Provide Cisco 300-715 Practice Test Engine for Preparation [Q59-Q83]

Provide Cisco 300-715 Practice Test Engine for Preparation

Detailed New 300-715 Exam Questions for Concept Clearance

NEW QUESTION # 59
Which two endpoint compliance statuses are possible? (Choose two.)

• A. valid
• B. known
• C. unknown
• D. compliant
• E. invalid

Answer: C,D

Explanation:
Section: Endpoint Compliance

NEW QUESTION # 60
Drag the steps to configure a Cisco ISE node as a primary administration node from the left into the correct order on the night.

Answer:

Explanation:

Explanation
https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ise_admin_guide_24/b_ise_admin_guide Step 1 Choose Administration > System > Deployment.
The Register button will be disabled initially. To enable this button, you must configure a Primary PAN.
Step 2
Check the check box next to the current node, and click Edit.
Step 3
Click Make Primary to configure your Primary PAN.
Step 4
Enter data on the General Settings tab.
Step 5
Click Save to save the node configuration.

NEW QUESTION # 61
An administrator for a small network is configuring Cisco ISE to provide dynamic network access to users. Management needs Cisco ISE to not automatically trigger a CoA whenever a profile change is detected. Instead, the administrator needs to verify the new profile and manually trigger a CoA. What must be configuring in the profiler to accomplish this goal?

• A. Port Bounce
• B. No CoA
• C. Session Query
• D. Reauth

Answer: B

Explanation:
https://ciscocustomer.lookbookhq.com/iseguidedjourney/ISE-profiling-policies

NEW QUESTION # 62
What must be configured on the WLC to configure Central Web Authentication using Cisco ISE and a WLC?

• A. Use the radius-server vsa send authentication command.
• B. Set the NAC State option to RADIUS NAC.
• C. Use the ip access-group webauth in command.
• D. Set the NAC State option to SNMP NAC.

Answer: A

NEW QUESTION # 63
Which two features must be used on Cisco ISE to enable the TACACS. feature? (Choose two)

• A. External TACACS Servers
• B. Server Sequence
• C. Command Sets
• D. Device Administration License
• E. Device Admin Service

Answer: A

NEW QUESTION # 64
What is the purpose of the ip http server command on a switch?

• A. It enables the https server for users for web authentication.
• B. It enables dot1x authentication on the switch.
• C. It enables MAB authentication on the switch.
• D. It enables the switch to redirect users for web authentication.

Answer: C

Explanation:
Section: Web Auth and Guest Services

NEW QUESTION # 65
Drag the Cisco ISE node types from the left onto the appropriate purposes on the right.

Answer:

Explanation:

NEW QUESTION # 66
An administrator is configuring new probes to use with Cisco ISE and wants to use metadata to help profile the endpoints. The metadata must contain traffic information relating to the endpoints instead of industry-standard protocol information Which probe should be enabled to meet these requirements?

• A. DNS probe
• B. DHCP probe
• C. SNMP query probe
• D. NetFlow probe

Answer: B

Explanation:
Reference:
http://www.network-node.com/blog/2016/1/2/ise-20-profiling

NEW QUESTION # 67
Which two task types are included in the Cisco ISE common tasks support for TACACS+ profiles?
(Choose two.)

• A. Firepower
• B. IOS
• C. WLC
• D. ASA
• E. Shell

Answer: C,E

Explanation:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_0100010.html TACACS+ Profile TACACS+ profiles control the initial login session of the device administrator. A session refers to each individual authentication, authorization, or accounting request. A session authorization request to a network device elicits an ISE response. The response includes a token that is interpreted by the network device, which limits the commands that may be executed for the duration of a session. The authorization policy for a device administration access service can contain a single shell profile and multiple command sets. The TACACS+ profile definitions are split into two components:
Common tasks
Custom attributes
There are two views in the TACACS+ Profiles page (Work Centers > Device Administration > Policy Elements > Results > TACACS Profiles)-Task Attribute View and Raw View. Common tasks can be entered using the Task Attribute View and custom attributes can be created in the Task Attribute View as well as the Raw View.
The Common Tasks section allows you to select and configure the frequently used attributes for a profile. The attributes that are included here are those defined by the TACACS+ protocol draft specifications. However, the values can be used in the authorization of requests from other services. In the Task Attribute View, the ISE administrator can set the privileges that will be assigned to the device administrator. The common task types are:
Shell
WLC
Nexus
Generic
The Custom Attributes section allows you to configure additional attributes. It provides a list of attributes that are not recognized by the Common Tasks section. Each definition consists of the attribute name, an indication of whether the attribute is mandatory or optional, and the value for the attribute. In the Raw View, you can enter the mandatory attributes using a equal to (=) sign between the attribute name and its value and optional attributes are entered using an asterisk (*) between the attribute name and its value. The attributes entered in the Raw View are reflected in the Custom Attributes section in the Task Attribute View and vice versa. The Raw View is also used to copy paste the attribute list (for example, another product's attribute list) from the clipboard onto ISE. Custom attributes can be defined for nonshell services.

NEW QUESTION # 68
Which term refers to an endpoint agent that tries to join an 802 1X-enabled network?

• A. authenticator
• B. client
• C. supplicant
• D. EAP server

Answer: C

Explanation:
https://www.oreilly.com/library/view/cisco-ise-for/9780133103632/ch16.html#:~:text=What%20is%20a%20supplicant%3F,networks%2C%20both%20wired%20and%20wireless.&text=The%20802.1X%20transactions%20are,Identity%20Services%20Engine%20(ISE).

NEW QUESTION # 69
An administrator is configuring TACACS+ on a Cisco switch but cannot authenticate users with Cisco ISE. The configuration contains the correct key of Cisc039712287. but the switch is not receiving a response from the Cisco ISE instance What must be done to validate the AAA configuration and identify the problem with the TACACS+ servers?

• A. Conirm the authorization policies are correct using the test aaa authorization admin drop legacy command.
• B. Test the user account on the server using the test aaa group radius server CUCS user admin pass <key> legacy command.
• C. Validate that the key value is correct using the test aaa authentication admin <key> legacy command.
• D. Check for server reachability using the test aaa group tacacs+ admin <key> legacy command.

Answer: D

Explanation:
https://medium.com/training-course-ccna-security-210-260/ccna-security-part-3-implementing-aaa-in-cisco-ios-4b13ab285f51

NEW QUESTION # 70
A user is attempting to register a BYOD device to the Cisco ISE deployment, but needs to use the onboarding policy to request a digital certificate and provision the endpoint. What must be configured to accomplish this task?

• A. The BYOD flow to ensure that the endpoint will be provisioned prior to registering
• B. The posture provisioning policy to give the endpoint all necessary components prior to registering
• C. The Cisco AnyConnect provisioning policy to provision the endpoint for onboarding
• D. A native supplicant provisioning policy to redirect them to the BYOD portal for onboarding

Answer: D

NEW QUESTION # 71
An administrator is creating a new TACACS sell. The users that get assigned this profile should have initial access privileges equivalent to user EXEC mode, and a max privilege level of privileged EXEC mode. How is this configured?
A)

B)

C)

D)

• A. Option C
• B. Option A
• C. Option B
• D. Option D

Answer: C

NEW QUESTION # 72
An employee logs on to the My Devices portal and marks a currently on-boarded device as 'Lost'.
Which two actions occur within Cisco ISE as a result oí this action? (Choose two)

• A. BYOD Registration status is updated to No
• B. BYOD Registration status is updated to Unknown.
• C. The device status is updated to Stolen
• D. The device access has been denied
• E. Certificates provisioned to the device are not revoked

Answer: A,E

Explanation:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/admin_guide/b_ise_admin_guide_22/b_ise_admin_guide_22_chapter_01111.html

NEW QUESTION # 73
Which RADIUS attribute is used to dynamically assign the Inactivity active timer for MAB users from the Cisco ISE node?

• A. termination-action
• B. idle timeout
• C. session timeout
• D. radius-server timeout

Answer: B

Explanation:
Explanation
When the inactivity timer is enabled, the switch monitors the activity from authenticated endpoints. When the inactivity timer expires, the switch removes the authenticated session. The inactivity timer for MAB can be statically configured on the switch port, or it can be dynamically assigned using the RADIUS Idle-Timeout attribute

NEW QUESTION # 74
During BYOD flow, from where does a Microsoft Windows PC download the Network Setup Assistant?

• A. Cisco App Store
• B. Cisco ISE directly
• C. Native OTA functionality
• D. Microsoft App Store

Answer: B

Explanation:
Section: BYOD
Explanation/Reference: https://ciscocustomer.lookbookhq.com/iseguidedjourney/BYOD-configuration

NEW QUESTION # 75
By default, which traffic does an 802.IX-enabled switch allow before authentication?

• A. traffic permitted in the port dACL on Cisco ISE
• B. all traffic
• C. traffic permitted in the default ACL on the switch
• D. no traffic

Answer: C

NEW QUESTION # 76
An administrator is troubleshooting an endpoint that is supposed to bypass 802 1X and use MAB. The endpoint is bypassing 802.1X and successfully getting network access using MAB. however the endpoint cannot communicate because it cannot obtain an IP address. What is the problem?

• A. An AC I on the port is blocking HTTP traffic
• B. The endpoint is using the wrong protocol to authenticate with Cisco ISE.
• C. The DHCP probe for Cisco ISE is not working as expected.
• D. The 802.1 X timeout period is too long.

Answer: D

NEW QUESTION # 77
What occurs when a Cisco ISE distributed deployment has two nodes and the secondary node is deregistered?

• A. Both nodes restart.
• B. The primary node restarts
• C. The secondary node restarts.
• D. The primary node becomes standalone

Answer: A

Explanation:
Explanation
https://www.cisco.com/c/en/us/td/docs/security/ise/1-1-1/installation_guide/ise_install_guide/ise_deploy.html if your deployment has two nodes and you deregister the secondary node, both nodes in this primary-secondary pair are restarted. (The former primary and secondary nodes become standalone.)

NEW QUESTION # 78
Which use case validates a change of authorization?

• A. Endpoints are created through device registration for the guests
• B. An endpoint profiling policy is changed for authorization policy.
• C. An authenticated, wired EAP-capable endpoint is discovered
• D. An endpoint that is disconnected from the network is discovered

Answer: C

Explanation:
Explanation
https://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_prof_pol.html

NEW QUESTION # 79
An organization wants to standardize the 802 1X configuration on their switches and remove static ACLs on the switch ports while allowing Cisco ISE to communicate to the switch what access to provide What must be configured to accomplish this task?

• A. security group tag within the authorization policy
• B. port security on the switch based on the client's information
• C. dynamic access list within the authorization profile
• D. extended access-list on the switch for the client

Answer: A

Explanation:
Explanation
https://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_sga_pol.html#

NEW QUESTION # 80
Which two events tngger a CoA for an endpoint when CoA is enab.ed globally for ReAuth?
(Choose two.)

• A. endpoint profile transition from Aop.e-dev.ee to App.e-iPhone
• B. addition of endpoint to My Devices Portal
• C. updating of endpoint dACL.
• D. endpoint profile transition from Unknown to Windows 10-Workstation
• E. endpoint marked as lost in My Devices Portal

Answer: A,D

NEW QUESTION # 81
Which two features must be used on Cisco ISE to enable the TACACS. feature? (Choose two)

• A. Device Administration License
• B. Server Sequence
• C. External TACACS Servers
• D. Command Sets
• E. Enable Device Admin Service

Answer: A,E

NEW QUESTION # 82
An administrator is adding a switch to a network that is running Cisco ISE and is only for IP Phones The phones do not have the ability to authenticate via 802 1X Which command is needed on each switch port for authentication?

• A. enable network-authentication
• B. enable bypass-mac
• C. dot1x system-auth-control
• D. mab

Answer: D

Explanation:
Reference:
https://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_aaa/configuration/15-2mt/sec-config-mab.html

NEW QUESTION # 83
......

300-715 2024 Training With 246 QA's: https://www.dumpsactual.com/300-715-actualtests-dumps.html

300-715 Exam Preparation Material with New 300-715 Dumps Questions.: https://drive.google.com/open?id=1qAVaAKZLYFKTJ5q-y6-IjIEi0uBH87mL