300-715 Sample Questions Answers

A network administrator notices that after a company-wide shut down, many users cannot connect their laptops to the corporate SSID. What must be done to permit access in a timely manner?

While configuring Cisco TrustSec on Cisco IOS devices the engineer must set the CTS device ID and password in order for the devices to authenticate with each other. However after this is complete the devices are not able to property authenticate What issue would cause this to happen even if the device ID and passwords are correct?

What is the maximum number of PSN nodes supported in a medium-sized deployment?

Which protocol must be allowed for a BYOD device to access the BYOD portal?

A network administrator has just added a front desk receptionist account to the Cisco ISE Guest Service sponsor group. Using the Cisco ISE Guest Sponsor Portal, which guest services can the receptionist provide?

Which configuration is required in the Cisco ISE authentication policy to allow Central Web Authentication?

If a user reports a device lost or stolen, which portal should be used to prevent the device from accessing the network while still providing information about why the device is blocked?

An engineer tests Cisco ISE posture services on the network and must configure the compliance module to automatically download and install on endpoints Which action accomplishes this task for VPN users?

An engineer is tasked with placing a guest access anchor controller in the DMZ. Which two ports or port sets must be opened up on the firewall to accomplish this task? (Choose two.)

A laptop was stolen and a network engineer added it to the block list endpoint identity group What must be done on a new Cisco ISE deployment to redirect the laptop and restrict access?

Refer to the exhibit. An engineer is creating a new TACACS* command set and cannot use any show commands after togging into the device with this command set authorization Which configuration is causing this issue?

An engineer is enabling a newly configured wireless SSID for tablets and needs visibility into which other types of devices are connecting to it. What must be done on the Cisco WLC to provide this information to Cisco ISE9

An engineer needs to configure Cisco ISE Profiling Services to authorize network access for IP speakers that require access to the intercom system. This traffic needs to be identified if the ToS bit is set to 5 and the destination IP address is the intercom system. What must be configured to accomplish this goal?

Which command displays all 802 1X/MAB sessions that are active on the switch ports of a Cisco Catalyst switch?

Which two ports must be open between Cisco ISE and the client when you configure posture on Cisco ISE? (Choose two).

Which two responses from the RADIUS server to NAS are valid during the authentication process? (Choose two)

Which two fields are available when creating an endpoint on the context visibility page of Cisco IS? (Choose two)

An engineer is configuring Cisco ISE and needs to dynamically identify the network endpoints and ensure that endpoint access is protected. Which service should be used to accomplish this task?

An engineer is working with a distributed deployment of Cisco ISE and needs to configure various network probes to collect a set of attributes from the endpoints on the network. Which node should be used to accomplish this task?

A network engineer is configuring a network device that needs to filter traffic based on security group tags using a security policy on a routed into this task?

Which two features should be used on Cisco ISE to enable the TACACS+ feature? (Choose two )

An organization is implementing Cisco ISE posture services and must ensure that a host-based firewall is in place on every Windows and Mac computer that attempts to access the network They have multiple vendors’ firewall applications for their devices, so the engineers creating the policies are unable to use a specific application check in order to validate the posture for this What should be done to enable this type of posture check?

Which statement about configuring certificates for BYOD is true?

An engineer is configuring a virtual Cisco ISE deployment and needs each persona to be on a different node. Which persona should be configured with the largest amount of storage in this environment?

Which personas can a Cisco ISE node assume'?

An engineer is configuring a dedicated SSID for onboarding devices. Which SSID type accomplishes this configuration?

During BYOD flow, from where does a Microsoft Windows PC download the Network Setup Assistant?

An administrator is configuring a new profiling policy within Cisco ISE The organization has several endpoints that are the same device type and all have the same Block ID in their MAC address. The profiler does not currently have a profiling policy created to categorize these endpoints. therefore a custom profiling policy must be created Which condition must the administrator use in order to properly profile an ACME Al Connector endpoint for network access with MAC address ?

Which two probes must be enabled for the ARP cache to function in the Cisco ISE profile service so that a user can reliably bind the IP address and MAC addresses of endpoints? (Choose two.)

Which three default endpoint identity groups does cisco ISE create? (Choose three)

A Cisco ISE server sends a CoA to a NAD after a user logs in successfully using CWA Which action does the CoA perform?

Which RADIUS attribute is used to dynamically assign the Inactivity active timer for MAB users from the Cisco ISE node?