New Year Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: simple70

  1. Home
  2. Cisco
  3. CCNP Security
  4. 300-715
  5. Implementing and Configuring Cisco Identity Services Engine (SISE) v4.0 (300-715 SISE) Questions and Answers

Pass the Cisco CCNP Security 300-715 Questions and answers with CertsForce

 Cisco Exams      Go to Exam Detail      Get Premium Access
Viewing page 8 out of 9 pages
Viewing questions 71-80 out of questions
Questions # 71:

An administrator needs to connect ISE to Active Directory as an external authentication source and allow the proper ports through the firewall. Which two ports should be opened to accomplish this task? (Choose two)

Options:
A.

TELNET 23

B.

LDAP 389

C.

HTTP 80

D.

HTTPS 443

E.

MSRPC 445

Expert Solution
Questions # 72:

Which term refers to an endpoint agent that tries to join an 802 1X-enabled network?

Options:
A.

EAP server

B.

supplicant

C.

client

D.

authenticator

Expert Solution
Questions # 73:

Using the SAK Active Directory Federation Services server. The configurations were performed:

• created a new SAML Identity provider profile in Cisco ISE

• exported the service provider Information

• configured all the required Active Directory Federation Services configurations

• Imported the Active Directory Federation Services metadata

• configured groups in the new SAML identity

• added attributes to the new SAML identity provider profile

• configured Advanced Settings in the new SAML identity provider profile

Which two actions must be taken to complete the configuration? (Choose two.)

Options:
A.

Allow Kerberos single sign-on on the Sponsor portal.

B.

Configure the Sponsor portal HTTPS port for Active Directory Federation Services integration.

C.

Customize the Sponsor portal pages for Integration with Active Directory Federation Services.

D.

Add SAML identity provider groups in Sponsor Group Members.

E.

Configure an identity source sequence in the Sponsor portal.

Expert Solution
Questions # 74:

An engineer needs to configure a Cisco ISE server to issue a CoA for endpoints already authenticated to access the network. The CoA option must be enforced on a session, even if there are multiple active sessions on a port. What must be configured to accomplish this task?

Options:
A.

the Reauth CoA option in the Cisco ISE system profiling settings enabled

B.

an endpoint profiling policy with the No CoA option enabled

C.

an endpoint profiling policy with the Port Bounce CoA option enabled

D.

the Port Bounce CoA option in the Cisco ISE system profiling settings enabled

Expert Solution
Questions # 75:

An administrator is configuring a switch port for use with 802 1X What must be done so that the port will allow voice and multiple data endpoints?

Options:
A.

Configure the port with the authentication host-mode multi-auth command

B.

Connect the data devices to the port, then attach the phone behind them.

C.

Use the command authentication host-mode multi-domain on the port

D.

Connect a hub to the switch port to allow multiple devices access after authentication

Expert Solution
Questions # 76:

An engineer is implementing Cisco ISE and needs to configure 802.1X. The port settings are configured for port-based authentication. Which command should be used to complete this configuration?

Options:
A.

dot1x pae authenticator

B.

dot1x system-auth-control

C.

authentication port-control auto

D.

aaa authentication dot1x default group radius

Expert Solution
Questions # 77:

An engineer must use Cisco ISE profiler services to provide network access to Cisco IP phones that cannot support 802.1X. Cisco ISE is configured to use the access switch device sensor information — system-description and platform-type — to profile Cisco IP phones and allow access.

Which two protocols must be configured on the switch to complete the configuration? (Choose two.)

Options:
A.

LLDP

B.

CDP

C.

EAPOL

D.

SNMP

E.

STP

Expert Solution
Questions # 78:

When creating a policy within Cisco ISE for network access control, the administrator wants to allow different access restrictions based upon the wireless SSID to which the device is connecting. Which policy condition must be used in order to accomplish this?

Options:
A.

Network Access NetworkDeviceName CONTAINS

B.

DEVICE Device Type CONTAINS

C.

Radius Called-Station-ID CONTAINS

D.

Airespace Airespace-Wlan-ld CONTAINS

Expert Solution
Questions # 79:

What are two differences of TACACS+ compared to RADIUS? (Choose two.)

Options:
A.

TACACS+ uses a connectionless transport protocol, whereas RADIUS uses a connection-oriented transport protocol.

B.

TACACS+ encrypts the full packet payload, whereas RADIUS only encrypts the password.

C.

TACACS+ only encrypts the password, whereas RADIUS encrypts the full packet payload.

D.

TACACS+ uses a connection-oriented transport protocol, whereas RADIUS uses a connectionless transport protocol.

E.

TACACS+ supports multiple sessions per user, whereas RADIUS supports one session per user.

Expert Solution
Questions # 80:

Which use case validates a change of authorization?

Options:
A.

An authenticated, wired EAP-capable endpoint is discovered

B.

An endpoint profiling policy is changed for authorization policy.

C.

An endpoint that is disconnected from the network is discovered

D.

Endpoints are created through device registration for the guests

Expert Solution
Viewing page 8 out of 9 pages
Viewing questions 71-80 out of questions