Browse Exams Pricing

Exams300-715Questions

300-715 Exam Questions

419 real 300-715 exam questions with expert-verified answers and explanations. Page 6 of 9.

Question #251Architecture and Deployment
Which Cisco ISE deployment model is recommended for an enterprise that has over 50,000 concurrent active endpoints?
Cisco ISE deploymentScalingNode personasEnterprise architecture
Question #252Architecture and Deployment
What is a restriction of a standalone Cisco ISE node deployment?
Cisco ISE DeploymentStandalone NodeISE PersonasDeployment Restrictions
Question #253Architecture and Deployment
What are the minimum requirements for deploying the Automatic Failover feature on Administration nodes in a distributed Cisco ISE deployment?
ISE deploymentHigh availabilityPAN failoverHealth check node
Question #254Architecture and Deployment
An administrator is attempting to join a new node to the primary Cisco ISE node, but receives the error message "Node is Unreachable". What is causing this error?
Cisco ISE DeploymentDistributed DeploymentCertificatesNode Registration
Question #255Profiler
An engineer is using profiling to determine what access an endpoint must receive. After configuring both Cisco ISE and the network devices for 802.1X and profiling, the endpoints d...
Cisco ISE Profiling802.1X Closed ModeProfiling ProbesEndpoint Attributes
Question #256Architecture and Deployment
While configuring Cisco TrustSec on Cisco IOS devices, the engineer must set the CTS device ID and password in order for the devices to authenticate with each other. However, after...
Cisco TrustSecEAP-FASTDevice authenticationTrustSec deployment
Question #257Policy Enforcement
An engineer is testing low-impact mode for a phased deployment of Cisco ISE. Which type of traffic is denied when a host tries to connect to the network prior to authentication?
Cisco ISELow-impact modePre-authentication accessNetwork access control
Question #258Policy Enforcement
The security team wants to secure the wired network. A legacy printer on the network with the MAC address 00:43:08:50:64:60 does not support 802.1X. Which setting must be enabled i...
Cisco ISEMAC Authentication Bypass (MAB)Authentication PolicyWired Network Security
Question #259Profiler
An organization is using Cisco ISE to provide AAA services to non-Cisco switches with IP phones connected. An engineer needs to use Profiling Services to authorize network access f...
ISE ProfilingDHCP ProbeEndpoint IdentificationNon-802.1X
Question #260Network Access Device Administration
Drag and Drop Question An engineer needs to export a file in CSV format, encrypted with the password C1$c0438563935, and contains users currently configured in Cisco ISE. Drag and...
Cisco ISEUser ExportData EncryptionAdministrative Tasks
Question #261Endpoint Compliance
Drag and Drop Question An engineer needs to configure a compliance policy on Cisco ISE to ensure that the latest encryption software is running on the C drive of all endpoints. Dra...
Cisco ISE ComplianceEndpoint Compliance PolicyDisk EncryptionConfiguration Steps
Question #262Endpoint Compliance
An engineer configured posture assessment for their network access control with the goal of using an agent that supports using service conditions for the assessment. The agent shou...
Posture AssessmentCisco ISE AgentsTemporal AgentAnyConnect Posture
Question #263Architecture and Deployment
An engineer is deploying Cisco ISE to use 802.1X authentication for controlling access to the company's wired network. The request from company management is to minimize the impact...
802.1XCisco ISEDeployment modesPhased rollout
Question #264Web Auth and Guest Services
An engineer needs to create a Self-Registered Guest Portal in Cisco ISE in which guest users receive their passwords via SMS. Which two settings must be configured to accomplish th...
Guest PortalSelf-RegistrationSMS NotificationCisco ISE Configuration
Question #265Policy Enforcement
Refer to the exhibit. Which checkbox must be enabled to allow Cisco ISE to publish group membership information for active users that can be shared with Cisco Firepower devices?
pxGridIdentity SharingFirepower IntegrationContext Sharing
Question #266BYOD
To configure BYOD using Cisco ISE. an administrator is considering issuing certificates to the devices connecting to provide a better user experience. External CA servers cannot be...
BYODCisco ISEInternal CACertificates
Question #267Architecture and Deployment
An engineer must configure an HTTP probe on a Cisco ISE virtual appliance running on VMWare using a dedicated interface for profiling. The interface is assigned to the VM Network p...
VMware NetworkingPromiscuous ModeCisco ISE ProfilingSPAN
Question #268Policy Enforcement
An administrator is configuring MAB and needs to create profiling policies to support devices that do not match the built-in profiles. Which two steps must the administrator take i...
Profiling PoliciesAuthorization ConditionsLogical ProfilesCisco ISE
Question #269Policy Enforcement
An administrator must enable scanning for specific endpoints when they attempt to access the network. The scanning must be triggered as a result of successful authentication. Which...
Cisco ISEAuthorization PolicyAuthorization ProfileEndpoint Scanning
Question #270Network Access Device Administration
A network engineer responsible for the switching environment must provision a new switch to properly propagate security group tags within the TrustSec inline method. Which CLI comm...
Cisco TrustSecSGT taggingSwitch configurationInline SGT
Question #271Network Access Device Administration
Due to a recent network incident, all access to network devices must be centrally logged and tracked in Cisco ISE. On which nodes must the Device Admin service be enabled?
Cisco ISEDevice AdministrationTACACS+PSN
Question #272Architecture and Deployment
A client connects to a network and the authenticator device learns the MAC address 11:22:33:44:55:AA of this client. After the MAC address is learned, the 802.1 x authentication pr...
Cisco ISEDeployment Modes802.1XNetwork Access Control
Question #273Policy Enforcement
An organization has a SGACL locally configured on a switch port, but when a user in the Executives group connects to the network, they receive a different level of network access t...
SGACLCisco ISEPolicy EnforcementPolicy Precedence
Question #274Profiler
An administrator is configuring endpoint profiling and needs to enable CoA for devices that change profiles. Which two actions must be taken to accomplish this goal? (Choose two.)
Endpoint ProfilingChange of Authorization (CoA)Cisco ISE ConfigurationRADIUS
Question #275Web Auth and Guest Services
A Cisco ISE administrator is setting up Central Web Authentication to be used for user endpoint authentication. The client cannot reach the guest portal to log in and gain access,...
Central Web AuthenticationGuest PortalFirewall PortsNetwork Troubleshooting
Question #276Architecture and Deployment
An administrator is configuring an AD domain to be used with authentication for endpoints and users within Cisco ISE. Which two steps are required to configure this to be used as a...
Cisco ISEActive Directory IntegrationExternal Identity SourceAuthentication Configuration
Question #277Policy Enforcement
A network engineer is attempting to terminate and reinitialize wireless user sessions individually by using the Live Sessions tab in Cisco ISE. Cisco ISE and the Cisco WLC are sepa...
RADIUS CoACisco ISECisco WLCFirewall Ports
Question #278Web Auth and Guest Services
An engineer is configuring Central Web Authentication in Cisco ISE to provide guest access. When an authentication rule is configured in the Default Policy Set for the Wired_MAB or...
Cisco ISECentral Web Authentication (CWA)Guest AccessMAC Authentication Bypass (MAB)Authentication Policy
Question #279BYOD
A network engineer is configuring a new certificate template on the internal CA within Cisco ISE to provision certificates to BYOD devices that must be enrolled in the network. Wha...
Cisco ISEBYODCertificatesDevice Identification
Question #280Network Access Device Administration
An engineer is configuring a new Cisco ISE node. The Device Admin service must run on this node to handle authentication requests for network device access via TACACS+. Which perso...
ISE PersonasPolicy Service NodeTACACS+Device Administration
Question #281Policy Enforcement
An engineer has been tasked with using Cisco ISE to restrict network access at the switchport level using 802.1X authentication. Users who fail 802.1X authentication should e redir...
Cisco ISE802.1XAuthorization ProfileACL Enforcement
Question #282Policy Enforcement
A Cisco ISE engineer is creating certificate authentication profile to be used with machine authentication for the network. The engineer wants to be able to compare the user-presen...
Certificate AuthenticationMachine AuthenticationActive Directory IntegrationBinary Comparison
Question #283Architecture and Deployment
Which two statements regarding Zero Touch Provisioning (ZTP) on Cisco ISE are correct? (Choose two.)
Zero Touch ProvisioningISE deploymentVirtual appliancesConfiguration automation
Question #284Web Auth and Guest Services
An administrator needs to add a new third party network device to be used with Cisco ISE for Guest and BYOD authorizations. Which two features must be configured under Network Devi...
Cisco ISE Network Device ProfileGuest BYODURL RedirectChange of Authorization (CoA)
Question #285Profiler
Which two probes provide IP-to-MAC address binding information to the ARP cache in Cisco ISE? (Choose two.)
ISE ProbesEndpoint ProfilingIP-to-MAC BindingRADIUS
Question #286Policy Enforcement
When configuring Active Directory groups, an administrator is attempting to retrieve a group that has a name that is ambiguous with another group. What must be done so that the cor...
Active Directory IntegrationGroup IdentificationSecurity Identifiers (SIDs)Identity Management
Question #287Policy Enforcement
An administrator has manually added the MAC address of a wireless device to the Blocklist Identity Group for testing. When the device connects to the wireless network it triggers t...
Authorization PolicyAuthorization ProfileWireless Block ListAccess Control
Question #288Network Access Device Administration
What is the difference between how RADIUS and TACACS+ handle encryption?
RADIUSTACACS+EncryptionAAA protocols
Question #289Network Access Device Administration
Which CLI command must be configured on the switchport to immediately run the MAB process if a non-802 1X capable endpoint connects to the port?
MAC Authentication Bypass (MAB)802.1XSwitchport ConfigurationAuthentication Order
Question #290Network Access Device Administration
The security engineer for a company has recently deployed Cisco ISE to perform centralized authentication of all network device logins using TACACSs+ against the local AD domain. S...
Cisco ISETACACS+Device AdministrationPassword Prompt Customization
Question #291Architecture and Deployment
The 300 GB OVA templates for VMs are sufficient for which two dedicated Cisco ISE node types? (Choose two.)
Cisco ISE Node TypesVM SizingDeployment TemplatesCisco ISE Architecture
Question #292Network Access Device Administration
A network engineer has recently configured a remote branch router to authenticate to a centralized Cisco ISE server behind the corporate firewall using TACACS+. After making this c...
TACACS+Router ConfigurationSource InterfaceAAA Troubleshooting
Question #293Policy Enforcement
A user recently had their laptop stolen. IT has ordered a replacement device for the user and was able to obtain the MAC address of the device 04.57:47:34 35 0A from the vendor bef...
Cisco ISEEndpoint ManagementMAC AddressGUI Navigation
Question #294BYOD
Which two tasks must be completed when configuring the Cisco ISE BYOD Portal? (Choose two.)
BYOD Portal ConfigurationExternal Identity SourcesWeb Portal CustomizationCisco ISE BYOD
Question #295Endpoint Compliance
An administrator is configuring posture assessment in Cisco ISE for the first time. Which two components must be uploaded to Cisco ISE to use Secure Client for the agent configurat...
Posture AssessmentCisco ISESecure ClientClient Provisioning
Question #296Web Auth and Guest Services
Drag and Drop Question Refer to the exhibit. An engineer must create a web authentication access policy in Cisco ISE that matches the exhibit. Drag and drop the configuration steps...
Cisco ISEWeb AuthenticationAccess PolicyPolicy Configuration
Question #297Endpoint Compliance
Which Cisco ISE module contains a list of vendor names, product names, and attributes provided by OPSWAT?
Cisco ISEOPSWAT integrationEndpoint compliancePosture services
Question #298Profiler
A new Cisco ISE infrastructure is being built to provide network access control. If Cisco Discovery Protocol is used, what information is being gathered in relation to profiling wi...
ProfilingCDPDevice Identification
Question #299Web Auth and Guest Services
A customer requires a Cisco ISE deployment where quests must log in to a webpage with unique credentials in the form username. User1 and Password: A463646808. Which deployment shou...
Cisco ISE Guest AccessGuest Portal AuthenticationUnique Guest Credentials
Question #300Policy Enforcement
A security engineer has a new TrustSec projct and must create a few static security group tag classifications as proof of concept. Which two classifications must the engineer confi...
TrustSecSecurity Group Tags (SGT)Static ClassificationEndpoint Classification

PreviousPage 6 of 9Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.