Cisco 300-715 Online Practice Questions and Exam Preparation

Cisco 300-715 Online Questions & Answers

• Question 271:

  In addition to the CLI, what is another option to manage a Cisco IPS?

  A. SDEE
  B. Cisco SDM
  C. Cisco IDM
  D. Cisco ISE
  D. Cisco ISE

• Question 272:

  Client provisioning resources can be added into the Cisco ISE Administration node from which three of these? (Choose three.)

  A. FTP
  B. TFTP
  C. www-cisco.com
  D. local disk
  E. Posture Agent Profile
  C. www-cisco.com
  D. local disk
  E. Posture Agent Profile

• Question 273:

  A network engineer has recently configured a remote branch router to authenticate to a centralized Cisco ISE server behind the corporate firewall using TACACS+. After making this configuration change, the engineer opened another SSH session to the router in order to verity that login attempts are now being sent to Cisco ISE, however that login attempt was unsuccessful. There are no connection attempts showing in the TACACS live log in Cisco ISE and the firewall administrator has verified that they see syslog and SNMP traffic destinated for the IP address of Cisco ISE, but no TACACS+ traffic. Which misconfiguration is the cause of the failed login?

  A. The router is missing a route to the Cisco ISE server.
  B. The tacacs source-interface command on the router references the wrong interface.
  C. No hosts have been defined under the aaa server group on the router.
  D. The shared secret entered on the router for the Cisco ISE server is incorrect.
  C. No hosts have been defined under the aaa server group on the router.

• Question 274:

  Which CLI command must be configured on the switchport to immediately run the MAB process if a non-802 1X capable endpoint connects to the port?

  A. authentication order mab dot1x
  B. dot1x pae authenticator
  C. authentication fallback
  D. access-session port-control auto
  A. authentication order mab dot1x

• Question 275:

  Refer to the exhibit.

  

  An organization recently implemented network device administration using Cisco ISE. Upon testing the ability to access all of the required devices, a user in the Cisco ISE group IT Admins is attempting to login to a device in their organization's finance department but is unable to. What is the problem?

  A. The IT training rule is taking precedence over the IT Admins rule.
  B. The authorization conditions wrongly allow IT Admins group no access to finance devices.
  C. The finance location is not a condition in the policy set.
  D. The authorization policy doesn't correctly grant them access to the finance devices.
  D. The authorization policy doesn't correctly grant them access to the finance devices.

• Question 276:

  An engineer of Company A wants to know what kind of devices are connecting to the network. Which service can be enabled on the Cisco ISE node?

  A. central web authentication
  B. posture
  C. MAB
  D. profiling
  D. profiling

  ---

  Cisco ISE Profiling Services provides dynamic detection and classification of endpoints connected to the network.Using MAC addresses as the unique identifier, ISE collects various attributes for each network endpoint to build an internal endpoint database.

• Question 277:

  An administrator replaced a PSN in the distributed Cisco ISE environment. When endpoints authenticate to it, the devices are not getting the right profiles or attributes and as a result, are not hitting the correct policies. This was working correctly on the previous PSN. Which action must be taken to ensure the endpoints get identified?

  A. Verify that the MnT node is tracking the session.
  B. Verify the shared secret used between the switch and the PSN.
  C. Verify that the profiling service is running on the new PSN.
  D. Verify that the authentication request the PSN is receiving is not malformed.
  C. Verify that the profiling service is running on the new PSN.

  ---

  Explanation

• Question 278:

  An organization wants to standardize the 802 1X configuration on their switches and remove static ACLs on the switch ports while allowing Cisco ISE to communicate to the switch what access to provide What must be configured to accomplish this task?

  A. security group tag within the authorization policy
  B. extended access-list on the switch for the client
  C. port security on the switch based on the client's information
  D. dynamic access list within the authorization profile
  D. dynamic access list within the authorization profile

  ---

  Explanation Explanation/Reference:https://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_sga_pol.html#

• Question 279:

  What must match between Cisco ISE and the network access device to successfully authenticate endpoints?

  A. SNMP version
  B. shared secret
  C. certificate
  D. profile
  B. shared secret

  ---

  Explanation Explanation/Reference:https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_man_network_devices.html

• Question 280:

  An engineer is deploying Cisco ISE into an existing wireless environment for a hospital. The requirement from the customer is that the WLC use Cisco ISE for Central Web Authentication. The company also has a Cisco MSE that is used with the WLC to restrict access to patient records over wireless to the room of the patient only. Which option must be selected in the Authorization Profile on Cisco ISE to support the integration?

  A. MAP Location
  B. Access Type
  C. Track Movement
  D. Service Template
  A. MAP Location

  ---

  To support the integration of Cisco ISE with a Cisco Mobility Services Engine (MSE) and a Wireless LAN Controller (WLC) for restricting access based on the location of a patient, the MAP Location option must be selected in the Authorization Profile in Cisco ISE. The MAP Location option allows Cisco ISE to leverage location information provided by the MSE. This ensures that authorization policies are dynamically applied based on the endpoint's physical location, such as restricting access to patient records to specific rooms in the hospital.