Breathing Cisco 300-715 Brain Dumps Online

NEW QUESTION 1
What is a method for transporting security group tags throughout the network?

• A. by embedding the security group tag in the 802.1Q header
• B. by the Security Group Tag Exchange Protocol
• C. by enabling 802.1AE on every network device
• D. by embedding the security group tag in the IP header

Answer: B

NEW QUESTION 2
What is the minimum certainty factor when creating a profiler policy?

• A. the minimum number that a predefined condition provides
• B. the maximum number that a predefined condition provides
• C. the minimum number that a device certainty factor must reach to become a member of the profile
• D. the maximum number that a device certainty factor must reach to become a member of the profile

Answer: C

NEW QUESTION 3
What are two requirements of generating a single certificate in Cisco ISE by using a certificate provisioning portal, without generating a certificate signing request? (Choose two.)

• A. Enter the IP address of the device.
• B. Enter the common name.
• C. Choose the hashing method.
• D. Locate the CSV file for the device MAC.
• E. Select the certificate template.

Answer: BE

Explanation:
Reference: https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/200534-ISE-2-0-Certificate-Provisioning-Portal.html

NEW QUESTION 4
What is a requirement for Feed Service to work?

• A. TCP port 8080 must be opened between Cisco ISE and the feed server.
• B. Cisco ISE has access to an internal server to download feed update.
• C. Cisco ISE has a base license.
• D. Cisco ISE has Internet access to download feed update.

Answer: B

NEW QUESTION 5
What is a valid guest portal type?

• A. Sponsor
• B. Sponsored-Guest
• C. Captive-Guest
• D. My Devices

Answer: B

Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/ise/1-3/admin_guide/b_ise_admin_guide_13/b_ise_admin_guide_sample_chapter_01111.html

NEW QUESTION 6
Which default endpoint identity group does an endpoint that does not match any profile in Cisco ISE become a member of?

• A. blacklist
• B. unknown
• C. whitelist
• D. profiled
• E. endpoint

Answer: B

Explanation:
Reference: https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_man_identities.html

NEW QUESTION 7
DRAG DROP
Drag the steps to configure a Cisco ISE node as a primary administration node from the left into the correct order on the right.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Reference: https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_dis_deploy.html

NEW QUESTION 8
What does the dot1x system-auth-control command do?

• A. globally enables 802.1x
• B. causes a network access switch not to track 802.1x sessions
• C. enables 802.1x on a network access device interface
• D. causes a network access switch to track 802.1x sessions

Answer: A

Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/XE3-8-0E/15-24E/configuration/guide/xe-380-configuration/dot1x.html

NEW QUESTION 9
What must match between Cisco ISE and the network access device to successfully authenticate endpoints?

• A. shared secret
• B. profile
• C. certificate
• D. SNMP version

Answer: A

Explanation:
Reference: https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_man_network_devices.html

NEW QUESTION 10
What gives Cisco ISE an option to scan endpoints for vulnerabilities?

• A. authentication policy
• B. authorization profile
• C. authentication profile
• D. authorization policy

Answer: B

Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/admin_guide/b_ise_admin_guide_22/b_ise_admin_guide_22_chapter_010100.html

NEW QUESTION 11
Which protocol must be allowed for a BYOD device to access the BYOD portal?

• A. HTTPS
• B. HTTP
• C. SSH
• D. SMTP

Answer: A

NEW QUESTION 12
Which two task types are included in the Cisco ISE common tasks support for TACACS+ profiles? (Choose two.)

• A. ASA
• B. Firepower
• C. Shell
• D. WLC
• E. IOS

Answer: CD

Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/ise/2--1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_0100010.html

NEW QUESTION 13
Which port does Cisco ISE use for native supplicant provisioning of a Windows laptop?

• A. TCP 8905
• B. TCP 8909
• C. TCP 443
• D. UDP 1812

Answer: B

Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_010101.html

NEW QUESTION 14
A network administrator has just added a front desk receptionist account to the Cisco ISE Guest Service sponsor group. Using the Cisco ISE Guest Sponsor Portal, which guest services can the receptionist provide?

• A. Keep track of guest user activities.
• B. Create and manage guest user accounts.
• C. Configure authorization settings for guest users.
• D. Authenticate guest users to Cisco ISE.

Answer: B

NEW QUESTION 15
Which Cisco ISE service allows an engineer to check the compliance of endpoints before connecting to the network?

• A. qualys
• B. posture
• C. personas
• D. nexpose

Answer: B

NEW QUESTION 16
Which configuration is required in the Cisco ISE authentication policy to allow Central Web Authentication?

• A. MAB and if user not found, continue
• B. MAB and if authentication failed, continue
• C. Dot1x and if authentication failed, continue
• D. Dot1x and if user not found, continue

Answer: A

NEW QUESTION 17
Which three default endpoint identity groups does Cisco ISE create? (Choose three.)

• A. endpoint
• B. unknown
• C. blacklist
• D. profiled
• E. whitelist

Answer: BCD

Explanation:
Reference: https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_man_identities.html#wp1203054

NEW QUESTION 18
What is needed to configure wireless guest access on the network?

• A. endpoint already profiled in ISE
• B. WEBAUTH ACL for redirection
• C. Captive Portal Bypass turned on
• D. valid user account in Active Directory

Answer: C

NEW QUESTION 19
Which two ports do network devices typically use for CoA? (Choose two.)

• A. 19005
• B. 443
• C. 3799
• D. 8080
• E. 1700

Answer: CE

Explanation:
Reference: https://documentation.meraki.com/MR/Encryption_and_Authentication/Change_of_Authorization_with_RADIUS_(CoA)_on_MR_Access_Points

NEW QUESTION 20
Which two probes must be enabled for the ARP cache to function in the Cisco ISE profiling service so that a user can reliably bind the IP addresses and MAC addresses of endpoints? (Choose two.)

• A. SNMP
• B. HTTP
• C. RADIUS
• D. DHCP
• E. NetFlow

Answer: CD

Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_010100.html

NEW QUESTION 21
Which two fields are available when creating an endpoint on the context visibility page of Cisco ISE? (Choose two.)

• A. Security Group Tag
• B. Endpoint Family
• C. Policy Assignment
• D. Identity Group Assignment
• E. IP Address

Answer: CD

Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/admin_guide/b_ise_admin_guide_22/b_ise_admin_guide_22_chapter_010101.html

NEW QUESTION 22
Which personas can a Cisco ISE node assume?

• A. policy service, gatekeeping, and monitoring
• B. administration, monitoring, and gatekeeping
• C. administration, policy service, and monitoring
• D. administration, policy service, gatekeeping

Answer: C

Explanation:
Reference: https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_dis_deploy.html

NEW QUESTION 23
......