Cisco 300-715 Online Practice Questions and Exam Preparation

Cisco 300-715 Online Questions & Answers

• Question 321:

  An engineer is using the low-impact mode of phased deployment of cisco ISE and is trying to connect to the network prior to the authentication, which access will be denied in this deployment?

  A. DNS
  B. DHCP
  C. HTTP
  D. EAP
  C. HTTP

• Question 322:

  The 300 GB OVA templates for VMs are sufficient for which two dedicated Cisco ISE node types? (Choose two.)

  A. Administration
  B. Log Collector
  C. pxGrid
  D. Policy Service
  E. Monitoring
  C. pxGrid
  D. Policy Service

• Question 323:

  What occurs when a Cisco ISE distributed deployment has two nodes and the secondary node is deregistered?

  A. The primary node restarts
  B. The secondary node restarts.
  C. The primary node becomes standalone
  D. Both nodes restart.
  B. The secondary node restarts.

• Question 324:

  When setting up profiling in an environment using Cisco ISE for network access control, an organization must use non-proprietary protocols for collecting the information at layer 2. Which two probes will provide this information without forwarding SPAN packets to Cisco ISE? {Choose two.)

  A. DHCP SPAN probe
  B. SNMP query probe
  C. NetFlow probe
  D. RADIUS probe
  E. DNS probe
  B. SNMP query probe
  D. RADIUS probe

  ---

  https://ciscocustomer.lookbookhq.com/iseguidedjourney/ISE-profiling-design

• Question 325:

  What is the difference between how RADIUS and TACACS+ handle encryption?

  A. RADIUS encrypts only the username and password fields, whereas TACACS+ encrypts the entire packet.
  B. RADIUS only encrypts the password field, whereas TACACS+ encrypts the entire packet.
  C. RADIUS encrypts the entire packet, whereas TACACS+ encrypts only the username and password fields.
  D. RADIUS encrypts the entire packet, whereas TACACS+ only encrypts the password field.
  B. RADIUS only encrypts the password field, whereas TACACS+ encrypts the entire packet.

  ---

  Explanation

• Question 326:

  What are the minimum requirements for deploying the Automatic Failover feature on Administration nodes in a distributed Cisco ISE deployment?

  A. a primary and secondary PAN and a health check node for the Secondary PAN
  B. a primary and secondary PAN and no health check nodes
  C. a primary and secondary PAN and a pair of health check nodes
  D. a primary and secondary PAN and a health check node for the Primary PAN
  D. a primary and secondary PAN and a health check node for the Primary PAN

  ---

  In a high availability configuration, the Primary Administration Node (PAN) is in the active state. The Secondary PAN (backup PAN) is in the standby state, which means it receives all configuration updates from the Primary PAN, but is not active in the ISE network. Cisco ISE supports manual and automatic failover. With automatic failover, when the Primary PAN goes down, an automatic promotion of the Secondary PAN is initiated. Automatic failover requires a non-administration secondary node, which is called a health check node. The health check node checks the health of Primary PAN. If the health detects that the Primary PAN is down or unreachable, the health check node initiates the promotion of the Secondary PAN to take over the primary role. To deploy the auto-failover feature, you must have at least three nodes, where two of the nodes assume the Administration persona, and one node acts as the health check node. A health check node is a non-administration node and can be a Policy Service, Monitoring, or pxGrid node, or a combination of these. If the PANs are in different data centers, you must have a health check node for each PAN.

• Question 327:

  An administrator is adding network devices for a new medical building into Cisco ISE. These devices must be in a network device group that is identifying them as "Medical Switch" so that the policies can be made separately for the endpoints connecting through them.

  Which configuration item must be changed in the network device within Cisco ISE to accomplish this goal?

  A. Change the device type to Medical Switch.
  B. Change the device profile to Medical Switch.
  C. Change the model name to Medical Switch.
  D. Change the device location to Medical Switch.
  A. Change the device type to Medical Switch.

• Question 328:

  Refer to the exhibit.

  

  A network engineers configuring the switch to accept downloadable ACLs from a Cisco ISC server.

  Which two commands should be run to complete the configuration? (Choose two)

  A. AAA authorization auth-proxy default group radius
  B. radius server vsa sand authentication
  C. radius-server attribute 8 include-in-access-req
  D. IP device tracking
  E. dot1x system-auth-control
  D. IP device tracking
  E. dot1x system-auth-control

• Question 329:

  Which two features are available when the primary admin node is down and the secondary admin node has not been promoted? (Choose 2)

  A. hotspot
  B. new AD user 802 1X authentication
  C. posture
  D. BYOD
  E. guest AUP
  B. new AD user 802 1X authentication
  C. posture

• Question 330:

  A Cisco ISE administrator must restrict specific endpoints from accessing the network while in closed mode. The requirement is to have Cisco ISE centrally store the endpoints to restrict access from.

  What must be done to accomplish this task?

  A. Create a profiling policy for each endpoint with the cdpCacheDeviceId attribute.
  B. Create a logical profile for each device's profile policy and block that via authorization policies.
  C. Add each MAC address manually to a blocklist identity group and create a policy denying access.
  D. Add each IP address to a policy denying access.
  C. Add each MAC address manually to a blocklist identity group and create a policy denying access.