Cisco 300-715 Online Practice Questions and Exam Preparation

Cisco 300-715 Online Questions & Answers

• Question 261:

  Refer to the exhibit

  

  Which switch configuration change will allow only one voice and one data endpoint on each port?

  A. Multi-auth to multi-domain B. Mab to dot1x
  C. Auto to manual
  D. Multi-auth to single-auth
  A. Multi-auth to multi-domain B. Mab to dot1x

  ---

  Explanation Explanation/Reference:https://community.cisco.com/t5/network-access-control/cisco-ise-multi-auth-or-multi-host/m-p/3750907

• Question 262:

  What is a function of client provisioning?

  A. Client provisioning ensures that endpoints receive the appropriate posture agents.
  B. Client provisioning checks a dictionary attribute with a value.
  C. Client provisioning ensures an application process is running on the endpoint.
  D. Client provisioning checks the existence, date, and versions of the file on a client.
  A. Client provisioning ensures that endpoints receive the appropriate posture agents.

  ---

  https://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_client_prov.html#:~:text=After%20Cisco%20ISE%20classifies%20a,packages%20an d%20profiles%2C%20if%20necessary.

• Question 263:

  Which default endpoint identity group does an endpoint that does not match any profile in Cisco ISE become a member of?

  A. Endpoint
  B. unknown
  C. blacklist
  D. white list
  E. profiled
  B. unknown

  ---

  Explanation Explanation/Reference: If you do not have a matching profiling policy, you can assign an unknown profiling policy. The endpoint is therefore profiled as Unknown. The endpoint that does not match any profile is grouped within the Unknown identity group. The endpoint profiled to the Unknown profile requires that you create a profile with an attribute or a set of attributes collected for that endpoint. https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_man_identities.html

• Question 264:

  What is the default port used by Cisco ISE for NetFlow version 9 probe?

  A. UDP 9996
  B. UDP 9997
  C. UDP 9998
  D. UDP 9999
  A. UDP 9996

• Question 265:

  Which two values are compared by the binary comparison function in authentication that is based on Active Directory? (Choose 2)

  A. subject alternative name and the common name
  B. MS-CHAFV2 provided machine credentials and credentials stored in Active Directory
  C. user-presented password hash and a hash stored in Active Directory
  D. user-presented certificate and a certificate stored in Active Directory
  A. subject alternative name and the common name
  D. user-presented certificate and a certificate stored in Active Directory

• Question 266:

  An engineer is configuring a new Cisco ISE node. The Cisco ISE must make authorization decisions based on the threat and vulnerability attributes received from the threat and vulnerability adapters. Which persona must be enabled?

  A. pxGrid
  B. Policy Service
  C. Administration
  D. Monitoring
  A. pxGrid

  ---

  Explanation Explanation/Reference:To enable Cisco ISE to make authorization decisions based on threat and vulnerability attributes received from external sources, the pxGrid persona must be enabled. pxGrid (Platform Exchange Grid) is a Cisco ISE service that facilitates communication between ISE and third-party systems for the exchange of context-based information such as threat intelligence, vulnerabilities, and device posture. How pxGrid Works: 1. pxGrid provides a framework for integrating external systems like threat intelligence platforms or vulnerability scanners with Cisco ISE. 2. These systems send threat and vulnerability data to Cisco ISE via pxGrid. 3. Cisco ISE uses this information to enforce dynamic authorization policies, such as quarantining or restricting access for compromised devices.

• Question 267:

  An enterprise uses a separate PSN for each of its four remote sites. Recently, a user reported receiving an "EAP-TLS authentication failed" message when moving between remote sites. Which configuration must be applied on Cisco ISE?

  A. Use a third-party certificate on the network device.
  B. Add the device to all PSN nodes in the deployment.
  C. Configure an authorization profile for the end users.
  D. Renew the expired certificate on one of the PSN.
  D. Renew the expired certificate on one of the PSN.

• Question 268:

  Which nodes are supported in a distributed Cisco ISE deployment? (Choose two.)

  A. Policy Service nodes for session failover
  B. Administration nodes for session failover
  C. Monitoring nodes for PxGrid services
  D. Policy Service nodes for automatic failover
  A. Policy Service nodes for session failover

  ---

  In a distributed Cisco Identity Services Engine (ISE) deployment, the following types of nodes are supported: 1. Administration Nodes (PANs): These are responsible for configuration, administration, and reporting. 2. Policy Service Nodes (PSNs): These handle the policy evaluation, including authentication, authorization, and accounting (AAA). 3. Monitoring Nodes (MnT): These store logs and provide reporting services. Policy Service nodes are essential for session failover in a distributed environment. When multiple PSNs are deployed, if one PSN fails, session traffic can automatically reroute to another PSN. This ensures high availability and session continuity. However, automatic failover for policy services is a misnomer since failover requires session traffic to be directed manually or through load balancing mechanisms. Administration nodes and monitoring nodes do not manage session failover.

• Question 269:

  Which two features should be used on Cisco ISE to enable the TACACS+ feature? (Choose two )

  A. External TACACS Servers
  B. Device Admin Service
  C. Device Administration License
  D. Server Sequence
  E. Command Sets
  B. Device Admin Service
  C. Device Administration License

• Question 270:

  The security team wants to secure the wired network. A legacy printer on the network with the MAC address 00:43:08:50:64:60 does not support 802.1X. Which setting must be enabled in the Allowed Authentication Protocols list in your Authentication Policy for Cisco ISE to support MAB for this MAC address?

  A. MS-CHAPv2
  B. EAP-TLS
  C. PAP
  D. Process Host Lookup
  D. Process Host Lookup

  ---

  https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/admin_guide/b_ise_admin_guide_22/b_ise_admin_guide_22_chapter_010010.html#task_282816DDB9BA440BAF30EB451FF3445E