Big Halloween Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: simple70

  1. Home
  2. Cisco
  3. CCNP Security
  4. 300-715
  5. Implementing and Configuring Cisco Identity Services Engine (SISE) v4.0 (300-715 SISE) Questions and Answers

Pass the Cisco CCNP Security 300-715 Questions and answers with CertsForce

 Cisco Exams      Go to Exam Detail      Get Premium Access
Viewing page 3 out of 9 pages
Viewing questions 21-30 out of questions
Questions # 21:

Refer to the exhibit.

Question # 21

An engineer is configuring a client but cannot authenticate to Cisco ISE During troubleshooting, the show authentication sessions command was issued to display the authentication status of each port Which command gives additional information to help identify the problem with the authentication?

Options:
A.

show authentication sessions

B.

show authentication sessions Interface Gil/0/1 output

C.

show authentication sessions interface Gi1/0/1 details

D.

show authentication sessions output

Expert Solution
Questions # 22:

An engineer is configuring 802.1X and is testing out their policy sets. After authentication, some endpoints are given an access-reject message but are still allowed onto the network. What is causing this issue to occur?

Options:
A.

The switch port is configured with authentication event server dead action authorize vlan.

B.

The authorization results for the endpoints include a dACL allowing access.

C.

The authorization results for the endpoints include the Trusted security group tag.

D.

The switch port is configured with authentication open.

Expert Solution
Questions # 23:

What is a valid status of an endpoint attribute during the device registration process?

Options:
A.

block listed

B.

pending

C.

unknown

D.

DenyAccess

Expert Solution
Questions # 24:

An administrator needs to give the same level of access to the network devices when users are logging into them using TACACS+ However, the administrator must restrict certain commands based on one of three user roles that require different commands How is this accomplished without creating too many objects using Cisco ISE?

Options:
A.

Create one shell profile and multiple command sets.

B.

Create multiple shell profiles and multiple command sets.

C.

Create one shell profile and one command set.

D.

Create multiple shell profiles and one command set

Expert Solution
Questions # 25:

An engineer must use Cisco ISE profiler services to provide network access to Cisco IP phones that cannot support 802.1X. Cisco ISE is configured to use the access switch device sensor information system-description and platform-type to profile Cisco IP phones and allow access. Which two protocols must be configured on the switch to complete the configuration? (Choose two.)

Options:
A.

CDP

B.

EAPOL

C.

LLDP

D.

SNMP

E.

STP

Expert Solution
Questions # 26:

Which controller option allows a user to switch from the provisioning SSID to the employee SSID after registration?

Options:
A.

AP SSID Fallback

B.

AAA Override

C.

Fast SSID Change

D.

User Idle Timeout

Expert Solution
Questions # 27:

What is an advantage of TACACS+ versus RADIUS authentication when reviewing reports in Cisco ISE?

Options:
A.

TACACS+ reduces authentication latency, and RADIUS increases latency by adding additional packet headers.

B.

TACACS+ performs secure communication with IPsec, and RADIUS uses DTLS encryption.

C.

TACACS+ provides command accounting, and RADIUS combines authentication and authorization.

D.

TACACS+ uses SSL certificates, and RADIUS does not have encryption.

Expert Solution
Questions # 28:

A user is attempting to register a BYOD device to the Cisco ISE deployment, but needs to use the onboarding policy to request a digital certificate and provision the endpoint. What must be configured to accomplish this task?

Options:
A.

A native supplicant provisioning policy to redirect them to the BYOD portal for onboarding

B.

The Cisco AnyConnect provisioning policy to provision the endpoint for onboarding

C.

The BYOD flow to ensure that the endpoint will be provisioned prior to registering

D.

The posture provisioning policy to give the endpoint all necessary components prior to registering

Expert Solution
Questions # 29:

An organization is migrating its current guest network to Cisco ISE and has 1000 guest users in the current database There are no resources to enter this information into the Cisco ISE database manually. What must be done to accomplish this task effciently?

Options:
A.

Use a CSV file to import the guest accounts

B.

Use SOL to link me existing database to Ctsco ISE

C.

Use a JSON fie to automate the migration of guest accounts

D.

Use an XML file to change the existing format to match that of Cisco ISE

Expert Solution
Questions # 30:

What is the purpose of the ip http server command on a switch?

Options:
A.

It enables the https server for users for web authentication

B.

It enables MAB authentication on the switch

C.

It enables the switch to redirect users for web authentication.

D.

It enables dot1x authentication on the switch.

Expert Solution
Viewing page 3 out of 9 pages
Viewing questions 21-30 out of questions