Big Halloween Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: simple70

  1. Home
  2. Cisco
  3. CCNP Security
  4. 300-715
  5. Implementing and Configuring Cisco Identity Services Engine (SISE) v4.0 (300-715 SISE) Questions and Answers

Pass the Cisco CCNP Security 300-715 Questions and answers with CertsForce

 Cisco Exams      Go to Exam Detail      Get Premium Access
Viewing page 9 out of 9 pages
Viewing questions 81-90 out of questions
Questions # 81:

What is the minimum certainty factor when creating a profiler policy?

Options:
A.

the minimum number that a predefined condition provides

B.

the maximum number that a predefined condition provides

C.

the minimum number that a device certainty factor must reach to become a member of the profile

D.

the maximum number that a device certainty factor must reach to become a member of the profile

Expert Solution
Questions # 82:

A network engineer has been tasked with enabling a switch to support standard web authentication for Cisco ISE. This must include the ability to provision for URL redirection on authentication Which two commands must be entered to meet this requirement? (Choose two)

Options:
A.

Ip http secure-authentication

B.

Ip http server

C.

Ip http redirection

D.

Ip http secure-server

E.

Ip http authentication

Expert Solution
Questions # 83:

An organization wants to improve their BYOD processes to have Cisco ISE issue certificates to the BYOD endpoints. Currently, they have an active certificate authority and do not want to replace it with Cisco ISE. What must be configured within Cisco ISE to accomplish this goal?

Options:
A.

Create a certificate signing request and have the root certificate authority sign it.

B.

Add the root certificate authority to the trust store and enable it for authentication.

C.

Create an SCEP profile to link Cisco ISE with the root certificate authority.

D.

Add an OCSP profile and configure the root certificate authority as secondary.

Expert Solution
Questions # 84:

An administrator is configuring TACACS+ on a Cisco switch but cannot authenticate users with Cisco ISE. The configuration contains the correct key of Cisc039712287. but the switch is not receiving a response from the Cisco ISE instance What must be done to validate the AAA configuration and identify the problem with the TACACS+ servers?

Options:
A.

Check for server reachability using the test aaa group tacacs+ admin legacy command.

B.

Test the user account on the server using the test aaa group radius server CUCS user admin pass legacy command.

C.

Validate that the key value is correct using the test aaa authentication admin legacy command.

D.

Confirm the authorization policies are correct using the test aaa authorization admin drop legacy command.

Expert Solution
Questions # 85:

A security administrator is using Cisco ISE to create a BYOD onboarding solution for all employees who use personal devices on the corporate network. The administrator generates a Certificate Signing Request and signs the request using an external Certificate Authority server. Which certificate usage option must be selected when importing the certificate into ISE?

Options:
A.

RADIUS

B.

DLTS

C.

Portal

D.

Admin

Expert Solution
Questions # 86:

An engineer is configuring Cisco ISE policies to support MAB for devices that do not have 802.1X capabilities. The engineer is configuring new endpoint identity groups as conditions to be used in the AuthZ policies, but noticed that the endpoints are not hitting the correct policies. What must be done in order to get the devices into the right policies?

Options:
A.

Manually add the MAC addresses of the devices to endpoint ID groups in the context visibility database.

B.

Create an AuthZ policy to identify Unknown devices and provide partial network access prior to profiling.

C.

Add an identity policy to dynamically add the IP address of the devices to their endpoint identity groups.

D.

Identify the non 802.1X supported device types and create custom profiles for them to profile into.

Expert Solution
Questions # 87:

What must be configured on the Cisco ISE authentication policy for unknown MAC addresses/identities for successful authentication?

Options:
A.

pass

B.

reject

C.

drop

D.

continue

Expert Solution
Questions # 88:

A network administrator is setting up wireless guest access and has been unsuccessful in testing client access. The endpoint is able to connect to the SSID but is unable to grant access to the guest network through the guest portal. What must be done to identify the problem?

Options:
A.

Use context visibility to verify posture status.

B.

Use the endpoint ID to execute a session trace.

C.

Use the identity group to validate the authorization rules.

D.

Use traceroute to ensure connectivity.

Expert Solution
Viewing page 9 out of 9 pages
Viewing questions 81-90 out of questions