Weekend Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = simple70

Home
Cisco
CCNP Security
300-715
Implementing and Configuring Cisco Identity Services Engine (SISE) v4.0 (300-715 SISE) Questions and Answers

Pass the Cisco CCNP Security 300-715 Questions and answers with ExamsMirror

Practice at least 50% of the questions to maximize your chances of passing.

Exam 300-715 Premium Access

View all detail and faqs for the 300-715 exam

Go to Exam

491 Students Passed

93% Average Score

96% Same Questions

Viewing page 1 out of 9 pages

Viewing questions 1-10 out of questions

Questions # 1:

Refer to the exhibit.

Question # 1

An organization recently implemented network device administration using Cisco ISE. Upon testing the ability to access all of the required devices, a user in the Cisco ISE group IT Admins is attempting to login to a device in their organization's finance department but is unable to. What is the problem?

Options:

The IT training rule is taking precedence over the IT Admins rule.

The authorization conditions wrongly allow IT Admins group no access to finance devices.

The finance location is not a condition in the policy set.

The authorization policy doesn't correctly grant them access to the finance devices.

Answer

Questions # 2:

A Cisco ISE server sends a CoA to a NAD after a user logs in successfully using CWA Which action does the CoA perform?

Options:

It terminates the client session

It applies the downloadable ACL provided in the CoA

It applies new permissions provided in the CoA to the client session.

It triggers the NAD to reauthenticate the client

Answer

Explanation

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732-central-web-auth-00.html

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/113362-config-web-auth-ise-00.html

Questions # 3:

What is needed to configure wireless guest access on the network?

Options:

endpoint already profiled in ISE

WEBAUTH ACL for redirection

valid user account in Active Directory

Captive Portal Bypass turned on

Answer

Questions # 4:

A network engineer must configure a centralized Cisco ISE solution for wireless guest access with users in different time zones. The guest account activation time must be independent of the user time zone, and the guest account must be enabled automatically when the user self-registers on the guest portal.

Which option in the time profile settings must be selected to meet the requirement?

Options:

Select FromFirstLogin from the Account Type dropdown.

Select FromCreation from the Account Type dropdown.

Set the Maximum Account Duration to 1 Day.

Set the Duration field to 24:00:00.

Answer

Questions # 5:

An administrator must block access to BYOD endpoints that were onboarded without a certificate and have been reported as stolen in the Cisco ISE My Devices Portal. Which condition must be used when configuring an authorization policy that sets DenyAccess permission?

Options:

Endpoint Identity Group is Blocklist, and the BYOD state is Registered.

Endpoint Identify Group is Blocklist, and the BYOD state is Pending.

Endpoint Identity Group is Blocklist, and the BYOD state is Lost.

Endpoint Identity Group is Blocklist, and the BYOD state is Reinstate.

Answer

Explanation

https://www.cisco.com/c/en/us/td/docs/security/ise/2-6/admin_guide/b_ISE_26_admin_guide/b_ISE_admin_26_byod.html

Questions # 6:

An engineer is configuring sponsored guest access and needs to limit each sponsored guest to a maximum of two devices. There are other guest services in production that rely on the default guest types. How should this configuration change be made without disrupting the other guest services currently offering three or more guest devices per user?

Options:

Create an ISE identity group to add users to and limit the number of logins via the group configuration.

Create a new guest type and set the maximum number of devices sponsored guests can register

Create an LDAP login for each guest and tag that in the guest portal for authentication.

Create a new sponsor group and adjust the settings to limit the devices for each guest.

Answer

Questions # 7:

Which two probes must be enabled for the ARP cache to function in the Cisco ISE profile service so that a user can reliably bind the IP address and MAC addresses of endpoints? (Choose two.)

Options:

NetFlow

SNMP

HTTP

DHCP

RADIUS

Answer

D, E

Explanation

Cisco ISE implements an ARP cache in the profiling service, so that you can reliably map the IP addresses and the MAC addresses of endpoints. For the ARP cache to function, you must enable either the DHCP probe or the RADIUS probe. The DHCP and RADIUS probes carry the IP addresses and the MAC addresses of endpoints in the payload data. The dhcp-requested address attribute in the DHCP probe and the Framed-IP-address attribute in the RADIUS probe carry the IP addresses of endpoints, along with their MAC addresses, which can be mapped and stored in the ARP cache.

https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/ admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_010100.html

Questions # 8:

An administrator made changes in Cisco ISE and needs to apply new permissions for endpoints that have already been authenticated by sending a CoA packet to the network devices. Which IOS command must be configured on the devices to accomplish this goal?

Options:

aaa server radius dynamic-author

authentication command bounce-port

authentication command disable-port

aaa nas port extended

Answer

Questions # 9:

Which are two characteristics of TACACS+? (Choose two)

Options:

It uses TCP port 49.

It combines authorization and authentication functions.

It separates authorization and authentication functions.

It encrypts the password only.

It uses UDP port 49.

Answer

A, C

Questions # 10:

A network security administrator wants to integrate Cisco ISE with Active Directory. Which configuration action must the security administrator take to accomplish the task?