Free Cisco 300-715 Exam Price Online

NEW QUESTION 1
What is the minimum certainty factor when creating a profiler policy?

• A. the minimum number that a predefined condition provides
• B. the maximum number that a predefined condition provides
• C. the minimum number that a device certainty factor must reach to become a member of the profile
• D. the maximum number that a device certainty factor must reach to become a member of the profile

Answer: C

NEW QUESTION 2
What are two benefits of TACACS+ versus RADIUS for device administration? (Choose two.)

• A. TACACS+ has command authorization, and RADIUS does not.
• B. TACACS+ uses UDP, and RADIUS uses TCP.
• C. TACACS+ supports 802.1X, and RADIUS supports MAB.
• D. TACACS+ provides the service type, and RADIUS does not.
• E. TACACS+ encrypts the whole payload, and RADIUS encrypts only the password.

Answer: AE

NEW QUESTION 3
What are two components of the posture requirement when configuring Cisco ISE posture? (Choose two.)

• A. Client Provisioning portal
• B. remediation actions
• C. updates
• D. access policy
• E. conditions

Answer: BE

NEW QUESTION 4
Which two features must be used on Cisco ISE to enable the TACACS+ feature? (Choose two.)

• A. Command Sets
• B. Server Sequence
• C. Device Administration License
• D. External TACACS Servers
• E. Device Admin Service

Answer: CE

NEW QUESTION 5
What are two requirements of generating a single certificate in Cisco ISE by using a certificate provisioning portal, without generating a certificate signing request? (Choose two.)

• A. Enter the IP address of the device.
• B. Enter the common name.
• C. Choose the hashing method.
• D. Locate the CSV file for the device MAC.
• E. Select the certificate template.

Answer: BE

Explanation:
Reference: https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/200534-ISE-2-0-Certificate-Provisioning-Portal.html

NEW QUESTION 6
Which two features are available when the primary admin node is down and the secondary admin node has not been promoted? (Choose two.)

• A. new AD user 802.1X authentication
• B. hotspot
• C. posture
• D. guest AUP
• E. BYOD

Answer: BD

NEW QUESTION 7
Which two task types are included in the Cisco ISE common tasks support for TACACS+ profiles? (Choose two.)

• A. ASA
• B. Firepower
• C. Shell
• D. WLC
• E. IOS

Answer: CD

Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/ise/2--1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_0100010.html

NEW QUESTION 8
What gives Cisco ISE an option to scan endpoints for vulnerabilities?

• A. authentication policy
• B. authorization profile
• C. authentication profile
• D. authorization policy

Answer: B

Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/admin_guide/b_ise_admin_guide_22/b_ise_admin_guide_22_chapter_010100.html

NEW QUESTION 9
What occurs when a Cisco ISE distributed deployment has two nodes and the secondary node is deregistered?

• A. The secondary node restarts.
• B. The primary node restarts.
• C. Both nodes restart.
• D. The primary node becomes standalone.

Answer: C

NEW QUESTION 10
Which supplicant(s) and server(s) are capable of supporting EAP-CHAINING?

• A. Cisco Secure Services Client and Cisco Access Control Server
• B. Cisco AnyConnect NAM and Cisco Identity Service Engine
• C. Cisco AnyConnect NAM and Cisco Access Control Server
• D. Windows Native Supplicant and Cisco Identity Service Engine

Answer: B

Explanation:
Reference: https://www.cisco.com/c/en/us/support/docs/wireless-mobility/eap-fast/200322-Understanding-EAP-FAST-and-Chaining-imp.html

NEW QUESTION 11
Which two ports must be open between Cisco ISE and the client when you configure posture on Cisco ISE? (Choose two.)

• A. TCP 80
• B. TCP 8905
• C. TCP 8443
• D. TCP 8906
• E. TCP 443

Answer: BC

Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/ise/2-0/installation_guide/b_ise_InstallationGuide20/Cisco_SNS_3400_Series_Appliance_Ports_Reference.html

NEW QUESTION 12
What is a method for transporting security group tags throughout the network?

• A. by embedding the security group tag in the 802.1Q header
• B. by the Security Group Tag Exchange Protocol
• C. by enabling 802.1AE on every network device
• D. by embedding the security group tag in the IP header

Answer: B

NEW QUESTION 13
What is a valid guest portal type?

• A. Sponsor
• B. Sponsored-Guest
• C. Captive-Guest
• D. My Devices

Answer: B

Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/ise/1-3/admin_guide/b_ise_admin_guide_13/b_ise_admin_guide_sample_chapter_01111.html

NEW QUESTION 14
Which two responses from the RADIUS server to NAS are valid during the authentication process? (Choose two.)

• A. access-challenge
• B. access-accept
• C. access-request
• D. access-reserved
• E. access-response

Answer: AB

NEW QUESTION 15
What is the purpose of the ip http server
command on a switch?

• A. It enables the https server for users for web authentication.
• B. It enables dot1x authentication on the switch.
• C. It enables MAB authentication on the switch.
• D. It enables the switch to redirect users for web authentication.

Answer: C

NEW QUESTION 16
Which configuration is required in the Cisco ISE authentication policy to allow Central Web Authentication?

• A. MAB and if user not found, continue
• B. MAB and if authentication failed, continue
• C. Dot1x and if authentication failed, continue
• D. Dot1x and if user not found, continue

Answer: A

NEW QUESTION 17
Which are two characteristics of TACACS+? (Choose two.)

• A. It separates authorization and authentication functions.
• B. It combines authorization and authentication functions.
• C. It uses UDP port 49.
• D. It encrypts the password only.
• E. It uses TCP port 49.

Answer: AE

Explanation:
Reference: https://www.cisco.com/c/en/us/support/docs/security-vpn/remote-authentication-dial-user-service-radius/13838-10.html

NEW QUESTION 18
Which default endpoint identity group does an endpoint that does not match any profile in Cisco ISE become a member of?

• A. blacklist
• B. unknown
• C. whitelist
• D. profiled
• E. endpoint

Answer: B

Explanation:
Reference: https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_man_identities.html

NEW QUESTION 19
Which two probes must be enabled for the ARP cache to function in the Cisco ISE profiling service so that a user can reliably bind the IP addresses and MAC addresses of endpoints? (Choose two.)

• A. SNMP
• B. HTTP
• C. RADIUS
• D. DHCP
• E. NetFlow

Answer: CD

Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_010100.html

NEW QUESTION 20
Which statement about configuring certificates for BYOD is true?

• A. The SAN field is populated with the end user name.
• B. The CN field is populated with the endpoint host name.
• C. An endpoint certificate is mandatory for the Cisco ISE BYOD.
• D. An Android endpoint uses EST, whereas other operating systems use SCEP for enrollment.

Answer: C

NEW QUESTION 21
Which port does Cisco ISE use for native supplicant provisioning of a Windows laptop?

• A. TCP 8905
• B. TCP 8909
• C. TCP 443
• D. UDP 1812

Answer: B

Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_010101.html

NEW QUESTION 22
......