This page was exported from Top Exam Collection [ http://blog.topexamcollection.com ] Export date:Sat Apr 5 4:49:05 2025 / +0000 GMT ___________________________________________________ Title: [Oct 30, 2022] 300-715 Exam Brain Dumps - Study Notes and Theory [Q58-Q81] --------------------------------------------------- [Oct 30, 2022] 300-715 Exam Brain Dumps - Study Notes and Theory Pass Cisco 300-715 Test Practice Test Questions Exam Dumps Q58. Drag the steps to configure a Cisco ISE node as a primary administration node from the left into the correct order on the night. Explanation:https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ise_admin_guide_24/b_ise_admin_guide_24_new_chapter_011.html Step 1 Choose Administration > System > Deployment.The Register button will be disabled initially. To enable this button, you must configure a Primary PAN.Step 2Check the check box next to the current node, and click Edit.Step 3Click Make Primary to configure your Primary PAN.Step 4Enter data on the General Settings tab.Step 5Click Save to save the node configuration.Q59. An engineer is implementing network access control using Cisco ISE and needs to separate the traffic based on the network device ID and use the IOS device sensor capability. Which probe must be used to accomplish this task?  HTTP probe  NetFlow probe  network scan probe  RADIUS probe https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/200292-Configure-Device-Sensor-for-ISE-Profilin.htmlhttp://www.network-node.com/blog/2016/1/2/ise-20-profilingQ60. Which statement is true?  A Cisco ISE Advanced license is perpetual in nature.  A Cisco ISE Advanced license can be installed on top of a Base and/or Wireless license.  A Cisco ISE Wireless license can be installed on top of a Base and/or Advanced license.  A Cisco ISE Advanced license can be used without any Base licenses. Q61. An organization is implementing Cisco ISE posture services and must ensure that a host-based firewall is in place on every Windows and Mac computer that attempts to access the network They have multiple vendors’ firewall applications for their devices, so the engineers creating the policies are unable to use a specific application check in order to validate the posture for this What should be done to enable this type of posture check?  Use the file registry condition to ensure that the firewal is installed and running appropriately.  Use a compound condition to look for the Windows or Mac native firewall applications.  Enable the default rewall condition to check for any vendor rewall application.  Enable the default application condition to identify the applications installed and validade the rewall app. Explanationhttps://www.youtube.com/watch?v=6Kj8P8Hn7dY&t=109s&ab_channel=CiscoISE-IdentityServicesEngineQ62. An organization is hosting a conference and must make guest accounts for several of the speakers attending. The conference ended two days early but the guest accounts are still being used to access the network. What must be configured to correct this?  Create an authorization rule denying sponsored guest access.  Navigate to the Guest Portal and delete the guest accounts.  Create an authorization rule denying guest access.  Navigate to the Sponsor Portal and suspend the guest accounts. Q63. A company manager is hosting a conference. Conference participants must connect to an open guest SSID and only use a preassigned code that they enter into the guest portal prior to gaining access to the network. How should the manager configure Cisco ISE to accomplish this goal?  Create entries in the guest identity group for all participants.  Create an access code to be entered in the AUP page.  Create logins for each participant to give them sponsored access.  Create a registration code to be entered on the portal splash page. Q64. Which two values are compared by the binary comparison function in authentication that is based on Active Directory? (Choose Two)  subject alternative name and the common name  MS-CHAFV2 provided machine credentials and credentials stored in Active Directory  user-presented password hash and a hash stored in Active Directory  user-presented certificate and a certificate stored in Active Directory Basic certificate checking does not require an identity source. If you want binary comparison checking for the certificates, you must select an identity source. If you select Active Directory as an identity source, subject and common name and subject alternative name (all values) can be used to look up a user.https://www.cisco.com/c/en/us/td/docs/security/ise/1-3/admin_guide/b_ise_admin_guide_13/b_ise_admin_guide_sample_chapter_01110.htmlQ65. A Cisco ISE administrator needs to ensure that guest endpoint registrations are only valid for one day When testing the guest policy flow, the administrator sees that the Cisco ISE does not delete the endpoint in the Guest Endpoints identity store after one day and allows access to the guest network after that period. Which configuration is causing this problem?  The Endpoint Purge Policy is set to 30 days for guest devices  The RADIUS policy set for guest access is set to allow repeated authentication of the same device  The length of access is set to 7 days in the Guest Portal Settings  The Guest Account Purge Policy is set to 15 days Reference:https://www.cisco.com/c/en/us/td/docs/security/ise/1-3/admin_guide/b_ise_admin_guide_13/b_ise_admin_guide_sample_chapter_01101.html#:~:text=Cisco%20ISE%2C%20by%20default%2C%20deletes,5000%20endpoints%20every%20three%20minutes.Q66. An engineer is configuring web authentication using non-standard ports and needs the switch to redirect traffic to the correct port.Which command should be used to accomplish this task?  permit tcp any any eq <port number>  ip http port <port number>  aaa group server radius  aaa group server radius proxy Section: Web Auth and Guest ServicesQ67. Which advanced option within a WLAN must be enabled to trigger Central Web Authentication for Wireless users on AireOS controller?  DHCP server  override Interface ACL  static IP tunneling  AAA override Section: Web Auth and Guest ServicesExplanation/Reference: https://www.cisco.com/c/en/us/td/docs/wireless/controller/7-4/configuration/guides/consolidated/ b_cg74_CONSOLIDATED/b_cg74_CONSOLIDATED_chapter_010110111.htmlQ68. An administrator is configuring RADIUS on a Cisco switch with a key set to Cisc403012128 but is receiving the error “Authentication failed: 22040 Wrong password or invalid shared secret. “what must be done to address this issue?  Add the network device as a NAD inside Cisco ISE using the existing key.  Configure the key on the Cisco ISE instead of the Cisco switch.  Use a key that is between eight and ten characters.  Validate that the key is correct on both the Cisco switch as well as Cisco ISE. Q69. A new employee just connected their workstation to a Cisco IP phone. The network administrator wants to ensure that the Cisco IP phone remains online when the user disconnects their Workstation from the corporate network Which CoA configuration meets this requirement?  Port Bounce  Reauth  NoCoA  Disconnect https://ciscocustomer.lookbookhq.com/iseguidedjourney/ISE-profiling-designQ70. Which command displays all 802 1X/MAB sessions that are active on the switch ports of a Cisco Catalyst switch?  show authentication sessions output  Show authentication sessions  show authentication sessions interface Gi 1/0/x  show authentication sessions interface Gi1/0/x output Q71. An organization is implementing Cisco ISE posture services and must ensure that a host-based firewall is in place on every Windows and Mac computer that attempts to access the network They have multiple vendors’ firewall applications for their devices, so the engineers creating the policies are unable to use a specific application check in order to validate the posture for this What should be done to enable this type of posture check?  Use the file registry condition to ensure that the firewal is installed and running appropriately.  Use a compound condition to look for the Windows or Mac native firewall applications.  Enable the default firewall condition to check for any vendor firewall application.  Enable the default application condition to identify the applications installed and validade the firewall app. https://www.youtube.com/watch?v=6Kj8P8Hn7dY&t=109s&ab_channel=CiscoISE-IdentityServicesEngineQ72. Drag the Cisco ISE node types from the left onto the appropriate purposes on the right. ExplanationMonitoring = provides advanced monitoring and troubleshooting tools that you can use to effectively manage your network and resources Policy Service = provides network access, posture, guest access, client provisioning, and profiling services.This persona evaluates the policies and makes all the decisions.Administration = manages all system-related configuration and configurations that relate to functionality such as authentication, authorization, auditing, and so on pxGrid = shares context-sensitive information from Cisco ISE to subscribershttps://www.cisco.com/c/en/us/td/docs/security/ise/1-4/admin_guide/b_ise_admin_guide_14/b_ise_admin_guideQ73. Refer to the exhibit.Which component must be configured to apply the SGACL?  egress router  host  secure server  ingress router Q74. An engineer deploys Cisco ISE and must configure Active Directory to then use information from Active Directory in an authorization policy. Which two components must be configured, in addition to Active Directory groups, to achieve this goat? (Choose two )  Active Directory External Identity Sources  Library Condition for External Identity. External Groups  Identity Source Sequences  LDAP External Identity Sources E Library Condition for Identity Group: User Identity GroupQ75. Refer to the exhibit.An engineer is configuring a client but cannot authenticate to Cisco ISE During troubleshooting, the show authentication sessions command was issued to display the authentication status of each port Which command gives additional information to help identify the problem with the authentication?  show authentication sessions  show authentication sessions Interface Gil/0/1 output  show authentication sessions interface Gi1/0/1 details  show authentication sessions output Q76. A network administrator is configuring authorization policies on Cisco ISE There is a requirement to use AD group assignments to control access to network resources After a recent power failure and Cisco ISE rebooting itself, the AD group assignments no longer work What is the cause of this issue?  The AD join point is no longer connected.  The AD DNS response is slow.  The certificate checks are not being conducted.  The network devices ports are shut down. https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/ise_active_directory_integration/b_ISE_AD_integration_2x.html#ID612Q77. Which three conditions can be used for posture checking? (Choose three.)  certificate  operating system  file  application  service Q78. An organization is implementing Cisco ISE posture services and must ensure that a host-based firewall is in place on every Windows and Mac computer that attempts to access the network They have multiple vendors’ firewall applications for their devices, so the engineers creating the policies are unable to use a specific application check in order to validate the posture for this What should be done to enable this type of posture check?  Use the file registry condition to ensure that the firewal is installed and running appropriately.  Use a compound condition to look for the Windows or Mac native firewall applications.  Enable the default firewall condition to check for any vendor firewall application.  Enable the default application condition to identify the applications installed and validade the firewall app. https://www.youtube.com/watch?v=6Kj8P8Hn7dY&t=109s&ab_channel=CiscoISE-IdentityServicesEngineQ79. Drag the Cisco ISE node types from the left onto the appropriate purposes on the right. ExplanationMonitoring = provides advanced monitoring and troubleshooting tools that you can use to effectively manage your network and resources Policy Service = provides network access, posture, guest access, client provisioning, and profiling services.This persona evaluates the policies and makes all the decisions.Administration = manages all system-related configuration and configurations that relate to functionality such as authentication, authorization, auditing, and so on pxGrid = shares context-sensitive information from Cisco ISE to subscribershttps://www.cisco.com/c/en/us/td/docs/security/ise/1-4/admin_guide/b_ise_admin_guide_14/b_ise_admin_guideQ80. An engineer is configuring Cisco ISE to reprofile endpoints based only on new requests of INIT-REBOOT and SELECTING message types.Which probe should be used to accomplish this task?  DHCP  DNS  NMAP  RADIUS Section: ProfilerQ81. An administrator is configuring new probes to use with Cisco ISE and wants to use metadata to help profile the endpoints. The metadata must contain traffic information relating to the endpoints instead of industry-standard protocol information Which probe should be enabled to meet these requirements?  NetFlow probe  DNS probe  DHCP probe  SNMP query probe Explanationhttp://www.network-node.com/blog/2016/1/2/ise-20-profiling Loading … Verified 300-715 dumps Q&As - 300-715 dumps with Correct Answers: https://www.topexamcollection.com/300-715-vce-collection.html --------------------------------------------------- Images: https://blog.topexamcollection.com/wp-content/plugins/watu/loading.gif https://blog.topexamcollection.com/wp-content/plugins/watu/loading.gif --------------------------------------------------- --------------------------------------------------- Post date: 2022-10-30 13:34:44 Post date GMT: 2022-10-30 13:34:44 Post modified date: 2022-10-30 13:34:44 Post modified date GMT: 2022-10-30 13:34:44