300-715 Online Practice Questions and Answers

How is policy services node redundancy achieved in a deployment?

A. by enabling VIP

B. by utilizing RADIUS server list on the NAD

C. by creating a node group

D. by deploying both primary and secondary node

Which two events trigger a CoA for an endpoint when CoA is enabled globally for ReAuth? (Choose two.)

A. endpoint marked as lost in My Devices Portal

B. addition of endpoint to My Devices Portal

C. endpoint profile transition from Aop.e-dev.ee to Apple-iPhone

D. endpoint profile transition from Unknown to Windows 10-Workstation

E. updating of endpoint dACL.

If there is a firewall between Cisco ISE and an Active Directory external identity store, which port does not need to be open?

A. UDP/TCP 389

B. UDP123

C. TCP 21

D. TCP 445

E. TCP 88

An administrator is adding a switch to the network that is running cisco ISE and is only for IP phones. the phones do not have the ability to authenticate via 802.1x. Which command is needed on each switch port for authentication?

A. dot1x system-auth-control

B. enable bypass-mac

C. enable network-authentication

D. mab

There is a need within an organization for a new policy to be created in Cisco ISE. It must validate that a specific anti-virus application is not only installed, but running on a machine before it is allowed access to the network. Which posture condition should the administrator configure in order for this policy to work?

A. file

B. registry

C. application

D. service

A network administrator is configuring authorization policies on Cisco ISE There is a requirement to use AD group assignments to control access to network resources After a recent power failure and Cisco ISE rebooting itself, the AD group assignments no longer work

What is the cause of this issue?

A. The AD join point is no longer connected.

B. The AD DNS response is slow.

C. The certificate checks are not being conducted.

D. The network devices ports are shut down.

An organization wants to standardize the 802 1X configuration on their switches and remove static ACLs on the switch ports while allowing Cisco ISE to communicate to the switch what access to provide What must be configured to accomplish this task?

A. security group tag within the authorization policy

B. extended access-list on the switch for the client

C. port security on the switch based on the client's information

D. dynamic access list within the authorization profile

An engineer is configuring a dedicated SSID for onboarding devices. Which SSID type accomplishes this configuration?

A. dual

B. hidden

C. broadcast

D. guest

An organization is migrating its current guest network to Cisco ISE and has 1000 guest users in the current database There are no resources to enter this information into the Cisco ISE database manually. What must be done to accomplish this task effciently?

A. Use a CSV file to import the guest accounts

B. Use SOL to link me existing database to Ctsco ISE

C. Use a JSON fie to automate the migration of guest accounts

D. Use an XML file to change the existing format to match that of Cisco ISE

An administrator is trying to collect metadata information about the traffic going across the network to gam added visibility into the hosts. This Information will be used to create profiling policies for devices us mg Cisco ISE so that network access policies can be used.

What must be done to accomplish this task?

A. Configure the RADIUS profiling probe within Cisco ISE

B. Configure NetFlow to be sent to me Cisco ISE appliance.

C. Configure SNMP to be used with the Cisco ISE appliance

D. Configure the DHCP probe within Cisco ISE

An administrator is troubleshooting an endpoint that is supposed to bypass 802.1X and use MAB. The endpoint is bypassing 802.1X and successfully getting network access using MAB, however the endpoint cannot communicate because it cannot obtain an IP address.

What is the problem?

A. The endpoint is using the wrong protocol to authenticate with Cisco ISE.

B. The 802.1X timeout period is too long.

C. The DHCP probe for Cisco ISE is not working as expected.

D. An ACL on the port is blocking HTTP traffic.

An administrator has added a new Cisco ISE PSN to their distributed deployment. Which two features must the administrator enable to accept authentication requests and profile the endpoints correctly, and add them to their respective endpoint identity groups? (Choose two )

A. Session Services

B. Endpoint Attribute Filter

C. Posture Services

D. Profiling Services

E. Radius Service

An administrator replaced a PSN in the distributed Cisco ISE environment. When endpoints authenticate to it, the devices are not getting the right profiles or attributes and as a result, are not hitting the correct policies. This was working correctly on the previous PSN. Which action must be taken to ensure the endpoints get identified?

A. Verify that the MnT node is tracking the session.

B. Verify the shared secret used between the switch and the PSN.

C. Verify that the profiling service is running on the new PSN.

D. Verify that the authentication request the PSN is receiving is not malformed.

An engineer is configuring a new Cisco ISE node. The Device Admin service must run on this node to handle authentication requests for network device access via TACACS+. Which persona must be enabled on this node to perform this function?

A. pxGrid

B. Administration

C. Policy Service

D. Monitoring

DRAG DROP

Drag the steps to configure a Cisco ISE node as a primary administration node from the left into the correct order on the night.

Select and Place: