Cisco 300-715 Online Practice Questions and Exam Preparation

Cisco 300-715 Online Questions & Answers

• Question 291:

  A network engineer needs to ensure that the access credentials are not exposed during the 802.1x authentication among components. Which two protocols should complete this task? (Choose two.)

  A. PEAP
  B. EAP-MD5
  C. LEAP
  D. EAP-TLS
  E. EAP-TTLS
  A. PEAP
  D. EAP-TLS

• Question 292:

  An administrator is adding a switch to the network that is running cisco ISE and is only for IP phones. the phones do not have the ability to authenticate via 802.1x. Which command is needed on each switch port for authentication?

  A. dot1x system-auth-control
  B. enable bypass-mac
  C. enable network-authentication
  D. mab
  D. mab

• Question 293:

  What must be configured on the WLC to configure Central Web Authentication using Cisco ISE and a WLC?

  A. Set the NAC State option to SNMP NAC.
  B. Set the NAC State option to RADIUS NAC.
  C. Use the radius-server vsa send authentication command.
  D. Use the ip access-group webauth in command.
  B. Set the NAC State option to RADIUS NAC.

• Question 294:

  An administrator is attempting to join a new node to the primary Cisco ISE node, but receives the error message "Node is Unreachable". What is causing this error?

  A. The second node is a PAN node.
  B. No administrative certificate is available for the second node.
  C. The second node is in standalone mode.
  D. No admin privileges are available on the second node.
  B. No administrative certificate is available for the second node.

  ---

  https://www.ciscopress.com/articles/article.asp?p=2812072

• Question 295:

  An engineer is implementing network access control using Cisco ISE and needs to separate the traffic based on the network device ID and use the IOS device sensor capability. Which probe must be used to accomplish this task?

  A. HTTP probe
  B. NetFlow probe
  C. network scan probe
  D. RADIUS probe
  D. RADIUS probe

  ---

  Explanation Explanation/Reference:https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/200292-Configure-Device-Sensor-for-ISE-Profilin.html http://www.network-node.com/blog/2016/1/2/ise-20-profiling

• Question 296:

  An engineer must create an authentication policy in Cisco ISE to allow wired printers that lack support for 802.1X onto the network. What must the RadiusFlowType be set to in the policy to meet the requirement?

  A. MAB
  B. Wired_MAB
  C. Compliant_Devices
  D. Compliance_Unknown_Devices
  B. Wired_MAB

• Question 297:

  When configuring an authorization policy, an administrator cannot see specific Active Directory groups present in their domain to be used as a policy condition. However, other groups that are in the same domain are seen. What is causing this issue?

  A. Cisco ISE only sees the built-in groups, not user created ones
  B. The groups are present but need to be manually typed as conditions
  C. Cisco ISE's connection to the AD join point is failing
  D. The groups are not added to Cisco ISE under the AD join point
  D. The groups are not added to Cisco ISE under the AD join point

  ---

  https://www.youtube.com/watch?v=0kuEZEo564sandab_channel=CiscoISE-IdentityServicesEngine

• Question 298:

  An engineer is using the low-impact mode for a phased deployment of Cisco ISE and is trying to connect to the network prior to authentication. Which access will be denied in this?

  A. HTTP
  B. DNS
  C. EAP
  D. DHCP
  A. HTTP

• Question 299:

  A network engineer is attempting to terminate and reinitialize wireless user sessions individually by using the Live Sessions tab in Cisco ISE. Cisco ISE and the Cisco WLC are separated by a firewall. Which port must be allowed on the firewall so that the network engineer can perform this function from Cisco ISE?

  A. TCP port 8443
  B. UDP port 5246
  C. UDP port 1700
  D. TCP port 3791
  C. UDP port 1700

• Question 300:

  An engineer is deploying Cisco ISE in a network that contains an existing Cisco Secure Firewall ASA. The customer requested that Cisco TrustSec be configured so that Cisco ISE and the firewall can share SGT information. Which protocol must be configured on Cisco ISE to meet the requirement?

  A. RADUIS
  B. pxGrid
  C. PAC
  D. SXP
  D. SXP

  ---

  Explanation Explanation/Reference:Cisco TrustSec uses Security Group Tags (SGTs) to implement security policies based on user roles and access permissions. To share SGT information between Cisco ISE and Cisco Secure Firewall ASA, the SGT Exchange Protocol (SXP) must be configured. SXP: This protocol is specifically designed to exchange SGT information between devices that cannot propagate SGTs natively in their data plane (like ASA firewalls). pxGrid: While it facilitates integration and sharing of policy information, it is not used for SGT propagation. RADIUS: Used for authentication, authorization, and accounting, but not for SGT information sharing. PAC (Protected Access Credential): Relevant for EAP-FAST authentication, not for SGT exchange. By configuring SXP on both Cisco ISE and the ASA firewall, SGT mappings can be securely shared, allowing the firewall to enforce TrustSec policies.