Cisco 300-715 Online Practice Questions and Exam Preparation

Cisco 300-715 Online Questions & Answers

• Question 361:

  An engineer is configuring a Sponsor portal in Cisco ISE. The authentication flow must go to an external source that uses Kerberos.

  Which type of external database must be used to meet the requirement?

  A. RADIUS
  B. SAML
  C. Active Directory
  D. LDAP
  C. Active Directory

• Question 362:

  What are the three default behaviors of Cisco ISE with respect to authentication, when a user connects to a switch that is configured for 802.1X, MAB, and WebAuth? (Choose three)

  A. MAB traffic uses internal endpoints for retrieving identity.
  B. Dot1X traffic uses a user-defined identity store for retrieving identity.
  C. Unmatched traffic is allowed on the network.
  D. Unmatched traffic is dropped because of the Reject/Reject/Drop action that is configured under Options.
  E. Dot1 traffic uses internal users for retrieving identity.
  A. MAB traffic uses internal endpoints for retrieving identity.
  D. Unmatched traffic is dropped because of the Reject/Reject/Drop action that is configured under Options.
  E. Dot1 traffic uses internal users for retrieving identity.

• Question 363:

  The security engineer for a company has recently deployed Cisco ISE to perform centralized authentication of all network device logins using TACACSs+ against the local AD domain. Some of the other network engineers are having a hard time remembering to enter their AD account password instead of the local admin password that they have used for years. The security engineer wants to change the password prompt to "Use Local AD Password:" as a way of providing a hint to the network engineers when logging in. Under which page in Cisco ISE would this change be made?

  A. Work Centers> Device Administration Ext Id Sources>Advanced Settings
  B. The password prompt cannot be changed on a Cisco IOS device
  C. Work Centers> Device Administration> Network Resources> Network Devices
  D. Work Centers> Device Administration> Settings> Connection Settings
  D. Work Centers> Device Administration> Settings> Connection Settings

• Question 364:

  An engineer is configuring a virtual cisco ISE deployment and needs each persona to be on a different node. Which persona should be configured with the largest amount of storage in this environment?

  A. Monitoring and troubleshooting
  B. Policy Service
  C. Primary administration
  D. Platform Exchange grid
  A. Monitoring and troubleshooting

• Question 365:

  DRAG DROP

  A network engineer must add a Cisco switch named HQ-IDF100 to Cisco ISE for TACACS+ device administration with a shared secret of PASSWORD1 and an IP address of 10.10.10.10.

  Drag and drop the configuration steps from the left into the sequence on the right.

  Select and Place:

  

  

• Question 366:

  A network engineer is configuring guest access and notices that when a guest user registers a second device for access, the first device loses access What must be done to ensure that both devices for a particular user are able to access the guest network simultaneously?

  A. Configure the sponsor group to increase the number of logins.
  B. Use a custom portal to increase the number of logins
  C. Modify the guest type to increase the number of maximum devices
  D. Create an Adaptive Network Control policy to increase the number of devices
  C. Modify the guest type to increase the number of maximum devices

  ---

  Explanation Explanation/Reference:https://content.cisco.com/chapter.sjs?uri=/searchable/chapter/content/en/us/td/docs/security/ise/2-7/admin_guide/b_ise_admin_guide_27/b_ise_admin_guide_27_chapter_01111.html.xml

• Question 367:

  An administrator must configure Cisco ISE to send CoA requests to a Cisco switch using SNMP. These configurations were performed:

  1.

  enabled SNMP on the switch

  2.

  added the switch to Cisco ISE

  3.

  configured a network device profile

  4.

  configured the NAD port detection method

  5.

  configured the operation to be performed on the switch port

  6.

  configured an authorization profile

  Which two configurations must be performed to send the CoA requests? (Choose two.)

  A. Configure a network device group
  B. Configure the SNMP server in Cisco ISE.
  C. Configure the switch SNMP settings of the NAD
  D. Configure SNMP authentication in Cisco ISE
  E. Select the CoA type as SNMP in the network device profile.
  B. Configure the SNMP server in Cisco ISE.
  E. Select the CoA type as SNMP in the network device profile.

  ---

  Configure the SNMP server in Cisco ISE 1. Cisco ISE must be set up to communicate with the switch using SNMP for CoA requests. 2. This involves configuring the SNMP settings in Cisco ISE to specify the SNMP version, community string (for SNMPv2c), or user credentials (for SNMPv3). Select the CoA type as SNMP in the network device profile 1. The network device profile in Cisco ISE determines how CoA requests are sent to the network device. 2. The CoA type must be explicitly set to SNMP in the device profile to ensure that CoA requests are transmitted using SNMP.

• Question 368:

  An engineer is unable to use SSH to connect to a switch after adding the required CLI commands to the device to enable TACACS+. The device administration license has been added to Cisco ISE, and the required policies have been created. Which action is needed to enable access to the switch?

  A. The ip ssh source-interface command needs to be set on the switch
  B. 802.1X authentication needs to be configured on the switch.
  C. The RSA keypair used for SSH must be regenerated after enabling TACACS+.
  D. The switch needs to be added as a network device in Cisco ISE and set to use TACACS+.
  D. The switch needs to be added as a network device in Cisco ISE and set to use TACACS+.

  ---

  https://www.cisco.com/c/en/us/td/docs/security/ise/3-0/admin_guide/b_ISE_admin_3_0/b_ISE_admin_30_device_admin.html

• Question 369:

  What happen when an internal user is configured with an external identity store for authentication but an engineer uses the cisco ise admin portal to select an internal identity store as the identity source?

  A. Authentication is granted
  B. Authentication failed
  C. Authentication is redirected to an external identity store
  D. Authentication is redirected to an external identity store
  B. Authentication failed

• Question 370:

  A network engineer responsible for the switching environment must provision a new switch to properly propagate security group tags within the TrustSec inline method. Which CLI command must the network engineer enter on the switch to globally enable the tagging of SGTs?

  A. cts sxp enable
  B. cts manual
  C. cts role-based sgt-map
  D. cts role-based enforcement
  B. cts manual

  ---

  The command "cts sxp enable" enables the Cisco TrustSec Secure Exchange Protocol (SXP) on the switch. SXP is used for propagating SGT information between network devices in a TrustSec deployment. By enabling SXP, the switch will be able to exchange SGT information with other TrustSec-capable devices in the network.