Summer Limited Time 55% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 1271b8m643

300-715 Exam Dumps - Implementing and Configuring Cisco Identity Services Engine (SISE)

Question # 4

A Cisco ISE administrator must restrict specific endpoints from accessing the network while in closed mode. The requirement is to have Cisco ISE centrally store the endpoints to restrict access from. What must be done to accomplish this task''

A.

Add each MAC address manually to a blocklist identity group and create a policy denying access

B.

Create a logical profile for each device's profile policy and block that via authorization policies.

C.

Create a profiling policy for each endpoint with the cdpCacheDeviceld attribute.

D.

Add each IP address to a policy denying access.

Full Access
Question # 5

What is a characteristic of the UDP protocol?

A.

UDP can detect when a server is down.

B.

UDP offers best-effort delivery

C.

UDP can detect when a server is slow

D.

UDP offers information about a non-existent server

Full Access
Question # 6

If a user reports a device lost or stolen, which portal should be used to prevent the device from accessing the network while still providing information about why the device is blocked?

A.

Client Provisioning

B.

Guest

C.

BYOD

D.

Blacklist

Full Access
Question # 7

Drag the descriptions on the left onto the components of 802.1X on the right.

Full Access
Question # 8

Which two features must be used on Cisco ISE to enable the TACACS. feature? (Choose two)

A.

Device Administration License

B.

Server Sequence

C.

Command Sets

D.

Enable Device Admin Service

E.

External TACACS Servers

Full Access
Question # 9

Which two responses from the RADIUS server to NAS are valid during the authentication process? (Choose two)

A.

access-response

B.

access-request

C.

access-reserved

D.

access-accept

E.

access-challenge

Full Access
Question # 10

An engineer has been tasked with standing up a new guest portal for customers that are waiting in the lobby. There is a requirement to allow guests to use their social media logins to access the guest network to appeal to more customers What must be done to accomplish this task?

A.

Create a sponsor portal to allow guests to create accounts using their social media logins.

B.

Create a sponsored guest portal and enable social media in the external identity sources.

C.

Create a self-registered guest portal and enable the feature for social media logins

D.

Create a hotspot portal and enable social media login for network access

Full Access
Question # 11

What gives Cisco ISE an option to scan endpoints for vulnerabilities?

A.

authorization policy

B.

authentication policy

C.

authentication profile

D.

authorization profile

Full Access
Question # 12

A network engineer is configuring Cisco TrustSec and needs to ensure that the Security Group Tag is being transmitted between two devices Where in the Layer 2 frame should this be verified?

A.

CMD filed

B.

802.1Q filed

C.

Payload

D.

802.1 AE header

Full Access
Question # 13

What is the minimum certainty factor when creating a profiler policy?

A.

the minimum number that a predefined condition provides

B.

the maximum number that a predefined condition provides

C.

the minimum number that a device certainty factor must reach to become a member of the profile

D.

the maximum number that a device certainty factor must reach to become a member of the profile

Full Access
Question # 14

Which two methods should a sponsor select to create bulk guest accounts from the sponsor portal? (Choose two )

A.

Random

B.

Monthly

C.

Daily

D.

Imported

E.

Known

Full Access
Question # 15

Select and Place

Full Access
Question # 16

Which two external identity stores support EAP-TLS and PEAP-TLS? (Choose two.)

A.

Active Directory

B.

RADIUS Token

C.

Internal Database

D.

RSA SecurlD

E.

LDAP

Full Access
Question # 17

An engineer is configuring sponsored guest access and needs to limit each sponsored guest to a maximum of two devices. There are other guest services in production that rely on the default guest types. How should this configuration change be made without disrupting the other guest services currently offering three or more guest devices per user?

A.

Create an ISE identity group to add users to and limit the number of logins via the group configuration.

B.

Create a new guest type and set the maximum number of devices sponsored guests can register

C.

Create an LDAP login for each guest and tag that in the guest portal for authentication.

D.

Create a new sponsor group and adjust the settings to limit the devices for each guest.

Full Access
Question # 18

An engineer is configuring a virtual Cisco ISE deployment and needs each persona to be on a different node. Which persona should be configured with the largest amount of storage in this environment?

A.

policy Services

B.

Primary Administration

C.

Monitoring and Troubleshooting

D.

Platform Exchange Grid

Full Access
Question # 19

There are several devices on a network that are considered critical and need to be placed into the ISE database and a policy used for them. The organization does not want to use profiling. What must be done to accomplish this goal?

A.

Enter the MAC address in the correct Endpoint Identity Group.

B.

Enter the MAC address in the correct Logical Profile.

C.

Enter the IP address in the correct Logical Profile.

D.

Enter the IP address in the correct Endpoint Identity Group.

Full Access
Question # 20

An engineer is configuring Cisco ISE policies to support MAB for devices that do not have 802.1X capabilities. The engineer is configuring new endpoint identity groups as conditions to be used in the AuthZ policies, but noticed that the endpoints are not hitting the correct policies. What must be done in order to get the devices into the right policies?

A.

Manually add the MAC addresses of the devices to endpoint ID groups in the context visibility database.

B.

Create an AuthZ policy to identify Unknown devices and provide partial network access prior to profiling.

C.

Add an identity policy to dynamically add the IP address of the devices to their endpoint identity groups.

D.

Identify the non 802.1 * supported device types and create custom profiles for them to profile into.

Full Access
Question # 21

An employee must access the internet through the corporate network from a new mobile device that does not support native supplicant provisioning provided by Cisco ISE. Which portal must the employee use to provision to the device?

A.

BYOD

B.

Personal Device

C.

My Devices

D.

Client Provisioning

Full Access
Question # 22

Which term refers to an endpoint agent that tries to join an 802 1X-enabled network?

A.

EAP server

B.

supplicant

C.

client

D.

authenticator

Full Access
Question # 23

What is needed to configure wireless guest access on the network?

A.

endpoint already profiled in ISE

B.

WEBAUTH ACL for redirection

C.

valid user account in Active Directory

D.

Captive Portal Bypass turned on

Full Access
Question # 24

What are two components of the posture requirement when configuring Cisco ISE posture? (Choose two)

A.

updates

B.

remediation actions

C.

Client Provisioning portal

D.

conditions

E.

access policy

Full Access
Question # 25

Which use case validates a change of authorization?

A.

An authenticated, wired EAP-capable endpoint is discovered

B.

An endpoint profiling policy is changed for authorization policy.

C.

An endpoint that is disconnected from the network is discovered

D.

Endpoints are created through device registration for the guests

Full Access
Question # 26

What must be configured on the Cisco ISE authentication policy for unknown MAC addresses/identities for successful authentication?

A.

pass

B.

reject

C.

drop

D.

continue

Full Access
Question # 27

Which port does Cisco ISE use for native supplicant provisioning of a Windows laptop?

A.

TCP 8909

B.

TCP 8905

C.

UDP 1812

D.

TCP 443

Full Access
Question # 28

Which protocol must be allowed for a BYOD device to access the BYOD portal?

A.

HTTP

B.

SMTP

C.

HTTPS

D.

SSH

Full Access