has a SGACL locally configured on a switch port, but when a user in the Executives group connects to the network, they receive a different level of network access than expected. When Cisco ISE pushes SGACLs to the switch after the authorization phase, how does the switch decide which access to grant the user?
A. Dynamically downloaded policies override local policies in all cases. B. Local policies override dynamically downloaded policies in all cases. C. The policies are merged, but local policies receive priority. D. The policies are merged, but dynamically downloaded policies receive priority.
A. Dynamically downloaded policies override local policies in all cases.
Question 188:
What service can be enabled on the Cisco ISE node to identify the types of devices connecting to a network?
A. MAB B. profiling C. posture D. central web authentication
B. profiling
Question 189:
Which permission is common to the Active Directory Join and Leave operations?
A. Create a Cisco ISE machine account in the domain if the machine account does not already exist B. Remove the Cisco ISE machine account from the domain. C. Set attributes on the Cisco ISE machine account D. Search Active Directory to see if a Cisco ISE machine account already exists.
D. Search Active Directory to see if a Cisco ISE machine account already exists. Explanation Explanation/Reference:https://www.cisco.com/c/en/us/td/docs/security/ise/2-0/ise_active_directory_integration/b_ISE_AD_integration_2x.html
Question 190:
An engineer is testing low-impact mode for a phased deployment of Cisco ISE. Which type of traffic is denied when a host tries to connect to the network prior to authentication?
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Cisco exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your 300-715 exam preparations
and Cisco certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.