1. Home
  2. Cisco
  3. 300-715

Cisco 300-715 Online Practice Questions and Exam Preparation

300-715 Exam Details

  • Exam Code
    :300-715
  • Exam Name
    :Implementing and Configuring Cisco Identity Services Engine (SISE)
  • Certification
    :CCNP Security
  • Vendor
    :Cisco
  • Total Questions
    :448 Q&As
  • Last Updated
    :May 25, 2026

Cisco 300-715 Online Questions & Answers

  • Question 341:

    To configure BYOD using Cisco ISE. an administrator is considering issuing certificates to the devices connecting to provide a better user experience. External CA servers cannot be used for this purpose because everything must be local to the Cisco ISE. What must be done to accomplish this?

    A. Use the captive portal network assistant to issue certificates to the endpoints as they authenticate.
    B. Use ISE as a sub CA for the BYOD portal and redirect users to the Root CA for certificate issuance.
    C. Configure the Cisco ISE Internal CA to issue certificates to each endpoint connecting to the BYOD network.
    D. Configure MS SCEP so that endpoints can query their local AD server for the correct certificate.

  • Question 342:

    A network engineer must configure a centralized Cisco ISE solution for wireless guest access with users in different time zones. The guest account activation time must be independent of the user time zone, and the guest account must be enabled automatically when the user self-registers on the guest portal. Which option in the time profile settings must be selected to meet the requirement?

    A. Select FromFirstLogin from the Account Type dropdown.
    B. Select FromCreation from the Account Type dropdown.
    C. Set the Maximum Account Duration to 1 Day.
    D. Set the Duration field to 24:00:00.

  • Question 343:

    Which two endpoint compliance statuses are possible? (Choose two.)

    A. unknown
    B. known
    C. invalid
    D. compliant
    E. valid

  • Question 344:

    Which two events trigger a CoA for an endpoint when CoA is enabled globally for ReAuth? (Choose two.)

    A. endpoint marked as lost in My Devices Portal
    B. addition of endpoint to My Devices Portal
    C. endpoint profile transition from Aop.e-dev.ee to Apple-iPhone
    D. endpoint profile transition from Unknown to Windows 10-Workstation
    E. updating of endpoint dACL.

  • Question 345:

    Which scenario does not support Cisco ISE guest services?

    A. wired NAD with local WebAuth
    B. wireless LAN controller with central WebAuth
    C. wireless LAN controller with local WebAuth
    D. wired NAD with central WebAuth

  • Question 346:

    Which two roles are taken on by the administration person within a Cisco ISE distributed environment? (Choose two.)

    A. backup
    B. secondary
    C. standby
    D. primary
    E. active

  • Question 347:

    What are two differences between the RADIUS and TACACS+ protocols? (Choose two.)

    A. RADIUS offers multiprotocol support, whereas TACACS+ does not.
    B. RADIUS is a Cisco proprietary protocol, whereas TACACS+ is an open standard protocol.
    C. RADIUS enables encryption of all the packets, whereas with TACACS+, only the password is encrypted.
    D. RADIUS combines authentication and authorization, whereas TACACS+ does not.
    E. TACACS+ uses TCP port 49, whereas RADIUS uses UDP ports 1812 and 1813.

  • Question 348:

    An engineer is adding a new network device to be used with 802.1X authentication. After configuring the device, the engineer notices that no endpoints that connect to the switch are able to authenticate. What is the problem?

    A. The command dot1x system-auth-control is not configured on the switch.
    B. The switch's supplicant is unable to establish a connection to Cisco ISE.
    C. The command dot1x critical vlan 40 is not configured on the switch ports.
    D. The endpoint firewalls are blocking the EAPoL traffic.

  • Question 349:

    What is an advantage of TACACS+ versus RADIUS authentication when reviewing reports in Cisco ISE?

    A. TACACS+ reduces authentication latency, and RADIUS increases latency by adding additional packet headers.
    B. TACACS+ performs secure communication with IPsec, and RADIUS uses DTLS encryption.
    C. TACACS+ provides command accounting, and RADIUS combines authentication and authorization.
    D. TACACS+ uses SSL certificates, and RADIUS does not have encryption.

  • Question 350:

    Which two statements regarding Zero Touch Provisioning (ZTP) on Cisco ISE are correct? (Choose two.)

    A. All passwords must be encrypted in the configuration file
    B. ZTP cannot be used if ICMP is blocked
    C. ZTP is only supported on VMWare
    D. ZTP is only supported on virtual appliances
    E. Linux is required to create the configuration image

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 300-715 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.