Cisco 300-715 Online Practice Questions and Exam Preparation

Cisco 300-715 Online Questions & Answers

• Question 251:

  An enterprise uses a separate PSN for each of its four remote sites. Recently, a user reported receiving an "EAP-TLS authentication failed" message when moving between remote sites. Which configuration must be applied on Cisco ISE?

  A. Use a third-party certificate on the network device.
  B. Add the device to all PSN nodes in the deployment.
  C. Renew the expired certificate on one of the PSN.
  D. Configure an authorization profile for the end users.
  B. Add the device to all PSN nodes in the deployment.

  ---

  When using separate PSNs for different sites, the network device must be added to all PSN nodes in the deployment, so that the device can communicate with the appropriate PSN based on the location of the user1. If the device is not added to all PSN nodes, the user may encounter an EAP-TLS authentication failure when moving between sites, as the device may not be able to reach the PSN that issued the certificate2. The other options are not relevant for this scenario, as they do not address the issue of PSN communication.

• Question 252:

  An engineer is configuring web authentication and needs to allow specific protocols to permit DNS traffic. Which type of access list should be used for this configuration?

  A. reflexive ACL
  B. extended ACL
  C. standard ACL
  D. numbered ACL
  B. extended ACL

• Question 253:

  DRAG DROP

  Drag the steps to configure a Cisco ISE node as a primary administration node from the left into the correct order on the night.

  Select and Place:

  

  

  ---

  Step 1

  Choose Administration > System > Deployment.

  The Register button will be disabled initially. To enable this button, you must configure a Primary PAN.

  Step 2

  Check the check box next to the current node, and click Edit.

  Step 3

  Click Make Primary to configure your Primary PAN.

  Step 4

  Enter data on the General Settings tab.

  Step 5

  Click Save to save the node configuration.

• Question 254:

  A user is attempting to register a BYOD device to the Cisco ISE deployment but needs to use the onboarding policy to request a digital certificate and provision the endpoint. What must be configured to accomplish this task?

  A. The BYOD flow to ensure that the endpoint is provisioned prior to registering.
  B. The Cisco Secure Client provisioning policy to provision the endpoint for onboarding.
  C. A native supplicant provisioning policy to redirect the user to the BYOD portal for onboarding.
  D. The posture provisioning policy to give the endpoint the required components prior to registering.
  C. A native supplicant provisioning policy to redirect the user to the BYOD portal for onboarding.

• Question 255:

  What are two benefits of TACACS+ versus RADIUS for device administration? (Choose two )

  A. TACACS+ supports 802.1X, and RADIUS supports MAB
  B. TACACS+ uses UDP, and RADIUS uses TCP
  C. TACACS+ has command authorization, and RADIUS does not.
  D. TACACS+ provides the service type, and RADIUS does not
  E. TACACS+ encrypts the whole payload, and RADIUS encrypts only the password.
  C. TACACS+ has command authorization, and RADIUS does not.
  E. TACACS+ encrypts the whole payload, and RADIUS encrypts only the password.

• Question 256:

  A Cisco ISE administrator must authenticate users against Microsoft Active Directory. The solution must meet these requirements:

  1. Users and computers must be authenticated.

  2. User groups must be retrieved during authentication.

  Which protocol must be added to the allowed protocols on the policy to authenticate the users?

  A. EAP-TLS
  B. EAP-GTC
  C. MS-CHAPv2
  D. LEAP
  C. MS-CHAPv2

• Question 257:

  When planning for the deployment of Cisco ISE, an organization's security policy dictates that they must use network access authentication via RADIUS. It also states that the deployment provides an adequate amount of security and visibility for the hosts on the network. Why should the engineer configure MAB in this situation?

  A. The Cisco switches only support MAB.
  B. MAB provides the strongest form of authentication available.
  C. The devices in the network do not have a supplicant.
  D. MAB provides user authentication.
  C. The devices in the network do not have a supplicant.

• Question 258:

  Which Cisco ISE node does not support automatic failover?

  A. Inline Posture node
  B. Monitoring node
  C. Policy Services node
  D. Admin node
  D. Admin node

• Question 259:

  A network administrator must configura endpoints using an 802 1X authentication method with EAP identity certificates that are provided by the Cisco ISE When the endpoint presents the identity certificate to Cisco ISE to validate the certificate, endpoints must be authorized to connect to the network

  Which EAP type must be configured by the network administrator to complete this task?

  A. EAP-PEAP-MSCHAPv2
  B. EAP-TTLS
  C. EAP-FAST
  D. EAP-TLS
  D. EAP-TLS

  ---

  Explanation Explanation/Reference:https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/certificate-requirements-eap-tls-peap https://www.cisco.com/c/en/us/support/docs/wireless-mobility/eap-fast/200322-Understanding-EAP-FAST-and-Chaining-imp.html

• Question 260:

  An employee must access the internet through the corporate network from a new mobile device that does not support native supplicant provisioning provided by Cisco ISE. Which portal must the employee use to provision to the device?

  A. My Devices
  B. BYOD
  C. Personal Device
  D. Client Provisioning
  A. My Devices