Cisco 300-715 Online Practice Questions and Exam Preparation

Cisco 300-715 Online Questions & Answers

• Question 221:

  Which description of the use of low-impact mode in a Cisco ISE deployment is correct?

  A. It continues to use the authentication open capabilities of the switch port, which allows traffic to enter theswitch before an authorization result.
  B. Low-impact mode must be the final phase in deploying Cisco ISE into a network environment using thephased approach.
  C. It enables authentication (with authentication open), sees exactly which devices fail and which succeed, andcorrects the failed authentications before they
  D. The port does not allow any traffic before the authentication (except for EAP, Cisco Discovery Protocol, andLLDP), and then the port is assigned to specific authorization results after the authentication
  C. It enables authentication (with authentication open), sees exactly which devices fail and which succeed, andcorrects the failed authentications before they

• Question 222:

  While configuring Cisco TrustSec on Cisco IOS devices the engineer must set the CTS device ID and password in order for the devices to authenticate with each other. However after this is complete the devices are not able to property authenticate

  What issue would cause this to happen even if the device ID and passwords are correct?

  A. The device aliases are not matching
  B. The 5GT mappings have not been defined
  C. The devices are missing the configuration cts credentials trustsec verify 1
  D. EAP-FAST is not enabled
  D. EAP-FAST is not enabled

• Question 223:

  An organization wants to improve their BYOD processes to have Cisco ISE issue certificates to the BYOD endpoints. Currently, they have an active certificate authority and do not want to replace it with Cisco ISE. What must be configured within Cisco ISE to accomplish this goal?

  A. Create a certificate signing request and have the root certificate authority sign it.
  B. Add the root certificate authority to the trust store and enable it for authentication.
  C. Create an SCEP profile to link Cisco ISE with the root certificate authority.
  D. Add an OCSP profile and configure the root certificate authority as secondary.
  C. Create an SCEP profile to link Cisco ISE with the root certificate authority.

  ---

  Ref:https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine-software/116068-configure-product-00.html

• Question 224:

  There is a need within an organization for a new policy to be created in Cisco ISE. It must validate that a specific anti-virus application is not only installed, but running on a machine before it is allowed access to the network. Which posture condition should the administrator configure in order for this policy to work?

  A. file
  B. registry
  C. application
  D. service
  C. application

• Question 225:

  DRAG DROP

  Drag and drop the CLI commands from the bottom onto the boxes in the code to enable 802.1x authentication and MAB on the same interface of a Cisco switch. Not all options are used.

  Select and Place:

  

  

• Question 226:

  An administrator is configuring an AD domain to be used with authentication for endpoints and users within Cisco ISE. Which two steps are required to configure this to be used as an external identity store? (Choose two.)

  A. Add an Authentication Joint Point.
  B. Configure Authentication Domains.
  C. Configure Active Directory Schema.
  D. Configure Active Directory Domains.
  E. Add an Active Directory Join Point.
  D. Configure Active Directory Domains.
  E. Add an Active Directory Join Point.

• Question 227:

  What does MAB stand for?

  A. MAC Address Binding
  B. MAC Authorization Binding
  C. MAC Authorization Bypass
  D. MAC Authentication Bypass
  D. MAC Authentication Bypass

• Question 228:

  A network security administrator must integrate Cisco ISE with Active Directory. The administrator must carry out a leave operation.

  Which action on Active Directory is needed to meet the requirement?

  A. Remove the ISE machine account from the domain.
  B. Remove the ISE user account from the domain.
  C. Create ISE machine account to domain.
  D. Search Active Directory to see if admin user account exists.
  A. Remove the ISE machine account from the domain.

• Question 229:

  An administrator must restrict access to the IP address of an application based on the browser version of the endpoint. Cisco ISE profiling services and quest portal access must be configured to capture the user-agent. Information of the endpoint from a Cisco switch using the Device Sensor feature. These configurations were performed:

  1. added the switch to Cisco ISE

  2. configured device sensor on the switch

  3. enabled Cisco ISE portal access

  4. configured the user endpoint to connect to the Cisco ISE portal

  Which type of probe must be enabled next to complete the configuration?

  A. RADIUS
  B. DHCP
  C. SNMP
  D. NetFlow
  A. RADIUS

• Question 230:

  A network administrator changed a Cisco ISE deployment from pilot to production and noticed that the JVM memory utilization increased significantly. The administrator suspects this is due to replication between the nodes What must be configured to minimize performance degradation?

  A. Review the profiling policies for any misconfiguration
  B. Enable the endpoint attribute filter
  C. Change the reauthenticate interval.
  D. Ensure that Cisco ISE is updated with the latest profiler feed update
  B. Enable the endpoint attribute filter

  ---

  Explanation Explanation/Reference:https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/admin_guide/b_ise_admin_guide_23/b_ise_admin_guide_23_chapter_010111.html