300-715 Exam Details

  • Exam Code
    :300-715
  • Exam Name
    :Implementing and Configuring Cisco Identity Services Engine (SISE)
  • Certification
    :CCNP Security
  • Vendor
    :Cisco
  • Total Questions
    :448 Q&As
  • Last Updated
    :Jul 13, 2026

Cisco 300-715 Online Questions & Answers

  • Question 61:

    An administrator is troubleshooting an endpoint that is supposed to bypass 802.1X and use MAB. The endpoint is bypassing 802.1X and successfully getting network access using MAB, however the endpoint cannot communicate because it cannot obtain an IP address.

    What is the problem?

    A. The endpoint is using the wrong protocol to authenticate with Cisco ISE.
    B. The 802.1X timeout period is too long.
    C. The DHCP probe for Cisco ISE is not working as expected.
    D. An ACL on the port is blocking HTTP traffic.

  • Question 62:

    A network administrator must restrict sponsor account privileges for managing guest accounts on Cisco ISE for a new account that is being created. Sponsor groups currently exist for each business unit. The new sponsor that is being added must be restricted to only managing guest accounts created by sponsors from the same sponsor group. In which group must the new sponsor account be configured?

    A. GROUP_ACCOUNTS
    B. OWN_ACCOUNTS
    C. ALL_ ACCOUNTS
    D. ALL_EMPLOYEES

  • Question 63:

    An administrator is configuring TACACS+ on a Cisco switch but cannot authenticate users with Cisco ISE. The configuration contains the correct key of Cisc039712287. but the switch is not receiving a response from the Cisco ISE instance What must be done to validate the AAA configuration and identify the problem with the TACACS+ servers?

    A. Check for server reachability using the test aaa group tacacs+ admin legacy command.
    B. Test the user account on the server using the test aaa group radius server CUCS user admin pass legacy command.
    C. Validate that the key value is correct using the test aaa authentication admin legacy command.
    D. Confirm the authorization policies are correct using the test aaa authorization admin drop legacy command.

  • Question 64:

    Which three default endpoint identity groups does cisco ISE create? (Choose three)

    A. Unknown
    B. whitelist
    C. end point
    D. profiled
    E. block list

  • Question 65:

    In which scenario does Cisco ISE allocate an Advanced license?

    A. guest services with dACL enforcement
    B. endpoint authorization using SGA enforcement
    C. dynamic device profiling
    D. high availability Administrator nodes

  • Question 66:

    Which advanced option within a WLAN must be enabled to trigger Central Web Authentication for Wireless users on AireOS controller?

    A. DHCP server
    B. static IP tunneling
    C. override Interface ACL
    D. AAA override

  • Question 67:

    A network engineer is configuring a network device that needs to filter traffic based on security group tags using a security policy on a routed interface. Which command should be used to accomplish this task?

    A. cts authorization list
    B. cts role-based enforcement
    C. cts cache enable
    D. cts role-based policy priority-static

  • Question 68:

    What is a primary function of RADIUS compared to TACACS?

    A. RADIUS provides AAA for network access, whereas TACACS provides AAA for device administration.
    B. RADIUS supports command accounting, whereas TACACS supports only start/stop accounting.
    C. RADIUS supports multiple privilege levels, whereas TACACS supports only one privilege level.
    D. RADIUS supports command authorization, whereas TACACS provides no support for commands.

  • Question 69:

    Which term refers to an endpoint agent that tries to join an 802 1X-enabled network?

    A. EAP server
    B. supplicant
    C. client
    D. authenticator

  • Question 70:

    A network engineer is implementing cisco ISE and needs to configure 802.1x. the ports settings are configured for port-based authentication. Which command should be used to complete this configuration?

    A. aaa authentication dot1x default group radius
    B. dot1x system-auth-control
    C. authentication port-control auto
    D. dot1x pae authenticator

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 300-715 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.