New Year Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: simple70

  1. Home
  2. Cisco
  3. CCNP Security
  4. 300-715
  5. Implementing and Configuring Cisco Identity Services Engine (SISE) v4.0 (300-715 SISE) Questions and Answers

Pass the Cisco CCNP Security 300-715 Questions and answers with CertsForce

 Cisco Exams      Go to Exam Detail      Get Premium Access
Viewing page 3 out of 9 pages
Viewing questions 21-30 out of questions
Questions # 21:

What is a function of client provisioning?

Options:
A.

It ensures an application process is running on the endpoint.

B.

It checks a dictionary' attribute with a value.

C.

It ensures that endpoints receive the appropriate posture agents

D.

It checks the existence date and versions of the file on a client.

Expert Solution
Questions # 22:

A security engineer configures a Cisco Catalyst switch to use Cisco TrustSec. The engineer must define the PAC key to authenticate the switch to Cisco IISE. Drag and drop the commands from the left into sequence on the right. Not all options are used.

Question # 22

Expert Solution
Questions # 23:

A user is attempting to register a BYOD device to the Cisco ISE deployment, but needs to use the onboarding policy to request a digital certificate and provision the endpoint. What must be configured to accomplish this task?

Options:
A.

A native supplicant provisioning policy to redirect them to the BYOD portal for onboarding

B.

The Cisco AnyConnect provisioning policy to provision the endpoint for onboarding

C.

The BYOD flow to ensure that the endpoint will be provisioned prior to registering

D.

The posture provisioning policy to give the endpoint all necessary components prior to registering

Expert Solution
Questions # 24:

Which Cisco ISE deployment model provides redundancy by having every node in the deployment configured with the Administration. Policy Service, and Monitoring personas to protect from a complete node failure?

Options:
A.

distributed

B.

dispersed

C.

two-node

D.

hybrid

Expert Solution
Questions # 25:

An adminístrator is migrating device administration access to Cisco ISE from the legacy TACACS+ solution that used only privilege 1 and 15 access levels. The organization requires more granular controls of the privileges and wants to customize access levels 2-5 to correspond with different roles and access needs. Besides defining a new shell profile in Cisco ISE. what must be done to accomplish this configuration?

Options:
A.

Enable the privilege levels in Cisco ISE

B.

B. Enable the privilege levels in the IOS devices.

C.

Define the command privileges for levels 2-5 in the IOS devices

D.

Define the command privileges for levels 2-5 in Cisco ISE

Expert Solution
Questions # 26:

What is a method for transporting security group tags throughout the network?

Options:
A.

by enabling 802.1AE on every network device

B.

by the Security Group Tag Exchange Protocol

C.

by embedding the security group tag in the IP header

D.

by embedding the security group tag in the 802.1Q header

Expert Solution
Questions # 27:

What is an advantage of TACACS+ versus RADIUS authentication when reviewing reports in Cisco ISE?

Options:
A.

TACACS+ reduces authentication latency, and RADIUS increases latency by adding additional packet headers.

B.

TACACS+ performs secure communication with IPsec, and RADIUS uses DTLS encryption.

C.

TACACS+ provides command accounting, and RADIUS combines authentication and authorization.

D.

TACACS+ uses SSL certificates, and RADIUS does not have encryption.

Expert Solution
Questions # 28:

Users in an organization report issues about having to remember multiple usernames and passwords. The network administrator wants the existing Cisco ISE deployment to utilize an external identity source to alleviate this issue. Which two requirements must be met to implement this change? (Choose two.)

Options:
A.

Enable IPC access over port 80.

B.

Ensure that the NAT address is properly configured

C.

Establish access to one Global Catalog server.

D.

Provide domain administrator access to Active Directory.

E.

Configure a secure LDAP connection.

Expert Solution
Questions # 29:

A user misplaces a personal phone and wants to blacklist the device from accessing the company network. The company uses Cisco ISE for corporate and BYOD device authentication. Which action must the user take in Cisco ISE?

Options:
A.

Sign in to the BYOD portal and mark the device as Lost.

B.

Sign in to the My Devices portal and mark the device as Lost.

C.

Sign in to the My Devices portal and mark the device as Irrecoverable.

D.

Sign in to the BYOD portal and mark the device as Irrecoverable.

Expert Solution
Questions # 30:

A network administrator is currently using Cisco ISE to authenticate devices and users via 802 1X There is now a need to also authorize devices and users using EAP-TLS. Which two additional components must be configured in Cisco ISE to accomplish this'? (Choose two.)

Options:
A.

Network Device Group

B.

Serial Number attribute that maps to a CA Server

C.

Common Name attribute that maps to an identity store

D.

Certificate Authentication Profile

E.

EAP Authorization Profile

Expert Solution
Viewing page 3 out of 9 pages
Viewing questions 21-30 out of questions