How Many Questions Of 300-715 Training

NEW QUESTION 1
An engineer is implementing Cisco ISE and needs to configure 802.1X. The port settings are configured for port-based authentication. Which command should be used to complete this configuration?

• A. dot1x pae authenticator
• B. dot1x system-auth-control
• C. authentication port-control auto
• D. aaa authentication dot1x default group radius

Answer: B

Explanation:
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/31sg/configuration/guide/conf/dot1x.

NEW QUESTION 2
An engineer needs to configure a compliance policy on Cisco ISE to ensure that the latest encryption software is running on the C drive of all endpoints. Drag and drop the configuration steps from the left into the sequence on the right to accomplish this task.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 3
Which three default endpoint identity groups does cisco ISE create? (Choose three)

• A. Unknown
• B. whitelist
• C. end point
• D. profiled
• E. blacklist

Answer: ADE

Explanation:
Default Endpoint Identity Groups Created for Endpoints
Cisco ISE creates the following five endpoint identity groups by default: Blacklist, GuestEndpoints, Profiled, RegisteredDevices, and Unknown. In addition, it creates two more identity groups, such as Cisco-IP-Phone and Workstation, which are associated to the Profiled (parent) identity group. A parent group is the default identity group that exists in the system.
https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ise_admin_guide_24/b_ise_admin_guide

NEW QUESTION 4
An administrator is configuring a switch port for use with 802 1X What must be done so that the port will allow voice and multiple data endpoints?

• A. Configure the port with the authentication host-mode multi-auth command
• B. Connect the data devices to the port, then attach the phone behind them.
• C. Use the command authentication host-mode multi-domain on the port
• D. Connect a hub to the switch port to allow multiple devices access after authentication

Answer: A

NEW QUESTION 5
What is a valid guest portal type?

• A. Sponsored-Guest
• B. My Devices
• C. Sponsor
• D. Captive-Guest

Answer: A

NEW QUESTION 6
A network administrator must configura endpoints using an 802 1X authentication method with EAP identity certificates that are provided by the Cisco ISE When the endpoint presents the identity certificate to Cisco ISE to validate the certificate, endpoints must be authorized to connect to the network Which EAP type must be configured by the network administrator to complete this task?

• A. EAP-PEAP-MSCHAPv2
• B. EAP-TTLS
• C. EAP-FAST
• D. EAP-TLS

Answer: D

Explanation:
https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/certificate-requirements-eap-tls-peap about EAP FAST
https://www.cisco.com/c/en/us/support/docs/wireless-mobility/eap-fast/200322-Understanding-EAP-FAST-and-

NEW QUESTION 7
What must match between Cisco ISE and the network access device to successfully authenticate endpoints?

• A. SNMP version
• B. shared secret
• C. certificate
• D. profile

Answer: B

Explanation:
https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_man_network_devices.html

NEW QUESTION 8
Which advanced option within a WLAN must be enabled to trigger Central Web Authentication for Wireless users on AireOS controller?

• A. DHCP server
• B. static IP tunneling
• C. override Interface ACL
• D. AAA override

Answer: D

NEW QUESTION 9
During BYOD flow, from where does a Microsoft Windows PC download the Network Setup Assistant?

• A. Cisco App Store
• B. Microsoft App Store
• C. Cisco ISE directly
• D. Native OTA functionality

Answer: C

NEW QUESTION 10
Which two default endpoint identity groups does Cisco ISE create? (Choose two )

• A. block list
• B. endpoint
• C. profiled
• D. allow list
• E. unknown

Answer: CE

Explanation:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide
Default Endpoint Identity Groups Created for EndpointsCisco ISE creates the following five endpoint identity groups by default: Blacklist, GuestEndpoints, Profiled, RegisteredDevices, and Unknown. In addition, it creates two more identity groups, such as Cisco-IP-Phone and Workstation, which are associated to the Profiled (parent) identity group. A parent group is the default identity group that exists in the system.
Cisco ISE creates the following endpoint identity groups:
Blacklist—This endpoint identity group includes endpoints that are statically assigned to this group in Cisco ISE and endpoints that are block listed in the device registration portal. An authorization profile can be defined in Cisco ISE to permit, or deny network access to endpoints in this group.
GuestEndpoints—This endpoint identity group includes endpoints that are used by guest users.
Profiled—This endpoint identity group includes endpoints that match endpoint profiling policies except Cisco IP phones and workstations in Cisco ISE.
RegisteredDevices—This endpoint identity group includes endpoints, which are registered devices that are added by an employee through the devices registration portal. The profiling service continues to profile these devices normally when they are assigned to this group. Endpoints are statically assigned to this group in Cisco ISE, and the profiling service cannot reassign them to any other identity group. These devices will appear like any other endpoint in the endpoints list. You can edit, delete, and block these devices that you added through the device registration portal from the endpoints list in the Endpoints page in Cisco ISE. Devices that you have blocked in the device registration portal are assigned to the Blacklist endpoint identity group, and an authorization profile that exists in Cisco ISE redirects blocked devices to a URL, which displays “Unauthorised Network Access”, a default portal page to the blocked devices.
Unknown—This endpoint identity group includes endpoints that do not match any profile in Cisco ISE. In addition to the above system created endpoint identity groups, Cisco ISE creates the following endpoint
identity groups, which are associated to the Profiled identity group:
Cisco-IP-Phone—An identity group that contains all the profiled Cisco IP phones on your network.
Workstation—An identity group that contains all the profiled workstations on your network.

NEW QUESTION 11
Which two external identity stores support EAP-TLS and PEAP-TLS? (Choose two.)

• A. Active Directory
• B. RADIUS Token
• C. Internal Database
• D. RSA SecurlD
• E. LDAP

Answer: AE

NEW QUESTION 12
Which two methods should a sponsor select to create bulk guest accounts from the sponsor portal? (Choose two )

• A. Random
• B. Monthly
• C. Daily
• D. Imported
• E. Known

Answer: AD

NEW QUESTION 13
Which two default guest portals are available with Cisco ISE? (Choose two.)

• A. visitor
• B. WIFI-access
• C. self-registered
• D. central web authentication
• E. sponsored

Answer: CE

NEW QUESTION 14
An engineer is configuring Cisco ISE for guest services They would like to have any unregistered guests redirected to the guest portal for authentication then have a CoA provide them with full access to the network that is segmented via firewalls Why is the given configuration failing to accomplish this goal?

• A. The Guest Flow condition is not in the line that gives access to the quest portal
• B. The Network_Access_Authentication_Passed condition will not work with guest services for portal access.
• C. The Permit Access result is not set to restricted access in its policy line
• D. The Guest Portal and Guest Access policy lines are in the wrong order

Answer: D

NEW QUESTION 15
Drag the descriptions on the left onto the components of 802.1X on the right.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 16
Which interface-level command is needed to turn on 802 1X authentication?

• A. Dofl1x pae authenticator
• B. dot1x system-auth-control
• C. authentication host-mode single-host
• D. aaa server radius dynamic-author

Answer: A

NEW QUESTION 17
An engineer is working with a distributed deployment of Cisco ISE and needs to configure various network probes to collect a set of attributes from the endpoints on the network. Which node should be used to accomplish this task?

• A. PSN
• B. primary PAN
• C. pxGrid
• D. MnT

Answer: A

NEW QUESTION 18
A network administrator is configuring authorization policies on Cisco ISE There is a requirement to use AD group assignments to control access to network resources After a recent power failure and Cisco ISE rebooting itself, the AD group assignments no longer work What is the cause of this issue?

• A. The AD join point is no longer connected.
• B. The AD DNS response is slow.
• C. The certificate checks are not being conducted.
• D. The network devices ports are shut down.

Answer: A

Explanation:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/ise_active_directory_integration/b_ISE_AD_integration_

NEW QUESTION 19
In a standalone Cisco ISE deployment, which two personas are configured on a node? (Choose two )

• A. publisher
• B. administration
• C. primary
• D. policy service
• E. subscriber

Answer: BD

Explanation:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-0/admin_guide/b_ise_admin_guide_20/b_ise_admin_guide

NEW QUESTION 20
Which two responses from the RADIUS server to NAS are valid during the authentication process? (Choose two)

• A. access-response
• B. access-request
• C. access-reserved
• D. access-accept
• E. access-challenge

Answer: BD

NEW QUESTION 21
......