2023 Cisco 300-715 Exam Dumps Questions

Category:

Comments:

0 Comments

Post Date:

April 15, 2023

Cisco certification is a highly valuable and sought-after certification for IT professionals seeking to enhance their knowledge and expertise. 300-715 exam is specifically designed to validate the skills required to configure and maintain the CCNP Security platform, which is widely used by businesses around the world. These 300-715 exam dumps questions are specifically designed to help you prepare for the exam by testing your knowledge and providing you with valuable insights into the types of questions that you will encounter. Test free Cisco 300-715 exam questions below.

Page 1 of 8

1. An administrator must block access to BYOD endpoints that were onboarded without a certificate and have been reported as stolen in the Cisco ISE My Devices Portal.

Which condition must be used when configuring an authorization policy that sets DenyAccess permission?

Endpoint Identity Group is Blocklist, and the BYOD state is Registered.

Endpoint Identify Group is Blocklist, and the BYOD state is Pending.

Endpoint Identity Group is Blocklist, and the BYOD state is Lost.

Endpoint Identity Group is Blocklist, and the BYOD state is Reinstate.

2. Which statement about configuring certificates for BYOD is true?

An Android endpoint uses EST, whereas other operating systems use SCEP for enrollment

The SAN field is populated with the end user name.

An endpoint certificate is mandatory for the Cisco ISE BYOD

The CN field is populated with the endpoint host name

3. An administrator needs to connect ISE to Active Directory as an external authentication source and allow the proper ports through the firewall.

Which two ports should be opened to accomplish this task? (Choose two)

TELNET 23

LDAP 389

HTTP 80

HTTPS 443

MSRPC 445

4. Which two responses from the RADIUS server to NAS are valid during the authentication process? (Choose two)

access-response

access-request

access-reserved

access-accept

access-challenge

5. Which port does Cisco ISE use for native supplicant provisioning of a Windows laptop?

TCP 8909

TCP 8905

UDP 1812

TCP 443

6. An engineer is designing a BYOD environment utilizing Cisco ISE for devices that do not support native supplicants.

Which portal must the security engineer configure to accomplish this task?

MDM

Client provisioning

My devices

BYOD

7. Which two default guest portals are available with Cisco ISE? (Choose two.)

visitor

WIFI-access

self-registered

central web authentication

sponsored

8. An administrator replaced a PSN in the distributed Cisco ISE environment. When endpoints authenticate to it, the devices are not getting the right profiles or attributes and as a result, are not hitting the correct policies. This was working correctly on the previous PSN.

Which action must be taken to ensure the endpoints get identified?

Verify that the MnT node is tracking the session.

Verify the shared secret used between the switch and the PS

Verify that the profiling service is running on the new PS

Verify that the authentication request the PSN is receiving is not malformed.

9. An engineer is configuring Cisco ISE for guest services They would like to have any unregistered guests redirected to the guest portal for authentication then have a CoA provide them with full access to the network that is segmented via firewalls.

Why is the given configuration failing to accomplish this goal?

The Guest Flow condition is not in the line that gives access to the quest portal

The Network_Access_Authentication_Passed condition will not work with guest services for portal access.

The Permit Access result is not set to restricted access in its policy line

The Guest Portal and Guest Access policy lines are in the wrong order

10. An engineer must configure Cisco ISE to provide internet access for guests in which guests are required to enter a code to gain network access.

Which action accomplishes the goal?

Configure the hotspot portal for guest access and require an access code.

Configure the sponsor portal with a single account and use the access code as the password.

Configure the self-registered guest portal to allow guests to create a personal access code.

Create a BYOD policy that bypasses the authentication of the user and authorizes access codes.

Page 2 of 8

11. Which two ports must be open between Cisco ISE and the client when you configure posture on Cisco ISE? (Choose two).

TCP 8443

TCP 8906

TCP 443

TCP 80

TCP 8905

12. An engineer is using the low-impact mode for a phased deployment of Cisco ISE and is trying to connect to the network prior to authentication.

Which access will be denied in this?

HTTP

DNS

EAP

DHCP

13. Which two external identity stores support EAP-TLS and PEAP-TLS? (Choose two.)

Active Directory

RADIUS Token

Internal Database

RSA Secur lD

LDAP

14. Which personas can a Cisco ISE node assume'?

policy service, gatekeeping, and monitoring

administration, policy service, and monitoring

administration, policy service, gatekeeping

administration, monitoring, and gatekeeping

15. Which profiling probe collects the user-agent string?

DHCP

HTTP

NMAP

16. Which two fields are available when creating an endpoint on the context visibility page of Cisco IS? (Choose two)

Policy Assignment

Endpoint Family

Identity Group Assignment

Security Group Tag

IP Address

17. What is the purpose of the ip http server command on a switch?

It enables the https server for users for web authentication

It enables MAB authentication on the switch

It enables the switch to redirect users for web authentication.

It enables dot1x authentication on the switch.

18. An engineer is working on a switch and must tag packets with SGT values such that it learns via SXP.

Which command must be entered to meet this requirement?

ip source guard

ip dhcp snooping

ip device tracking maximum

ip arp inspection

19. An administrator is configuring a new profiling policy in Cisco ISE for a printer type that is missing from the profiler feed. The logical profile Printers must be used in the authorization rule and the rule must be hit.

What must be done to ensure that this configuration will be successful^

Create a new logical profile for the new printer policy

Enable the EndPoints:EndPointPolicy condition in the authorization policy.

Add the new profiling policy to the logical profile Printers.

Modify the profiler conditions to ensure that it goes into the correct logical profile

20. Refer to the exhibit

In which scenario does this switch configuration apply?

when allowing a hub with multiple clients connected

when passing IP phone authentication

when allowing multiple IP phones to be connected

when preventing users with hypervisor

Page 3 of 8

21. An enterprise uses a separate PSN for each of its four remote sites. Recently, a user reported receiving an "EAP-TLS authentication failed" message when moving between remote sites.

Which configuration must be applied on Cisco ISE?

Use a third-party certificate on the network device.

Add the device to all PSN nodes in the deployment.

Renew the expired certificate on one of the PS

Configure an authorization profile for the end users.

22. During BYOD flow, from where does a Microsoft Windows PC download the Network Setup Assistant?

Cisco App Store

Microsoft App Store

Cisco ISE directly

Native OTA functionality

23. A user is attempting to register a BYOD device to the Cisco ISE deployment, but needs to use the onboarding policy to request a digital certificate and provision the endpoint.

What must be configured to accomplish this task?

A native supplicant provisioning policy to redirect them to the BYOD portal for onboarding

The Cisco AnyConnect provisioning policy to provision the endpoint for onboarding

The BYOD flow to ensure that the endpoint will be provisioned prior to registering

The posture provisioning policy to give the endpoint all necessary components prior to registering

24. What is a valid status of an endpoint attribute during the device registration process?

block listed

pending

unknown

DenyAccess

25. An administrator is configuring posture with Cisco ISE and wants to check that specific services are present on the workstations that are attempting to access the network.

What must be configured to accomplish this goal?

Create a registry posture condition using a non-OPSWAT API version.

Create an application posture condition using a OPSWAT API version.

Create a compound posture condition using a OPSWAT API version.

Create a service posture condition using a non-OPSWAT API version.

26. A network engineer needs to deploy 802.1x using Cisco ISE in a wired network environment where thin clients download their system image upon bootup using PXE.

For which mode must the switch ports be configured?

closed

restricted

monitor

low-impact

27. Which term refers to an endpoint agent that tries to join an 802 1X-enabled network?

EAP server

supplicant

client

authenticator

28. DRAG DROP

Drag and drop the description from the left onto the protocol on the right that is used to carry out system authentication, authentication, and accounting.

29. Which command displays all 802 1X/MAB sessions that are active on the switch ports of a Cisco Catalyst switch?

show authentication sessions output

Show authentication sessions

show authentication sessions interface Gi 1/0/x

show authentication sessions interface Gi1/0/x output

30. What occurs when a Cisco ISE distributed deployment has two nodes and the secondary node is deregistered?

The primary node restarts

The secondary node restarts.

The primary node becomes standalone

Both nodes restart.

Page 4 of 8

31. A network administrator has just added a front desk receptionist account to the Cisco ISE Guest Service sponsor group. Using the Cisco ISE Guest Sponsor Portal, which guest services can the receptionist provide?

Keep track of guest user activities

Configure authorization settings for guest users

Create and manage guest user accounts

Authenticate guest users to Cisco ISE

32. Refer to the exhibit

Which switch configuration change will allow only one voice and one data endpoint on each port?

Multi-auth to multi-domain

Mab to dot1x

Auto to manual

Multi-auth to single-auth

33. An administrator is configuring sponsored guest access using Cisco ISE Access must be restricted to the sponsor portal to ensure that only necessary employees can issue sponsored accounts and employees must be classified to do so.

What must be done to accomplish this task?

Configure an identity-based access list in Cisco ISE to restrict the users allowed to login

Edit the sponsor portal to only accept members from the selected groups

Modify the sponsor groups assigned to reflect the desired user groups

Create an authorization rule using the Guest Flow condition to authorize the administrators

34. Which Cisco ISE service allows an engineer to check the compliance of endpoints before connecting to the network?

personas

qualys

nexpose

posture

35. An engineer is configuring a virtual Cisco ISE deployment and needs each persona to be on a different node.

Which persona should be configured with the largest amount of storage in this environment?

policy Services

Primary Administration

Monitoring and Troubleshooting

Platform Exchange Grid

36. What allows an endpoint to obtain a digital certificate from Cisco ISE during a BYOD flow?

Network Access Control

My Devices Portal

Application Visibility and Control

Supplicant Provisioning Wizard

37. An engineer is configuring web authentication using non-standard ports and needs the switch to redirect traffic to the correct port.

Which command should be used to accomplish this task?

permit tcp any any eq

aaa group server radius proxy

ip http port

aaa group server radius

38. Which Cisco ISE deployment model is recommended for an enterprise that has over 50,000 concurrent active endpoints?

large deployment with fully distributed nodes running all personas

medium deployment with primary and secondary PAN/MnT/pxGrid nodes with shared PSNs

medium deployment with primary and secondary PAN/MnT/pxGrid nodes with dedicated PSNs

small deployment with one primary and one secondary node running all personas

39. An engineer is configuring 802.1X and is testing out their policy sets. After authentication, some endpoints are given an access-reject message but are still allowed onto the network.

What is causing this issue to occur?

The switch port is configured with authentication event server dead action authorize vlan.

The authorization results for the endpoints include a dACL allowing access.

The authorization results for the endpoints include the Trusted security group tag.

The switch port is configured with authentication open.

40. A network engineer must enforce access control using special tags, without re-engineering the

network design.

Which feature should be configured to achieve this in a scalable manner?

SGT

dACL

VLAN

RBAC

Page 5 of 8

41. There are several devices on a network that are considered critical and need to be placed into the ISE database and a policy used for them. The organization does not want to use profiling.

What must be done to accomplish this goal?

Enter the MAC address in the correct Endpoint Identity Group.

Enter the MAC address in the correct Logical Profile.

Enter the IP address in the correct Logical Profile.

Enter the IP address in the correct Endpoint Identity Group.

42. When configuring Active Directory groups, what does the Cisco ISE use to resolve ambiguous group names?

MIB

TGT

OMAB

SID

43. When creating a policy within Cisco ISE for network access control, the administrator wants to allow different access restrictions based upon the wireless SSID to which the device is connecting.

Which policy condition must be used in order to accomplish this?

Network Access NetworkDeviceName CONTAINS

DEVICE Device Type CONTAINS

Radius Called-Station-ID CONTAINS

Airespace Airespace-Wlan-ld CONTAINS

44. An organization wants to split their Cisco ISE deployment to separate the device administration functionalities from the mam deployment. For this to work, the administrator must deregister any nodes that will become a part of the new deployment, but the button for this option is grayed out.

Which configuration is causing this behavior?

One of the nodes is an active PS

One of the nodes is the Primary PAN

All of the nodes participate in the PAN auto failover.

All of the nodes are actively being synched.

45. While configuring Cisco TrustSec on Cisco IOS devices the engineer must set the CTS device ID and password in order for the devices to authenticate with each other. However after this is complete the devices are not able to property authenticate.

What issue would cause this to happen even if the device ID and passwords are correct?

The device aliases are not matching

The 5GT mappings have not been defined

The devices are missing the configuration cts credentials trustsec verify 1

EAP-FAST is not enabled

46. An engineer is working with a distributed deployment of Cisco ISE and needs to configure various network probes to collect a set of attributes from the endpoints on the network.

Which node should be used to accomplish this task?

PSN

primary PAN

pxGrid

MnT

47. DRAG DROP

Drag the descriptions on the left onto the components of 802.1X on the right.

48. An organization is migrating its current guest network to Cisco ISE and has 1000 guest users in the current database There are no resources to enter this information into the Cisco ISE database manually.

What must be done to accomplish this task effciently?

Use a CSV file to import the guest accounts

Use SOL to link me existing database to Ctsco ISE

Use a JSON fie to automate the migration of guest accounts

Use an XML file to change the existing format to match that of Cisco ISE

49. An engineer is configuring static SGT classification.

Which configuration should be used when authentication is disabled and third-party switches are in use?

VLAN to SGT mapping

IP Address to SGT mapping

L3IF to SGT mapping

Subnet to SGT mapping

50. An administrator is trying to collect metadata information about the traffic going across the network to gam added visibility into the hosts. This Information will be used to create profiling policies for devices us mg Cisco ISE so that network access policies can be used.

What must be done to accomplish this task?

Configure the RADIUS profiling probe within Cisco ISE

Configure NetFlow to be sent to me Cisco ISE appliance.

Configure SNMP to be used with the Cisco ISE appliance

Configure the DHCP probe within Cisco ISE

Page 6 of 8

51. An engineer is starting to implement a wired 802.1X project throughout the campus. The task is for failed authentication to be logged to Cisco ISE and also have a minimal impact on the users.

Which command must the engineer configure?

A. authentication open

B. pae dot1x enabled

C. authentication host-mode multi-auth

D. monitor-mode enabled

52. Refer to the exhibit. An engineer is creating a new TACACS* command set and cannot use any show commands after togging into the device with this command set authorization.

Which configuration is causing this issue?

Question marks are not allowed as wildcards for command sets.

The command set is allowing all commands that are not in the command list

The wildcard command listed is in the wrong format

The command set is working like an ACL and denying every command.

53. When planning for the deployment of Cisco ISE, an organization's security policy dictates that they must use network access authentication via RADIUS. It also states that the deployment provide an adequate amount of security and visibility for the hosts on the network.

Why should the engineer configure MAB in this situation?

The Cisco switches only support MA

MAB provides the strongest form of authentication available.

The devices in the network do not have a supplicant.

MAB provides user authentication.

54. A network engineer is configuring guest access and notices that when a guest user registers a second device for access, the first device loses access.

What must be done to ensure that both devices for a particular user are able to access the guest network simultaneously?

Configure the sponsor group to increase the number of logins.

Use a custom portal to increase the number of logins

Modify the guest type to increase the number of maximum devices

Create an Adaptive Network Control policy to increase the number of devices

55. What is a function of client provisioning?

It ensures an application process is running on the endpoint.

It checks a dictionary' attribute with a value.

It ensures that endpoints receive the appropriate posture agents

It checks the existence date and versions of the file on a client.

56. A network engineer needs to ensure that the access credentials are not exposed during the 802.1x authentication among components.

Which two protocols should complete this task?

PEAP

EAP-MD5

LEAP

EAP-TLS

EAP-TTLS

57. What sends the redirect ACL that is configured in the authorization profile back to the Cisco WLC?

Cisco-av-pair

Class attribute

Event

State attribute

58. A network administrator is configuring a secondary cisco ISE node from the backup configuration of the primary cisco ISE node to create a high availability pair The Cisco ISE CA certificates and keys must be manually backed up from the primary Cisco ISE and copied into the secondary Cisco ISE.

Which command most be issued for this to work?

copy certificate Ise

application configure Ise

certificate configure Ise

Import certificate Ise

59. Which two methods should a sponsor select to create bulk guest accounts from the sponsor portal? (Choose two)

Random

Monthly

Daily

Imported

Known

60. Which two Cisco ISE deployment models require two nodes configured with dedicated PAN and MnT personas? (Choose two.)

three PSN nodes

seven PSN nodes with one PxGrid node

five PSN nodes with one PxGrid node

two PSN nodes with one PxGrid node

six PSN nodes

Page 7 of 8

61. Which two actions occur when a Cisco ISE server device administrator logs in to a device? (Choose two)

The device queries the internal identity store

The Cisco ISE server queries the internal identity store

The device queries the external identity store

The Cisco ISE server queries the external identity store.

The device queries the Cisco ISE authorization server

62. An administrator is configuring cisco ISE lo authenticate users logging into network devices using TACACS+ The administrator is not seeing any oí the authentication in the TACACS+ live logs.

Which action ensures the users are able to log into the network devices?

Enable the device administration service in the Administration persona

Enable the session services in the administration persona

Enable the service sessions in the PSN persona.

Enable the device administration service in the PSN persona.

63. What are two benefits of TACACS+ versus RADIUS for device administration? (Choose two)

TACACS+ supports 802.1X, and RADIUS supports MAB

TACACS+ uses UDP, and RADIUS uses TCP

TACACS+ has command authorization, and RADIUS does not.

TACACS+ provides the service type, and RADIUS does not

TACACS+ encrypts the whole payload, and RADIUS encrypts only the password.

64. A network security administrator needs a web authentication configuration when a guest user connects to the network with a wireless connection using these steps:

. An initial MAB request is sent to the Cisco ISE node.

. Cisco ISE responds with a URL redirection authorization profile if the user's MAC address is unknown in the endpoint identity store.

. The URL redirection presents the user with an AUP acceptance page when the user attempts to go to any URL.

Which authentication must the administrator configure on Cisco ISE?

device registration WebAuth

WLC with local WebAuth

wired NAD with local WebAuth

NAD with central WebAuth

65. An administrator needs to allow guest devices to connect to a private network without requiring usernames and passwords.

Which two features must be configured to allow for this? (Choose two.)

hotspot guest portal

device registration WebAuth

central WebAuth

local WebAuth

self-registered guest portal

66. What is the deployment mode when two Cisco ISE nodes are configured in an environment?

distributed

active

standalone

standard

67. An administrator is troubleshooting an endpoint that is supposed to bypass 802 1X and use MAB. The endpoint is bypassing 802.1X and successfully getting network access using MAB. however the endpoint cannot communicate because it cannot obtain an IP address.

What is the problem?

The DHCP probe for Cisco ISE is not working as expected.

The 802.1 X timeout period is too long.

The endpoint is using the wrong protocol to authenticate with Cisco IS

An AC I on the port is blocking HTTP traffic

68. An engineer is implementing Cisco ISE and needs to configure 802.1X. The port settings are configured for port-based authentication.

Which command should be used to complete this configuration?

dot1x pae authenticator

dot1x system-auth-control

authentication port-control auto

aaa authentication dot1x default group radius

69. Refer to the exhibit:

Which command is typed within the CU of a switch to view the troubleshooting output?

show authentication sessions mac 000e.84af.59af details

show authentication registrations

show authentication interface gigabitethemet2/0/36

show authentication sessions method

70. A network security engineer needs to configure 802.1X port authentication to allow a single host to be authenticated for data and another single host to be authenticated for voice.

Which command should the engineer run on the interface to accomplish this goal?

authentication host-mode single-host

authentication host-mode multi-auth

authentication host-mode multi-host

authentication host-mode multi-domain

Page 8 of 8

71. Which two authentication protocols are supported by RADIUS but not by TACACS+? (Choose two.)

MSCHAPv1

PAP

EAP

CHAP

MSCHAPV2

72. Which two roles are taken on by the administration person within a Cisco ISE distributed environment? (Choose two.)

backup

secondary

standby

primary

active

73. Which two endpoint compliance statuses are possible? (Choose two.)

unknown

known

invalid

compliant

valid

74. A company manager is hosting a conference. Conference participants must connect to an open guest SSID and only use a preassigned code that they enter into the guest portal prior to gaining access to the network.

How should the manager configure Cisco ISE to accomplish this goal?

Create entries in the guest identity group for all participants.

Create an access code to be entered in the AUP page.

Create logins for each participant to give them sponsored access.

Create a registration code to be entered on the portal splash page.

TAGS:

300-715, 300-715 exam dumps

Notify of

Label

Name*

Email*

Website

Label

Name*

Email*

Website

0 Comments

Oldest

Newest Most Voted

Inline Feedbacks

View all comments

Posts

Cisco Free Dumps

Get 300-715 Dumps Full Version

Q&As: 262
Versions: PDF and Software Download Now

About Dumpsinfo

Dumpsinfo is a good platform providing the latest exam information and dumps questions for all IT certification exams. You can study all the latest exam dumps questions online.

[email protected]

Mon - Sat 9:00am - 6:00pm

2023 Cisco 300-715 Exam Dumps Questions

Related

Posts

CCST Networking Dumps Guarantee You Pass CCST Networking Exam Easily

100-490 Dumps Guarantee You Pass 100-490 Exam Easily

Cisco 500-444 Exam Questions Simulate Actual 500-444 Exam

Cisco 500-430 Exam Questions Simulate Actual 500-430 Exam

About Us

EMAIL

Services

Opening Hours