• Home
  • Articles
  • [Aug-2021] Pass Cisco 300-715 Exam in First Attempt Guaranteed! [Q88-Q112]

[Aug-2021] Pass Cisco 300-715 Exam in First Attempt Guaranteed! [Q88-Q112]

Share

[Aug-2021] Pass Cisco 300-715 Exam in First Attempt Guaranteed!

Full 300-715 Practice Test and 153 unique questions with explanations waiting just for you, get it now!

NEW QUESTION 88
A network engineer has been tasked with enabling a switch to support standard web authentication for Cisco ISE. This must include the ability to provision for URL redirection on authentication Which two commands must be entered to meet this requirement? (Choose two)

  • A. Ip http authentication
  • B. Ip http redirection
  • C. Ip http secure-authentication
  • D. Ip http server
  • E. Ip http secure-server

Answer: A,E

 

NEW QUESTION 89
Which personas can a Cisco ISE node assume?

  • A. administration, policy service, and monitoring
  • B. administration, policy service, gatekeeping
  • C. policy service, gatekeeping, and monitoring
  • D. administration, monitoring, and gatekeeping

Answer: A

Explanation:
Section: Architecture and Deployment
Explanation/Reference: https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_dis_deploy.html

 

NEW QUESTION 90
A network administrator has just added a front desk receptionist account to the Cisco ISE Guest Service sponsor group.
Using the Cisco ISE Guest Sponsor Portal, which guest services can the receptionist provide?

  • A. Authenticate guest users to Cisco ISE
  • B. Keep track of guest user activities
  • C. Configure authorization settings for guest users
  • D. Create and manage guest user accounts

Answer: C

 

NEW QUESTION 91
Which two ports do network devices typically use for CoA? (Choose two )

  • A. 0
  • B. 1
  • C. 2
  • D. 3
  • E. 4

Answer: C,D

Explanation:
Explanation

 

NEW QUESTION 92
A network administrator is setting up wireless guest access and has been unsuccessful in testing client access.
The endpoint is able to connect to the SSID but is unable to grant access to the guest network through the guest portal. What must be done to identify the problem?

  • A. Use the identity group to validate the authorization rules.
  • B. Use context visibility to verify posture status.
  • C. Use traceroute to ensure connectivity.
  • D. Use the endpoint ID to execute a session trace.

Answer: D

Explanation:
Explanation
https://www.cisco.com/c/en/us/td/docs/security/ise/1-3/admin_guide/b_ise_admin_guide_13/b_ise_admin_guide

 

NEW QUESTION 93
What is an advantage of using EAP-TLS over EAP-MS-CHAPv2 for client authentication?

  • A. EAP-TLS uses a device certificate for authentication to enhance security, while EAP-MS-CHAPv2 does not.
  • B. EAP-TLS secures the exchange of credentials, while EAP-MS-CHAPv2 does not.
  • C. EAP-TLS uses a username and password for authentication to enhance security, while EAP-MS-CHAPv2 does not.
  • D. EAP-TLS uses multiple forms of authentication, while EAP-MS-CHAPv2 only uses one.

Answer: A

 

NEW QUESTION 94
Refer to the exhibit:

Which command is typed within the CU of a switch to view the troubleshooting output?

  • A. show authentication registrations
  • B. show authentication sessions method
  • C. show authentication sessions mac 000e.84af.59af details
  • D. show authentication interface gigabitethemet2/0/36

Answer: C

 

NEW QUESTION 95
Drag the Cisco ISE node types from the left onto the appropriate purposes on the right.

Answer:

Explanation:

Explanation

Monitoring = provides advanced monitoring and troubleshooting tools that you can use to effectively manage your network and resources Policy Service = provides network access, posture, guest access, client provisioning, and profiling services.
This persona evaluates the policies and makes all the decisions.
Administration = manages all system-related configuration and configurations that relate to functionality such as authentication, authorization, auditing, and so on pxGrid = shares context-sensitive information from Cisco ISE to subscribers
https://www.cisco.com/c/en/us/td/docs/security/ise/1-4/admin_guide/b_ise_admin_guide_14/b_ise_admin_guide

 

NEW QUESTION 96
A company manager is hosting a conference. Conference participants must connect to an open guest SSID and only use a preassigned code that they enter into the guest portal prior to gaining access to the network. How should the manager configure Cisco ISE to accomplish this goal?

  • A. Create a registration code to be entered on the portal splash page.
  • B. Create logins for each participant to give them sponsored access.
  • C. Create an access code to be entered in the AUP page.
  • D. Create entries in the guest identity group for all participants.

Answer: C

 

NEW QUESTION 97
What is a characteristic of the UDP protocol?

  • A. UDP offers information about a non-existent server.
  • B. UDP can detect when a server is down.
  • C. UDP offers best-effort delivery.
  • D. UDP can detect when a server is slow.

Answer: C

Explanation:
Section: Network Access Device Administration
Explanation/Reference:

 

NEW QUESTION 98
An engineer is implementing network access control using Cisco ISE and needs to separate the traffic based on the network device ID and use the IOS device sensor capability. Which probe must be used to accomplish this task?

  • A. RADIUS probe
  • B. HTTP probe
  • C. NetFlow probe
  • D. network scan probe

Answer: B

 

NEW QUESTION 99
If there is a firewall between Cisco ISE and an Active Directory external identity store, which port does not need to be open?

  • A. TCP 445
  • B. TCP 21
  • C. UDP/TCP 389
  • D. TCP 88
  • E. UDP123

Answer: B

 

NEW QUESTION 100
A new employee just connected their workstation to a Cisco IP phone. The network administrator wants to ensure that the Cisco IP phone remains online when the user disconnects their Workstation from the corporate network Which CoA configuration meets this requirement?

  • A. Port Bounce
  • B. NoCoA
  • C. Disconnect
  • D. Reauth

Answer: B

 

NEW QUESTION 101
An engineer is configuring a dedicated SSID for onboarding devices. Which SSID type accomplishes this configuration?

  • A. guest
  • B. hidden
  • C. broadcast
  • D. dual

Answer: A

 

NEW QUESTION 102
Which scenario does not support Cisco ISE guest services?

  • A. wired NAD with central WebAuth
  • B. wired NAD with local WebAuth
  • C. wireless LAN controller with central WebAuth
  • D. wireless LAN controller with local WebAuth

Answer: B

 

NEW QUESTION 103
An organization is implementing Cisco ISE posture services and must ensure that a host-based firewall is in place on every Windows and Mac computer that attempts to access the network They have multiple vendors' firewall applications for their devices, so the engineers creating the policies are unable to use a specific application check in order to validate the posture for this What should be done to enable this type of posture check?

  • A. Use the file registry condition to ensure that the firewal is installed and running appropriately.
  • B. Use a compound condition to look for the Windows or Mac native firewall applications.
  • C. Enable the default rewall condition to check for any vendor rewall application.
  • D. Enable the default application condition to identify the applications installed and validade the rewall app.

Answer: C

Explanation:
Explanation
https://www.youtube.com/watch?v=6Kj8P8Hn7dY&t=109s&ab_channel=CiscoISE-IdentityServicesEngine

 

NEW QUESTION 104
An engineer is implementing Cisco ISE and needs to configure 802.1X. The port settings are configured for port-based authentication. Which command should be used to complete this configuration?

  • A. authentication port-control auto
  • B. aaa authentication dot1x default group radius
  • C. dot1x pae authenticator
  • D. dot1x system-auth-control

Answer: D

Explanation:
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/31sg/configuration/guide/conf/dot1x.html#wp1133395

 

NEW QUESTION 105
Which advanced option within a WLAN must be enabled to trigger Central Web Authentication for Wireless users on AireOS controller?

  • A. AAA override
  • B. override Interface ACL
  • C. static IP tunneling
  • D. DHCP server

Answer: A

 

NEW QUESTION 106
Which two probes must be enabled for the ARP cache to function in the Cisco ISE profile service so that a user can reliably bind the IP address and MAC addresses of endpoints? (Choose two.)

  • A. NetFlow
  • B. DHCP
  • C. RADIUS
  • D. HTTP
  • E. SNMP

Answer: B,C

Explanation:
Cisco ISE implements an ARP cache in the profiling service, so that you can reliably map the IP addresses and the MAC addresses of endpoints. For the ARP cache to function, you must enable either the DHCP probe or the RADIUS probe. The DHCP and RADIUS probes carry the IP addresses and the MAC addresses of endpoints in the payload data. The dhcp-requested address attribute in the DHCP probe and the Framed-IP-address attribute in the RADIUS probe carry the IP addresses of endpoints, along with their MAC addresses, which can be mapped and stored in the ARP cache.
https://www.cisco.com/c/en/us/td/docs/security/ise/2-
1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_010100.html

 

NEW QUESTION 107
What allows an endpoint to obtain a digital certificate from Cisco ISE during a BYOD flow?

  • A. Network Access Control
  • B. My Devices Portal
  • C. Supplicant Provisioning Wizard
  • D. Application Visibility and Control

Answer: A

 

NEW QUESTION 108
Drag the steps to configure a Cisco ISE node as a primary administration node from the left into the correct order on the night.

Answer:

Explanation:

Explanation:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ise_admin_guide_24/b_ise_admin_guide_24_new_chapter_011.html Step 1 Choose Administration > System > Deployment.
The Register button will be disabled initially. To enable this button, you must configure a Primary PAN.
Step 2
Check the check box next to the current node, and click Edit.
Step 3
Click Make Primary to configure your Primary PAN.
Step 4
Enter data on the General Settings tab.
Step 5
Click Save to save the node configuration.

 

NEW QUESTION 109
What is the minimum certainty factor when creating a profiler policy?

  • A. the maximum number that a predefined condition provides
  • B. the maximum number that a device certainty factor must reach to become a member of the profile
  • C. the minimum number that a device certainty factor must reach to become a member of the profile
  • D. the minimum number that a predefined condition provides

Answer: A

 

NEW QUESTION 110
An organization wants to implement 802.1X and is debating whether to use PEAP-MSCHAPv2 or PEAP-EAP-TLS for authentication. Drag the characteristics on the left to the corresponding protocol on the right.

Answer:

Explanation:

 

NEW QUESTION 111
Refer to the exhibit Which switch configuration change will allow only one voice and one data endpoint on each port?

  • A. Multi-auth to multi-domain
  • B. Multi-auth to single-auth
  • C. Auto to manual
  • D. Mab to dot1x

Answer: A

Explanation:
https://community.cisco.com/t5/network-access-control/cisco-ise-multi-auth-or-multi-host/m-p/3750907

 

NEW QUESTION 112
......

Prepare for your Cisco certification with the updated PremiumVCEDump 300-715 exam questions: https://drive.google.com/open?id=1q1r227MYEFgxkQoy6Cxw1MklZPHa5uf9

Get Latest 300-715 Dumps Exam Questions in here: https://www.premiumvcedump.com/Cisco/valid-300-715-premium-vce-exam-dumps.html

Related Articles

more
Cisco 300-715 Certification Practice Exam