Cisco 300-715 Exam Questions Free Practice Test

Viewing page 8 out of 9 pages

Viewing questions 71-80 out of questions

Questions # 71:

The Cisco Wireless LAN Controller and guest portal must be set up in Cisco ISE. These configurations were performed:

• configured all the required Cisco Wireless LAN Controller configurations

• added the wireless controller to Cisco ISE network devices

• created an endpoint identity group

• configured credentials to be sent by email

• configured the SMTP server

• configured an authorization profile with redirection to the guest portal and redirected the access control list

• configured an authentication policy for MAB users

• created an authorization policy

Which two components would be required to complete the configuration? (Choose two.)

Options:

sponsor group

hotspot guest portal

sponsor portal

self-registered guest portal

guest type

Expert Solution

Questions # 72:

Which CLI command must be configured on the switchport to immediately run the MAB process if a non-802.1X capable endpoint connects to the port?

Options:

authentication order mab dot1x

authentication fallback

dot1x pae authenticator

access-session port-control auto

Expert Solution

Questions # 73:

An administrator is configuring RADIUS on a Cisco switch with a key set to Cisc403012128 but is receiving the error “Authentication failed: 22040 Wrong password or invalid shared secret. “what must be done to address this issue?

Options:

Add the network device as a NAD inside Cisco ISE using the existing key.

Configure the key on the Cisco ISE instead of the Cisco switch.

Use a key that is between eight and ten characters.

Validate that the key is correct on both the Cisco switch as well as Cisco ISE.

Expert Solution

Questions # 74:

What is a difference between RADIUS versus TACACS+ with regards to packet encryption?

Options:

TACACS+ encrypts the entire body of the packet, and RADIUS encrypts the username and password in the access-request packet.

RADIUS encrypts the entire body of the packet, and TACACS+ encrypts the username and password in the access-request packet.

RADIUS encrypts the entire body of the packet, and TACACS+ encrypts only the password in the access-request packet.

TACACS+ encrypts the entire body of the packet, and RADIUS encrypts only the password in the access-request packet.

Expert Solution

Questions # 75:

What are two differences between the RADIUS and TACACS+ protocols'? (Choose two.)

Options:

RADIUS is a Cisco proprietary protocol, whereas TACACS+ is an open standard protocol

TACACS+uses TCP port 49. whereas RADIUS uses UDP ports 1812 and 1813.

RADIUS offers multiprotocol support, whereas TACACS+ does not

RADIUS combines authentication and authorization, whereas TACACS+ does not

RADIUS enables encryption of all the packets, whereas with TACACS+. only the password is encrypted.

Expert Solution

Questions # 76:

Which two task types are included in the Cisco ISE common tasks support for TACACS+ profiles?

(Choose two.)

Options:

Firepower

WLC

IOS

ASA

Shell

Expert Solution

Answer

B, E

Explanation

https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_0100010.html

TACACS+ Profile

TACACS+ profiles control the initial login session of the device administrator. A session refers to each individual authentication, authorization, or accounting request. A session authorization request to a network device elicits an ISE response. The response includes a token that is interpreted by the network device, which limits the commands that may be executed for the duration of a session. The authorization policy for a device administration access service can contain a single shell profile and multiple command sets. The TACACS+ profile definitions are split into two components:

Common tasks

Custom attributes

There are two views in the TACACS+ Profiles page (Work Centers > Device Administration > Policy Elements > Results > TACACS Profiles)—Task Attribute View and Raw View. Common tasks can be entered using the Task Attribute View and custom attributes can be created in the Task Attribute View as well as the Raw View.

The Common Tasks section allows you to select and configure the frequently used attributes for a profile. The attributes that are included here are those defined by the TACACS+ protocol draft specifications. However, the values can be used in the authorization of requests from other services. In the Task Attribute View, the ISE administrator can set the privileges that will be assigned to the device administrator. The common task types are:

Shell

WLC

Nexus

Generic

The Custom Attributes section allows you to configure additional attributes. It provides a list of attributes that are not recognized by the Common Tasks section. Each definition consists of the attribute name, an indication of whether the attribute is mandatory or optional, and the value for the attribute. In the Raw View, you can enter the mandatory attributes using a equal to (=) sign between the attribute name and its value and optional attributes are entered using an asterisk (*) between the attribute name and its value. The attributes entered in the Raw View are reflected in the Custom Attributes section in the Task Attribute View and vice versa. The Raw View is also used to copy paste the attribute list (for example, another product's attribute list) from the clipboard onto ISE. Custom attributes can be defined for nonshell services.

Questions # 77:

Select and Place

Expert Solution

Questions # 78:

Which portal is used to customize the settings for a user to log in and download the compliance module?

Options:

Client Profiling

Client Endpoint

Client Provisioning

Client Guest

Expert Solution

Questions # 79:

A network engineer must configure a centralized Cisco ISE solution for wireless guest access with users in different time zones. The guest account activation time must be independent of the user time zone, and the guest account must be enabled automatically when the user self-registers on the guest portal. Which option in the time profile settings must be selected to meet the requirement?

Options:

Select FromFirstLogin from the Account Type dropdown.

Select FromCreation from the Account Type dropdown.

Set the Maximum Account Duration to 1 Day.

Set the Duration field to 24:00:00.

Expert Solution

Questions # 80:

An administrator has added a new Cisco ISE PSN to their distributed deployment. Which two features must the administrator enable to accept authentication requests and profile the endpoints correctly, and add them to their respective endpoint identity groups? (Choose two )

Options:

Session Services

Endpoint Attribute Filter

Posture Services

Profiling Services

Radius Service

Expert Solution

Viewing page 8 out of 9 pages

Viewing questions 71-80 out of questions

Big Halloween Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: simple70

Pass the Cisco CCNP Security 300-715 Questions and answers with CertsForce