New Year Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: simple70

  1. Home
  2. Cisco
  3. CCNP Security
  4. 300-715
  5. Implementing and Configuring Cisco Identity Services Engine (SISE) v4.0 (300-715 SISE) Questions and Answers

Pass the Cisco CCNP Security 300-715 Questions and answers with CertsForce

 Cisco Exams      Go to Exam Detail      Get Premium Access
Viewing page 2 out of 9 pages
Viewing questions 11-20 out of questions
Questions # 11:

An organization is hosting a conference and must make guest accounts for several of the speakers attending. The conference ended two days early but the guest accounts are still being used to access the network. What must be configured to correct this?

Options:
A.

Create an authorization rule denying sponsored guest access.

B.

Navigate to the Guest Portal and delete the guest accounts.

C.

Create an authorization rule denying guest access.

D.

Navigate to the Sponsor Portal and suspend the guest accounts.

Expert Solution
Questions # 12:

An administrator is adding a switch to a network that is running Cisco ISE and is only for IP Phones The phones do not have the ability to authenticate via 802 1X Which command is needed on each switch port for authentication?

Options:
A.

dot1x system-auth-control

B.

enable bypass-mac

C.

enable network-authentication

D.

mab

Expert Solution
Questions # 13:

A network administrator is setting up wireless guest access and has been unsuccessful in testing client access. The endpoint is able to connect to the SSID but is unable to grant access to the guest network through the guest portal. What must be done to identify the problem?

Options:
A.

Use context visibility to verify posture status.

B.

Use the endpoint ID to execute a session trace.

C.

Use the identity group to validate the authorization rules.

D.

Use traceroute to ensure connectivity.

Expert Solution
Questions # 14:

A network engineer is in the predeployment discovery phase of a Cisco ISE deployment and must discover the network. There is an existing network management system in the network.

Which type of probe must be configured to gather the information?

Options:
A.

RADIUS

B.

NMAP

C.

NetFlow

D.

SNMP

Expert Solution
Questions # 15:

An administrator needs to add a new third party network device to be used with Cisco ISE for Guest and BYOD authorizations. Which two features must be configured under Network Device Profile to achieve this? (Choose two.)

Options:
A.

dACL

B.

TACACS

C.

URL Redirect

D.

SNMP community

E.

CoA Type

Expert Solution
Questions # 16:

An organization has a fully distributed Cisco ISE deployment When implementing probes, an administrator must scan for unknown endpoints to learn the IP-to-MAC address bindings. The scan is complete on one FPSN. but the information is not available on the others. What must be done to make the information available?

Options:
A.

Scanning must be initiated from the PSN that last authenticated the endpoint

B.

Cisco ISE must learn the IP-MAC binding of unknown endpoints via DHCP profiling, not via scanning

C.

Scanning must be initiated from the MnT node to centrally gather the information

D.

Cisco ISE must be configured to learn the IP-MAC binding of unknown endpoints via RADIUS authentication, not via scanning

Expert Solution
Questions # 17:

When configuring an authorization policy, an administrator cannot see specific Active Directory groups present in their domain to be used as a policy condition. However, other groups that are in the same domain are seen What is causing this issue?

Options:
A.

Cisco ISE only sees the built-in groups, not user created ones

B.

The groups are present but need to be manually typed as conditions

C.

Cisco ISE's connection to the AD join point is failing

D.

The groups are not added to Cisco ISE under the AD join point

Expert Solution
Questions # 18:

What is needed to configure wireless guest access on the network?

Options:
A.

endpoint already profiled in ISE

B.

WEBAUTH ACL for redirection

C.

valid user account in Active Directory

D.

Captive Portal Bypass turned on

Expert Solution
Questions # 19:

An administrator must provide network access to legacy Windows endpoints with a specific device type and operating system version using Cisco ISE profiler services. The ISE profiler services and access switches must be configured to identify endpoints using the dhcp-class-identifier and parameters-request-list attributes from the DHCP traffic. These configurations were performed:

    enabled the DHCP probe in Cisco ISE

    configured the Cisco ISE PSN interface to receive DHCP packets

    configured the attributes in custom profiling conditions

    configured a custom profiling policy

    configured an authorization rule with permit access

Which action completes the configuration?

Options:
A.

Configure the switches to send copies of the DHCP traffic to the Cisco ISE PSN.

B.

Configure the Cisco ISE PSN interface to receive SPAN DHCP traffic.

C.

Configure the switches to relay DHCP packets to the Cisco ISE PSN.

D.

Enable the DHCP SPAN probe in Cisco ISE primary server.

Expert Solution
Questions # 20:

An engineer tests Cisco ISE posture services on the network and must configure the compliance module to automatically download and install on endpoints Which action accomplishes this task for VPN users?

Options:
A.

Create a Cisco AnyConnect configuration and Client Provisioning policy within Cisco ISE.

B.

Configure the compliance module to be downloaded from within the posture policy.

C.

Push the compliance module from Cisco FTD prior to attempting posture.

D.

Use a compound posture condition to check for the compliance module and download if needed.

Expert Solution
Viewing page 2 out of 9 pages
Viewing questions 11-20 out of questions