Browse Exams Pricing

Exams300-715Questions

300-715 Exam Questions

419 real 300-715 exam questions with expert-verified answers and explanations. Page 5 of 9.

Question #201Web Auth and Guest Services
Which two default guest portals are available with Cisco ISE? (Choose two.)
Cisco ISEGuest ServicesGuest PortalsDefault Configuration
Question #202Policy Enforcement
An administrator is configuring a switch port for use with 802.1X. What must be done so that the port will allow voice and multiple data endpoints?
802.1XMulti-domain authenticationVoice VLANSwitch Port Security
Question #203Policy Enforcement
Which RADIUS attribute is used to dynamically assign the inactivity active timer for MAB users from the Cisco ISE node?
RADIUS attributesInactivity timerMAC Authentication Bypass (MAB)Cisco ISE
Question #204Web Auth and Guest Services
Refer to the exhibit. An engineer is configuring Cisco ISE for guest services and needs any unregistered guests redirected to the guest portal for authentication, then have a CoA p...
Cisco ISEGuest ServicesAuthorization PoliciesWeb Redirection
Question #205Network Access Device Administration
An engineer is configuring ISE for network device administration and has devices that support both protocols. What are two benefits of choosing TACACS+ over RADUs for these devices...
TACACS+RADIUSNetwork Device AdministrationProtocol Comparison
Question #206Policy Enforcement
During a 802.1X deployment, an engineer must identify failed authentications without causing problems for the connected endpoint. Which command will successfully achieve this?
802.1XAuthentication ModesNAC DeploymentMonitoring
Question #207Network Access Device Administration
An engineer is configuring 802.1X and is testing out their policy sets. After authentication, some endpoints are given an access-reject message but are still allowed onto the netwo...
802.1XSwitch Port ConfigurationAuthentication ModesNetwork Access Control
Question #208Web Auth and Guest Services
An engineer has been tasked with standing up a new guest portal for customers that are waiting in the lobby. There is a requirement to allow guests to use their social media logins...
Guest portalSocial media loginSelf-registrationCisco ISE
Question #209Architecture and Deployment
Which Cisco ISE deployment model provides redundancy by having every node in the deployment configured with the Administration. Policy Service, and Monitoring personas to protect f...
Cisco ISE deploymentDeployment modelsRedundancyISE personas
Question #210Endpoint Compliance
Refer to the exhibit. An engineer is configuring the remote access VPN to use Cisco ISE for AAA and needs to conduct posture checks on the connecting endpoints. After the endpoint...
Cisco ISEPosture ComplianceDynamic AuthorizationRemote Access VPN
Question #211Architecture and Deployment
Which two Cisco ISE deployment models require two nodes configured with dedicated PAN and MnT personas? (Choose two.)
Cisco ISE DeploymentPersona AssignmentHigh AvailabilityScalability
Question #212Endpoint Compliance
Which compliance status is set when a matching posture policy has been defined for that endpoint, but all the mandatory requirements during posture assessment are not met?
Endpoint CompliancePosture AssessmentCompliance StatusCisco ISE
Question #213Policy Enforcement
A Cisco device has a port configured in multi-authentication mode and is accepting connections only from hosts assigned the SGT of SGT_0422048549. The VLAN trunk link supports a ma...
Cisco TrustSecSecurity Group Tags (SGT)Inline TaggingVLAN Policy Enforcement
Question #214Network Access Device Administration
An administrator wants to configure network device administration and is trying to decide whether to use TACACS+ or RADIUS. A reliable protocol must be used that can check command...
TACACS+RADIUSAAANetwork Device Administration
Question #215Architecture and Deployment
An administrator has added a new Cisco ISE PSN to their distributed deployment. Which two features must the administrator enable to accept authentication requests and profile the e...
Cisco ISE PSNSession ServicesProfiling ServicesDistributed Deployment
Question #216Architecture and Deployment
Refer to the exhibit. Which two configurations are needed on a catalyst switch for it to be added as a network access device in a Cisco ISE that is being used for 802.1X authentica...
802.1XRADIUSCisco ISE integrationSwitch configuration
Question #217Web Auth and Guest Services
An administrator is configuring sponsored guest access using Cisco ISE Access must be restricted to the sponsor portal to ensure that only necessary employees can issue sponsored a...
Sponsored Guest AccessSponsor PortalSponsor GroupsISE Identity Groups
Question #218Policy Enforcement
Refer to the exhibit. An engineer is configuring a client but cannot authenticate to Cisco ISE. During troubleshooting, the show authentication sessions command was issued to displ...
Cisco ISEAuthentication troubleshootingNetwork Access Control (NAC)IOS commands
Question #219Policy Enforcement
Refer to the exhibit. An administrator is manually adding a device to a Cisco ISE identity group to ensure that it is able to access the network when needed without authentication....
ISE authorization policyEndpoint logical profilesStatic assignmentIdentity groups
Question #220Policy Enforcement
An engineer is creating a new authorization policy to give the endpoints access to VLAN 310 upon successful authentication. The administrator tests the 802.1X authentication for th...
802.1XAuthorization ProfileVLAN AssignmentCisco ISE
Question #221Endpoint Compliance
An engineer is configuring posture assessment for their network access control and needs to use an agent that supports using service conditions as conditions for the assessment. Th...
Posture AssessmentAnyConnect Posture ModuleStealth ModuleAgent Visibility
Question #222BYOD
A user is attempting to register a BYOD device to the Cisco ISE deployment, but needs to use the onboarding policy to request a digital certificate and provision the endpoint. What...
BYOD OnboardingNative Supplicant ProvisioningCisco ISE PoliciesDigital Certificate Provisioning
Question #223Architecture and Deployment
Drag and Drop Question Drag and drop the configuration steps from the left into the sequence on the right to install two Cisco ISE nodes in a distributed deployment. Answer:
Cisco ISEDistributed DeploymentInstallation StepsNode Configuration
Question #224Policy Enforcement
An engineer is configuring a posture policy for Windows 10 endpoints and wants to ensure that users in each AD group have different conditions to meet to be compliant. What must be...
Cisco ISEPosture PolicyAuthorization PolicyActive Directory Integration
Question #225Web Auth and Guest Services
An organization wants to enable web-based guest access for both employees and visitors. The goal is to use a single portal for both user types. Which two authentication methods sho...
Guest accessWeb portal authenticationLDAPLocal authentication
Question #226Policy Enforcement
Which two authentication protocols are supported by RADIUS but not by TACACS+? (Choose two.)
RADIUSTACACS+Authentication ProtocolsEAPMSCHAPv2
Question #227Network Access Device Administration
What is a difference between RADIUS and TACACS+?
RADIUSTACACS+AAA protocolsAuthentication vs Authorization
Question #228Network Access Device Administration
An engineer is unable to use SSH to connect to a switch after adding the required CLI commands to the device to enable TACACS+. The device administration license has been added to...
TACACS+Cisco ISEDevice AdministrationNetwork Device Configuration
Question #229Network Access Device Administration
The IT manager wants to provide different levels of access to network devices when users authenticate using TACACS+. The company needs specific commands to be allowed based on the...
Cisco ISETACACS+Shell ProfilesCommand Sets
Question #230Policy Enforcement
What are two differences of TACACS+ compared to RADIUS? (Choose two.)
AAA ProtocolsTACACS+RADIUSNetwork Security
Question #231BYOD
What is a valid status of an endpoint attribute during the device registration process?
Device RegistrationEndpoint AttributesBYOD WorkflowEndpoint States
Question #232Endpoint Compliance
An administrator is configuring the Native Supplicant Profile to be used with the Cisco ISE posture agents and needs to test the connection using wired devices to determine which p...
Native Supplicant ProfileEndpoint PostureWired AuthenticationEAP-TLS
Question #233Endpoint Compliance
Which Cisco ISE solution ensures endpoints have the latest version of antivirus updates installed before being allowed access to the corporate network?
Cisco ISEPosture ServicesEndpoint ComplianceAntivirus Check
Question #234Endpoint Compliance
An administrator is configuring posture assessment in Cisco ISE for the first time. Which two components must be uploaded to Cisco ISE to use Anyconnect for the agent configuration...
Cisco ISE PostureAnyConnect ComplianceClient ProvisioningEndpoint Modules
Question #235Network Access Device Administration
What is a difference between TACACS+ and RADIUS in regards to encryption?
TACACS+RADIUSEncryptionAuthentication Protocols
Question #236BYOD
An administrator must block access to BYOD endpoints that were onboarded without a certificate and have been reported as stolen in the Cisco ISE My Devices Portal. Which condition...
BYOD onboardingAuthorization policyEndpoint identity groupsMy Devices Portal
Question #237BYOD
An engineer needs to configure a new certificate template in the Cisco ISE Internal Certificate Authority to prevent BYOD devices from needing to re-enroll when their MAC address c...
Cisco ISEBYODCertificate TemplatesSubject Alternative Name
Question #238BYOD
A user changes the status of a device to stolen in the My Devices Portal of Cisco ISE. The device was originally onboarded in the BYOD wireless Portal without a certificate. The de...
Cisco ISE My Devices PortalBYOD device managementDevice statusEndpoint identity groups
Question #239BYOD
A security administrator is using Cisco ISE to create a BYOD onboarding solution for all employees who use personal devices on the corporate network. The administrator generates a...
BYOD onboardingCertificate managementCisco ISEWeb portal security
Question #240Web Auth and Guest Services
Which two actions must be verified to confirm that the internet is accessible via guest access when configuring a guest portal? (Choose two.)
Guest AccessWeb AuthenticationCisco ISEChange of Authorization
Question #241Policy Enforcement
An administrator made changes in Cisco ISE and needs to apply new permissions for endpoints that have already been authenticated by sending a CoA packet to the network devices. Whi...
Change of Authorization (CoA)RADIUS dynamic authorizationNetwork device configurationCisco ISE
Question #242Profiler
An engineer needs to configure Cisco ISE Profiling Services to authorize network access for IP speakers that require access to the intercom system. This traffic needs to be identif...
ISE ProfilingNetFlowTraffic IdentificationQoS
Question #243Policy Enforcement
An engineer needs to configure a Cisco ISE server to issue a CoA for endpoints already authenticated to access the network. The CoA option must be enforced on a session, even if th...
Change of Authorization (CoA)Reauth CoADynamic AuthorizationSession Management
Question #244Profiler
An administrator replaced a PSN in the distributed Cisco ISE environment. When endpoints authenticate to it, the devices are not getting the right profiles or attributes and as a r...
Cisco ISEProfiling ServicePSNTroubleshooting
Question #245Policy Enforcement
Which type of identity store allows for creating single-use access credentials in Cisco ISE?
Identity StoresRSA SecurIDMulti-Factor AuthenticationOne-Time Passwords
Question #246Architecture and Deployment
A network engineer needs to deploy 802.1x using Cisco ISE in a wired network environment where thin clients download their system image upon bootup using PXE. For which mode must t...
802.1xCisco ISESwitch port modesPXE boot
Question #247Policy Enforcement
An ISE administrator must change the inactivity timer for MAB endpoints to terminate the authentication session whenever a switch port that is connected to an IP phone does not det...
MABRADIUS idle-timeoutCisco ISESession management
Question #248Policy Enforcement
An engineer is configuring static SGT classification. Which configuration should be used when authentication is disabled and third-party switches are in use?
SGT ClassificationIP-SGT MappingStatic SGTTrustSec
Question #249Web Auth and Guest Services
An engineer must configure Cisco ISE to provide internet access for guests in which guests are required to enter a code to gain network access. Which action accomplishes the goal?
Guest AccessHotspot PortalCisco ISEAccess Code
Question #250Architecture and Deployment
An engineer wants to learn more about Cisco ISE and deployed a new lab with two nodes. Which two persona configurations allow the engineer to successfully test redundancy of a fail...
Cisco ISE PersonasHigh AvailabilityRedundancyDeployment

PreviousPage 5 of 9Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.