1. Home
  2. Cisco
  3. 300-715

Cisco 300-715 Online Practice Questions and Exam Preparation

300-715 Exam Details

  • Exam Code
    :300-715
  • Exam Name
    :Implementing and Configuring Cisco Identity Services Engine (SISE)
  • Certification
    :CCNP Security
  • Vendor
    :Cisco
  • Total Questions
    :448 Q&As
  • Last Updated
    :May 25, 2026

Cisco 300-715 Online Questions & Answers

  • Question 311:

    A network engineer must remove a device that has been allowlisted. How should the engineer remove it manually on Cisco ISE?

    A. Administration > Identity Management > Endpoint Identity Groups > Profiled
    B. Administration > Identity Management > Groups > Endpoint Identity Groups
    C. Administration > Identity Management > Groups > Endpoint Identity Groups > Profiled
    D. Administration > Identity Management > Endpoint Identity Groups

  • Question 312:

    Which Cisco ISE feature enables administrators to enroll a certificate to an endpoint with MAC address 04:90:45:06:46:AA without the need for an external PKI?

    A. ISE Internal CA
    B. Endpoint Identity Service
    C. Guest Access
    D. Posture Assessment

  • Question 313:

    An administrator is deploying IoT Connector with MAC address 11:22 33:44:55:AA that requires network access. New custom profiling policy must be configured in Cisco ISE in order to properly profile the connector.

    Which condition must be configured to meet the requirement?

    A. Radius_Called_Station-ID_ENDSSWITH_
    B. MAC_MACAddress_CONTAINS_
    C. DHCP_dhcpCacheDeviceID_CONTAINS_
    D. MAC_OUI_ENDSWITH_

  • Question 314:

    An engineer is performing a bulk import of printer endpoints into a Cisco ISE local database by using LDAP.

    Which LDAP field must be configured to ensure that devices are not profiled as Unknown?

    A. MAC Address objectClass
    B. Profile Attribute Name
    C. MAC Address Profile Class
    D. Device Profile Name

  • Question 315:

    During a 802 1X deployment, an engineer must identify failed authentications without causing problems for the connected endpoint.

    Which command will successfully achieve this?

    A. dotlxsystem-auth-control
    B. dotlx pae authenticator
    C. authentication open
    D. authentication port-control auto

  • Question 316:

    An administrator connects an HP printer to a dot1x enable port, but the printer in not accessible Which feature must the administrator enable to access the printer?

    A. MAC authentication bypass
    B. change of authorization
    C. TACACS authentication
    D. RADIUS authentication

  • Question 317:

    An engineer wants to learn more about Cisco ISE and deployed a new lab with two nodes. Which two persona configurations allow the engineer to successfully test redundancy of a failed node? (Choose two.)

    A. Configure one of the Cisco ISE nodes as the Health Check node.
    B. Configure both nodes with the PAN and MnT personas only.
    C. Configure one of the Cisco ISE nodes as the primary PAN and MnT personas and the other as the secondary.
    D. Configure both nodes with the PAN, MnT, and PSN personas.
    E. Configure one of the Cisco ISE nodes as the primary PAN and PSN personas and the other as the secondary.

  • Question 318:

    Refer to the exhibit.

    An administrator is manually adding a device to a Cisco ISE identity group to ensure that it is able to access the network when needed without authentication. Upon testing, the administrator notices that the device never hits the correct authorization policy line using the condition EndPoints-LogicalProfile EQUALS static_list. Why is this occurring?

    A. The dynamic logical profile is overriding the statically assigned profile
    B. The device is changing identity groups after profiling instead ot remaining static
    C. The logical profile is being statically assigned instead of the identity group
    D. The identity group is being assigned instead of the logical profile

  • Question 319:

    Refer to the exhibit.

    An engineer must configure BYOD in Cisco ISE. A single SSID must be used to allow BYOD devices to connect to the network. These configurations have been performed on Wireless LAN Controller already:

    RADIUS server BYOD-Dot1x SSID

    Which two configurations must be done in Cisco ISE to meet the requirement? (Choose two.)

    A. FlexConnect ACL
    B. External identity source
    C. Authentication policy
    D. Redirect ACL
    E. Profiling policy

  • Question 320:

    An administrator has manually added the MAC address of a wireless device to the Blocklist Identity Group for testing. When the device connects to the wireless network it triggers the Wireless Block List Default rule, but the device is still allowed to access the wireless network. What additional step must be taken to resolve tissue?

    A. Disable URL redirection on the Authorization Profile.
    B. Enable SNMP with read and write access on the Cisco WLC.
    C. Create an ACL named BLOCKHOLE on the Cisco WLC.
    D. Change the Access Type under the Authorization Profile lo ACCESS_REJECT.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 300-715 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.