300-715 Exam Questions
419 real 300-715 exam questions with expert-verified answers and explanations. Page 1 of 9.
- Question #1Policy Enforcement
Which two fields are available when creating an endpoint on the context visibility page of Cisco IS? (Choose two )
Cisco ISEContext VisibilityEndpoint ManagementPolicy Assignment - Question #2Policy Enforcement
When configuring Active Directory groups, what does the Cisco ISE use to resolve ambiguous group names?
Active Directory IntegrationGroup ResolutionSecurity IdentifierCisco ISE - Question #3Web Auth and Guest Services
What is the purpose of the ip http server command on a switch?
Web AuthenticationHTTP ServerRedirectionNetwork Access Control - Question #4BYOD
What are two requirements of generating a single signing in Cisco ISE by using a certificate provisioning portal, without generating a certificate request? (Choose two )
Cisco ISECertificate ManagementDevice ProvisioningPKI - Question #5Profiler
What service can be enabled on the Cisco ISE node to identity the types of devices connecting to a network?
Device ProfilingEndpoint IdentificationCisco ISE Features - Question #6Architecture and Deployment
In which two ways can users and endpoints be classified for TrustSec? (Choose two)
TrustSecEndpoint ClassificationSecurity Group TagsCisco ISE - Question #7Network Access Device Administration
What does the dot1x system-auth-control command do?
802.1XSwitch ConfigurationNetwork Access ControlAuthentication - Question #8Network Access Device Administration
Which command displays all 802.1X/MAB sessions that are active on the switch ports of a Cisco Catalyst switch?
802.1XMABSwitch CommandsAuthentication Sessions - Question #9Endpoint Compliance
What gives Cisco ISE an option to scan endpoints for vulnerabilities?
Cisco ISEEndpoint Vulnerability ScanningAuthorization ProfilePosture Assessment - Question #10Web Auth and Guest Services
A network administrator has just added a front desk receptionist account to the Cisco ISE Guest Service sponsor group. Using the Cisco ISE Guest Sponsor Portal, which guest service...
Cisco ISEGuest ServicesSponsor PortalGuest User Management - Question #11Network Access Device Administration
Which interface-level command is needed to turn on 802.1X authentication?
802.1XSwitch configurationInterface commandsAuthentication - Question #12Architecture and Deployment
Which permission is common to the Active Directory Join and Leave operations?
Active Directory IntegrationDomain JoinPermissionsISE Administration - Question #13Network Access Device Administration
Which two features must be used on Cisco ISE to enable the TACACS+ feature? (Choose two.)
TACACS+Device AdministrationISE LicensingISE Services - Question #14BYOD
During BYOD flow, from where does a Microsoft Windows PC download the Network Setup Assistant?
BYOD flowNetwork Setup AssistantCisco ISEWindows provisioning - Question #15Architecture and Deployment
Drag and Drop Question Drag the steps to configure a Cisco ISE node as a primary administration node from the left into the correct order on the night. Answer:
Cisco ISENode ConfigurationPrimary Administration NodeDeployment Steps - Question #16Endpoint Compliance
What are two components of the posture requirement when configuring Cisco ISE posture? (Choose two )
Cisco ISEPosture ServicesEndpoint CompliancePosture Requirements - Question #17Policy Enforcement
What is a method for transporting security group tags throughout the network?
Security Group TagsSGT-EPTrustSecPolicy Enforcement - Question #18Endpoint Compliance
Which two ports must be open between Cisco ISE and the client when you configure posture on Cisco ISE? (Choose two).
Cisco ISEPostureNetwork PortsFirewall Rules - Question #19Profiler
Which profiling probe collects the user-agent string?
Profiling ProbesHTTP ProfilingUser-Agent StringEndpoint Attributes - Question #20Policy Enforcement
Which supplicant(s) and server(s) are capable of supporting EAR-CHAINING?
EAP-ChainingCisco ISESupplicantNetwork Access Control - Question #21Policy Enforcement
Which two values are compared by the binary comparison function in authentication that is based on Active Directory?
Certificate AuthenticationActive DirectoryAuthentication Mechanisms - Question #22Web Auth and Guest Services
Which Cisco ISE component intercepts HTTP and HTTPS requests and redirects them to the Guest User Portal?
Guest User PortalWeb AuthenticationRedirectionNetwork Access Device - Question #23Network Access Device Administration
What are two benefits of TACACS+ versus RADIUS for device administration? (Choose two )
TACACS+RADIUSDevice AdministrationAAA Protocols - Question #24Endpoint Compliance
Client provisioning resources can be added into the Cisco ISE Administration node from which three of these? (Choose three.)
Client ProvisioningPosture ServicesResource Management - Question #25Architecture and Deployment
How is policy services node redundancy achieved in a deployment?
PSN RedundancyHigh AvailabilityRADIUS Server ListNAD Configuration - Question #26Policy Enforcement
If a user reports a device lost or stolen, which portal should be used to prevent the device from accessing the network while still providing information about why the device is bl...
BlacklistingLost/Stolen DevicesNetwork Access ControlSecurity Policy - Question #27Network Access Device Administration
A user reports that the RADIUS accounting packets are not being seen on the Cisco ISE server. Which command is the user missing in the switch's configuration?
RADIUS accountingAAA configurationNetwork device configurationCisco ISE - Question #28Network Access Device Administration
Which two task types are included in the Cisco ISE common tasks support for TACACS+ profiles? (Choose two.)
TACACS+ISENetwork Device AdministrationAuthorization Profiles - Question #29BYOD
What allows an endpoint to obtain a digital certificate from Cisco ISE during a BYOD flow?
BYODCertificate ProvisioningSupplicant Provisioning WizardCisco ISE - Question #30Architecture and Deployment
What occurs when a Cisco ISE distributed deployment has two nodes and the secondary node ,s deregistered?
ISE DeploymentNode ManagementDistributed DeploymentNode Deregistration - Question #31BYOD
Which port does Cisco ISE use for native supplicant provisioning of a Windows laptop?
ISE ProvisioningNative SupplicantTCP Ports - Question #32Profiler
Which of these is not a method to obtain Cisco ISE profiling data?
Cisco ISE ProfilingProfiling MethodsEndpoint Data CollectionISE Probes - Question #33Profiler
Which of the following is not true about profiling in Cisco ISE?
Cisco ISE ProfilingEndpoint ProfilingProfiling PoliciesPolicy Hierarchy - Question #34Profiler
Which three default endpoint identity groups does cisco ISE create? (Choose three)
Cisco ISEEndpoint Identity GroupsDefault ConfigurationProfiler - Question #35Endpoint Compliance
Which Cisco ISE service allows an engineer to check the compliance of endpoints before connecting to the network?
Cisco ISEEndpoint CompliancePosture ServiceNetwork Access Control - Question #36Profiler
Which default endpoint identity group does an endpoint that does not match any profile in Cisco ISE become a member of?
Cisco ISEEndpoint ProfilingIdentity GroupsDefault Behavior - Question #37Network Access Device Administration
Refer to the exhibit. Which command is typed within the CLI of a switch to view the troubleshooting output?
Authentication sessionsTroubleshooting commandsCisco switch CLIMAC authentication - Question #38Policy Enforcement
What must be configured on the Cisco ISE authentication policy for unknown MAC addresses/identities for successful authentication?
Authentication PolicyUnknown Identity HandlingCisco ISE - Question #39Profiler
Which two probes must be enabled for the ARP cache to function in the Cisco ISE profile service so that a user can reliably bind the IP address and MAC addresses of endpoints? (Cho...
Cisco ISE ProfilingEndpoint ProbesARP CacheIP-MAC Binding - Question #40Policy Enforcement
Which RADIUS attribute is used to dynamically assign the Inactivity active timer for MAB users from the Cisco ISE node?
RADIUS attributesIdle TimeoutMABSession Management - Question #41Architecture and Deployment
Which personas can a Cisco ISE node assume?
Cisco ISEISE personasNode rolesArchitecture - Question #42Architecture and Deployment
What is a characteristic of the UDP protocol?
UDPNetworking ProtocolsTransport Layer - Question #43Endpoint Compliance
Which two endpoint compliance statuses are possible? (Choose two.)
Endpoint complianceCompliance statusISE posturePosture states - Question #44Network Access Device Administration
Which are two characteristics of TACACS+? (Choose two ) ,
TACACS+AuthenticationAuthorizationNetwork Protocols - Question #45Policy Enforcement
Which two ports do network devices typically use for CoA? (Choose two )
CoARADIUSNetwork PortsPolicy Enforcement - Question #46Network Access Device Administration
Which two responses from the RADIUS server to NAS are valid during the authentication process? (Choose two )
RADIUS AuthenticationRADIUS Packet TypesNetwork Access Server (NAS) - Question #47BYOD
Which two components are required for creating a Native Supplicant Profile within a BYOD flow? (Choose two)
Native Supplicant ProfileBYODEndpoint OnboardingCisco ISE - Question #48Profiler
What is the minimum certainty factor when creating a profiler policy?
Profiler PolicyCertainty FactorEndpoint Profiling - Question #49Policy Enforcement
What must match between Cisco ISE and the network access device to successfully authenticate endpoints?
RADIUS authenticationShared secretCisco ISENAD communication - Question #50Web Auth and Guest Services
Which two methods should a sponsor select to create bulk guest accounts from the sponsor portal?
Guest AccountsSponsor PortalBulk CreationCisco ISE