cisco 300-715 practice test

implementing and configuring cisco identity services engine (300-715 sise)

Last exam update: Oct 11 ,2024
Page 1 out of 28. Viewing questions 1-10 out of 275

Question 1

An engineer is configuring 802.1X and is testing out their policy sets. After authentication, some endpoints are given an access-reject message but are still allowed onto the network. What is causing this issue to occur?

  • A. The authorization results for the endpoints include the Trusted security group tag.
  • B. The authorization results for the endpoints include a dACL allowing access.
  • C. The switch port is configured with authentication event server dead action authorize vlan.
  • D. The switch port is configured with authentication open.
Mark Question:
Answer:

d

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 2

Which profiling probe collects the user-agent string?

  • A. DHCP
  • B. HTTP
  • C. NMAP
  • D. AD
Mark Question:
Answer:

b

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 3

A network security administrator needs a web authentication configuration when a guest user connects to the network with a wireless connection using these steps:
An initial MAB request is sent to the Cisco ISE node.
Cisco ISE responds with a URL redirection authorization profile if the user's MAC address is unknown in the endpoint identity store.
The URL redirection presents the user with an AUP acceptance page when the user attempts to go to any URL.

Which authentication must the administrator configure on Cisco ISE?

  • A. wired NAD with local WebAuth
  • B. WLC with local WebAuth
  • C. NAD with central WebAuth
  • D. device registration WebAuth
Mark Question:
Answer:

c

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 4

An administrator is configuring RADIUS on a Cisco switch with a key set to Cisc407294634 but is receiving the error `Authentication failed: 22040 Wrong password or invalid shared secret.`
What must be done to address this issue?

  • A. Add the network device as a NAD inside Cisco ISE using the existing key.
  • B. Configure the key on the Cisco ISE instead of the Cisco switch.
  • C. Validate that the key is correct on both the Cisco switch as well as Cisco ISE.
  • D. Use a key that is between eight and ten characters.
Mark Question:
Answer:

a


Reference:
https://community.cisco.com/t5/network-access-control/authentication-failed/td-p/2224342

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 5

An administrator has added a new Cisco ISE PSN to their distributed deployment. Which two features must the administrator enable to accept authentication requests and profile the endpoints correctly, and add them to their respective endpoint identity groups? (Choose two.)

  • A. Session Services
  • B. Profiling Services
  • C. Radius Service
  • D. Posture Services
  • E. Endpoint Attribute Filter
Mark Question:
Answer:

bc

User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
Discussions
vote your answer:
A
B
C
D
E
0 / 1000

Question 6

Which file setup method is supported by ZTP on physical appliances?

  • A. cfg
  • B. iso
  • C. img
  • D. ova
Mark Question:
Answer:

c

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 7

An administrator needs to give the same level of access to the network devices when users are logging into them using TACACS+. However, the administrator must restrict certain commands based on one of three user roles that require different commands.
How is this accomplished without creating too many objects using Cisco ISE?

  • A. Create one shell profile and one command set.
  • B. Create multiple shell profiles and one command set.
  • C. Create multiple shell profiles and multiple command sets.
  • D. Create one shell profile and multiple command sets.
Mark Question:
Answer:

c


Reference:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_0100010.html

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 8

An engineer is testing low-impact mode for a phased deployment of Cisco ISE. Which type of traffic is denied when a host tries to connect to the network prior to authentication?

  • A. DNS
  • B. EAP
  • C. DHCP
  • D. HTTP
Mark Question:
Answer:

d

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 9

Which deployment mode allows for one or more policy service nodes to be used for session failover?

  • A. centralized
  • B. secondary
  • C. standalone
  • D. distributed
Mark Question:
Answer:

d

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10

What is an advantage of using EAP-TLS over EAP-MS-CHAPv2 for client authentication?

  • A. EAP-TLS uses a username and password for authentication to enhance security, while EAP-MS-CHAPv2 does not.
  • B. EAP-TLS uses multiple forms of authentication, while EAP-MS-CHAPv2 only uses one.
  • C. EAP-TLS uses a device certificate for authentication to enhance security, while EAP-MS-CHAPv2 does not.
  • D. EAP-TLS secures the exchange of credentials, while EAP-MS-CHAPv2 does not.
Mark Question:
Answer:

c


Reference:
https://www.securew2.com/blog/eap-tls-vs-peap-mschapv2-which-authentication-protocol-is-superior

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
To page 2