Browse Exams Pricing

Exams300-715Questions

300-715 Exam Questions

419 real 300-715 exam questions with expert-verified answers and explanations. Page 3 of 9.

Question #101Network Access Device Administration
Which two features should be used on Cisco ISE to enable the TACACS+ feature? (Choose two )
Cisco ISETACACS+Device AdministrationLicensing
Question #102Policy Enforcement
A network engineer must enforce access control using special tags, without re-engineering the network design. Which feature should be configured to achieve this in a scalable manne...
Security Group TagsTrustSecAccess ControlPolicy Enforcement
Question #103Architecture and Deployment
An engineer is configuring a virtual Cisco ISE deployment and needs each persona to be on a different node. Which persona should be configured with the largest amount of storage in...
Cisco ISE deploymentISE personasStorage requirementsMonitoring and Troubleshooting
Question #104Profiler
An engineer is configuring Cisco ISE and needs to dynamically identify the network endpoints and ensure that endpoint access is protected. Which service should be used to accomplis...
Cisco ISEEndpoint ProfilingNetwork SecurityDevice Identification
Question #105BYOD
What should be considered when configuring certificates for BYOD?
CertificatesBYODCisco ISECommon Name (CN)
Question #106Network Access Device Administration
A policy is being created in order to provide device administration access to the switches on a network. There is a requirement to ensure that if the session is not actively being...
Session TimeoutDevice AdministrationIdle SessionPolicy Configuration
Question #107Architecture and Deployment
An administrator is attempting to replace the built-in self-signed certificates on a Cisco ISE appliance. The CA is requesting some information about the appliance in order to sign...
CertificatesCSRCisco ISEPKI
Question #108Web Auth and Guest Services
An organization is hosting a conference and must make guest accounts for several of the speakers attending. The conference ended two days early but the guest accounts are still bei...
Guest AccountsSponsor PortalAccount ManagementGuest Services
Question #109Endpoint Compliance
An administrator is configuring posture with Cisco ISE and wants to check that specific services are present on the workstations that are attempting to access the network. What mus...
Cisco ISEPostureEndpoint ComplianceService Condition
Question #110Architecture and Deployment
An engineer is configuring 802.1X and wants it to be transparent from the users' point of view. The implementation should provide open authentication on the switch ports while prov...
802.1XDeployment ModesNetwork Access ControlSecurity Policy
Question #111Architecture and Deployment
What is the deployment mode when two Cisco ISE nodes are configured in an environment?
Cisco ISEDeployment modesDistributed deploymentMulti-node
Question #112Architecture and Deployment
Which two roles are taken on by the administration person within a Cisco ISE distributed environment? (Choose two.)
Cisco ISE RolesDistributed DeploymentAdministration NodeHigh Availability
Question #113BYOD
A company is attempting to improve their BYOD policies and restrict access based on certain criteria. The company's subnets are organized by building. Which attribute should be use...
BYOD policiesLocation-based accessAccess controlIdentity groups
Question #114Policy Enforcement
An engineer is migrating users from MAB to 802.1X on the network. This must be done during normal business hours with minimal impact to users. Which CoA method should be used?
Change of Authorization802.1X migrationAuthentication methodsMinimal user impact
Question #115Web Auth and Guest Services
What must be configured on the WLC to configure Central Web Authentication using Cisco ISE and a WLC?
Central Web AuthenticationCisco ISEWLC ConfigurationRADIUS NAC
Question #116Network Access Device Administration
Refer to the exhibit. An organization recently implemented network device administration using Cisco ISE. Upon testing the ability to access all of the required devices, a user in...
Network Device AdministrationISE Authorization PolicyPolicy TroubleshootingTACACS+
Question #117Policy Enforcement
When creating a policy within Cisco ISE for network access control, the administrator wants to allow different access restrictions based upon the wireless SSID to which the device...
Cisco ISE PoliciesWireless Access ControlRADIUS AttributesSSID-based Policy
Question #118Endpoint Compliance
There is a need within an organization for a new policy to be created in Cisco ISE. It must validate that a specific anti-virus application is not only installed, but running on a...
Cisco ISEPosture PolicyApplication ConditionEndpoint Compliance
Question #119BYOD
An organization wants to improve their BYOD processes to have Cisco ISE issue certificates to the BYOD endpoints. Currently, they have an active certificate authority and do not wa...
BYODCertificate ManagementSCEPExternal CA Integration
Question #120Network Access Device Administration
An administrator is adding network devices for a new medical building into Cisco ISE. These devices must be in a network device group that is identifying them as "Medical Switch" s...
Network Device ConfigurationCisco ISEDevice GroupingPolicy Enforcement
Question #121Architecture and Deployment
An engineer is designing a new distributed deployment for Cisco ISE in the network and is considering failover options for the admin nodes. There is a need to ensure that an admin...
Cisco ISEAdmin Node FailoverDistributed DeploymentHigh Availability
Question #122Web Auth and Guest Services
A company manager is hosting a conference. Conference participants must connect to an open guest SSID and only use a preassigned code that they enter into the guest portal prior to...
Cisco ISEGuest AccessAccess CodesWeb Portal
Question #123Policy Enforcement
A network security engineer needs to configure 802.1X port authentication to allow a single host to be authenticated for data and another single host to be authenticated for voice....
802.1XPort authenticationHost modesMulti-domain authentication
Question #124Profiler
When setting up profiling in an environment using Cisco ISE for network access control, an organization must use non-proprietary protocols for collecting the information at layer 2...
Cisco ISEProfilingEndpoint ProbesNetwork Access Control
Question #125Endpoint Compliance
What is a function of client provisioning?
Client ProvisioningPosture AgentsEndpoint Onboarding
Question #126Policy Enforcement
An engineer is testing Cisco ISE policies in a lab environment with no support for a deployment server. In order to push supplicant profiles to the workstations for testing, firewa...
Cisco ISE personasPolicy Service Node (PSN)Supplicant profilesClient provisioning
Question #127Policy Enforcement
What is an advantage of using EAP-TLS over EAP-MS-CHAPv2 for client authentication?
EAP-TLSEAP-MS-CHAPv2Client AuthenticationDevice Certificates
Question #128Policy Enforcement
There are several devices on a network that are considered critical and need to be placed into the ISE database and a policy used for them. The organization does not want to use pr...
Endpoint Identity GroupsMAC addressManual endpoint classificationISE policy
Question #129Architecture and Deployment
An engineer is tasked with placing a guest access anchor controller in the DMZ. Which two ports or port sets must be opened up on the firewall to accomplish this task? (Choose two....
Firewall PortsDMZ DeploymentWLC ManagementNetwork Operations
Question #130Endpoint Compliance
Which three conditions can be used for posture checking? (Choose three.)
Posture checkingEndpoint complianceCisco ISENAC
Question #131Network Access Device Administration
An administrator is configuring TACACS+ on a Cisco switch but cannot authenticate users with Cisco ISE. The configuration contains the correct key of Cisc039712287. But the switch...
TACACS+AAA TroubleshootingCisco ISENetwork Device Administration Commands
Question #132Network Access Device Administration
Refer to the exhibit. In which scenario does this switch configuration apply?
Authentication Host-Mode802.1XNetwork Access ControlSwitch Configuration
Question #133Policy Enforcement
When configuring an authorization policy, an administrator cannot see specific Active Directory groups present in their domain to be used as a policy condition. However, other grou...
Active Directory IntegrationAuthorization PoliciesGroup ConfigurationCisco ISE Administration
Question #134Architecture and Deployment
A network administrator changed a Cisco ISE deployment from pilot to production and noticed that the JVM memory utilization increased significantly. The administrator suspects this...
Cisco ISE performanceReplication optimizationJVM memoryEndpoint attribute filtering
Question #135BYOD
An engineer is designing a BYOD environment utilizing Cisco ISE for devices that do not support native supplicants. Which portal must the security engineer configure to accomplish...
Cisco ISEBYODMy Devices PortalDevice Registration
Question #136Web Auth and Guest Services
A Cisco ISE administrator needs to ensure that guest endpoint registrations are only valid for one day. When testing the guest policy flow, the administrator sees that the Cisco IS...
Guest accessEndpoint registrationPurge policiesISE
Question #137Architecture and Deployment
A network engineer is configuring Cisco TrustSec and needs to ensure that the Security Group Tag is being transmitted between two devices. Where in the Layer 2 frame should this be...
Cisco TrustSecSecurity Group Tag (SGT)Layer 2 EncapsulationCMD header
Question #138Web Auth and Guest Services
A Cisco ISE server sends a CoA to a NAD after a user logs in successfully using CWA. Which action does the CoA perform?
CWACoANetwork Access ControlAuthentication Flow
Question #139Web Auth and Guest Services
A customer wants to set up the Sponsor portal and delegate the authentication flow to a third party for added security while using Kerberos. Which database should be used to accomp...
Sponsor PortalKerberosActive DirectoryExternal Authentication
Question #140Endpoint Compliance
An administrator is configuring a Cisco ISE posture agent in the client provisioning policy and needs to ensure that the posture policies that interact with clients are monitored,...
Cisco ISE PostureAnyConnectClient ProvisioningEndpoint Compliance
Question #141Policy Enforcement
Refer to the exhibit. Which switch configuration change will allow only one voice and one data endpoint on each port?
Network Access Control802.1XSwitch Port AuthenticationMulti-domain Authentication
Question #142Network Access Device Administration
An administrator needs to give the same level of access to the network devices when users are logging into them using TACACS+. However, the administrator must restrict certain comm...
TACACS+Cisco ISEShell ProfilesCommand Sets
Question #143Profiler
An administrator for a small network is configuring Cisco ISE to provide dynamic network access to users. Management needs Cisco ISE to not automatically trigger a CoA whenever a p...
Cisco ISE ProfilerChange of Authorization (CoA)Profiling PolicyEndpoint Classification
Question #144Network Access Device Administration
Drag and Drop Question Drag and drop the description from the left onto the protocol on the right that is used to carry out system authentication, authentication, and accounting. A...
AAARADIUSTACACS+Network Access Control
Question #145Policy Enforcement
Drag and Drop Question An organization wants to implement 802.1X and is debating whether to use PEAP-MSCHAPv2 or PEAP-EAP-TLS for authentication. Drag the characteristics on the le...
802.1XEAP MethodsAuthenticationNetwork Security
Question #146Policy Enforcement
A network administrator is configuring authorization policies on Cisco ISE. There is a requirement to use AD group assignments to control access to network resources. After a recen...
Cisco ISEActive Directory IntegrationAuthorization PoliciesTroubleshooting
Question #147Web Auth and Guest Services
A network administrator is setting up wireless guest access and has been unsuccessful in testing client access. The endpoint is able to connect to the SSID but is unable to grant a...
Guest Access TroubleshootingCisco ISESession TraceWeb Authentication
Question #148Profiler
An administrator is configuring new probes to use with Cisco ISE and wants to use metadata to help profile the endpoints. The metadata must contain traffic information relating to...
Cisco ISEEndpoint ProfilingDHCP ProbeMetadata
Question #149Policy Enforcement
An organization wants to standardize the 802.1X configuration on their switches and remove static ACLs on the switch ports while allowing Cisco ISE to communicate to the switch wha...
Cisco ISE802.1XDynamic ACL (dACL)Authorization Policy
Question #150Web Auth and Guest Services
A network engineer is configuring guest access and notices that when a guest user registers a second device for access, the first device loses access. What must be done to ensure t...
Guest AccessCisco ISE ConfigurationGuest TypeDevice Limit

PreviousPage 3 of 9Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.