Get 300-715 Products Practice Material for 300-715 Exam Question Preparation
Most Reliable Cisco 300-715 Training Materials
NEW QUESTION # 119
Which advanced option within a WLAN must be enabled to trigger Central Web Authentication for Wireless users on AireOS controller?
- A. DHCP server
- B. AAA override
- C. static IP tunneling
- D. override Interface ACL
Answer: B
NEW QUESTION # 120
An engineer is implementing Cisco ISE and needs to configure 802.1X. The port settings are configured for port-based authentication. Which command should be used to complete this configuration?
- A. dot1x pae authenticator
- B. aaa authentication dot1x default group radius
- C. dot1x system-auth-control
- D. authentication port-control auto
Answer: C
Explanation:
Explanation
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/31sg/configuration/guide/conf/dot1x.
NEW QUESTION # 121
Which two default endpoint identity groups does Cisco ISE create? (Choose two )
- A. profiled
- B. unknown
- C. block list
- D. allow list
- E. endpoint
Answer: A,B
Explanation:
Explanation
https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide Default Endpoint Identity Groups Created for EndpointsCisco ISE creates the following five endpoint identity groups by default: Blacklist, GuestEndpoints, Profiled, RegisteredDevices, and Unknown. In addition, it creates two more identity groups, such as Cisco-IP-Phone and Workstation, which are associated to the Profiled (parent) identity group. A parent group is the default identity group that exists in the system.
Cisco ISE creates the following endpoint identity groups:
* Blacklist-This endpoint identity group includes endpoints that are statically assigned to this group in Cisco ISE and endpoints that are block listed in the device registration portal. An authorization profile can be defined in Cisco ISE to permit, or deny network access to endpoints in this group.
* GuestEndpoints-This endpoint identity group includes endpoints that are used by guest users.
* Profiled-This endpoint identity group includes endpoints that match endpoint profiling policies except Cisco IP phones and workstations in Cisco ISE.
* RegisteredDevices-This endpoint identity group includes endpoints, which are registered devices that are added by an employee through the devices registration portal. The profiling service continues to profile these devices normally when they are assigned to this group. Endpoints are statically assigned to this group in Cisco ISE, and the profiling service cannot reassign them to any other identity group.
* These devices will appear like any other endpoint in the endpoints list. You can edit, delete, and block these devices that you added through the device registration portal from the endpoints list in the Endpoints page in Cisco ISE. Devices that you have blocked in the device registration portal are assigned to the Blacklist endpoint identity group, and an authorization profile that exists in Cisco ISE redirects blocked devices to a URL, which displays "Unauthorised Network Access", a default portal page to the blocked devices.
* Unknown-This endpoint identity group includes endpoints that do not match any profile in Cisco ISE.
In addition to the above system created endpoint identity groups, Cisco ISE creates the following endpoint identity groups, which are associated to the Profiled identity group:
* Cisco-IP-Phone-An identity group that contains all the profiled Cisco IP phones on your network.
* Workstation-An identity group that contains all the profiled workstations on your network.
NEW QUESTION # 122
What is a requirement for Feed Service to work?
- A. Cisco ISE has a base license.
- B. Cisco ISE has access to an internal server to download feed update
- C. TCP port 3080 must be opened between Cisco ISE and the feed server
- D. Cisco ISE has Internet access to download feed update
Answer: A
NEW QUESTION # 123
Which permission is common to the Active Directory Join and Leave operations?
- A. Search Active Directory to see if a Cisco ISE machine account already ex.sts.
- B. Create a Cisco ISE machine account in the domain if the machine account does not already exist
- C. Set attributes on the Cisco ISE machine account
- D. Remove the Cisco ISE machine account from the domain.
Answer: A
Explanation:
Explanation
https://www.cisco.com/c/en/us/td/docs/security/ise/2-0/ise_active_directory_integration/b_ISE_AD_integration_
NEW QUESTION # 124
An engineer is using Cisco ISE and configuring guest services to allow wireless devices to access the network.
Which action should accomplish this task?
- A. Create the redirect ACL on Cisco ISE and add it to the WLC policy
- B. Create the redirect ACL on the WLC and add it to the Cisco ISE policy.
- C. Create the redirect ACL on Cisco ISE and add it to the Cisco ISE Policy
- D. Create the redirect ACL on the WLC and add it to the WLC policy
Answer: B
NEW QUESTION # 125
Which two default endpoint identity groups does Cisco ISE create? (Choose two )
- A. profiled
- B. unknown
- C. block list
- D. allow list
- E. endpoint
Answer: A,B
Explanation:
Explanation
https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide Default Endpoint Identity Groups Created for EndpointsCisco ISE creates the following five endpoint identity groups by default: Blacklist, GuestEndpoints, Profiled, RegisteredDevices, and Unknown. In addition, it creates two more identity groups, such as Cisco-IP-Phone and Workstation, which are associated to the Profiled (parent) identity group. A parent group is the default identity group that exists in the system.
Cisco ISE creates the following endpoint identity groups:
* Blacklist-This endpoint identity group includes endpoints that are statically assigned to this group in Cisco ISE and endpoints that are block listed in the device registration portal. An authorization profile can be defined in Cisco ISE to permit, or deny network access to endpoints in this group.
* GuestEndpoints-This endpoint identity group includes endpoints that are used by guest users.
* Profiled-This endpoint identity group includes endpoints that match endpoint profiling policies except Cisco IP phones and workstations in Cisco ISE.
* RegisteredDevices-This endpoint identity group includes endpoints, which are registered devices that are added by an employee through the devices registration portal. The profiling service continues to profile these devices normally when they are assigned to this group. Endpoints are statically assigned to this group in Cisco ISE, and the profiling service cannot reassign them to any other identity group.
These devices will appear like any other endpoint in the endpoints list. You can edit, delete, and block these devices that you added through the device registration portal from the endpoints list in the Endpoints page in Cisco ISE. Devices that you have blocked in the device registration portal are
* assigned to the Blacklist endpoint identity group, and an authorization profile that exists in Cisco ISE redirects blocked devices to a URL, which displays "Unauthorised Network Access", a default portal page to the blocked devices.
* Unknown-This endpoint identity group includes endpoints that do not match any profile in Cisco ISE.
In addition to the above system created endpoint identity groups, Cisco ISE creates the following endpoint identity groups, which are associated to the Profiled identity group:
* Cisco-IP-Phone-An identity group that contains all the profiled Cisco IP phones on your network.
* Workstation-An identity group that contains all the profiled workstations on your network.
NEW QUESTION # 126
Which portal is used to customize the settings for a user to log in and download the compliance module?
- A. Client Profiling
- B. Client Provisioning
- C. Client Endpoint
- D. Client Guest
Answer: B
Explanation:
Section: Endpoint Compliance
NEW QUESTION # 127
Which three default endpoint identity groups does cisco ISE create? (Choose three )
- A. whitelist
- B. profiled
- C. end point
- D. Unknown
- E. blacklist
Answer: B,D,E
Explanation:
Explanation
Default Endpoint Identity Groups Created for EndpointsCisco ISE creates the following five endpoint identity groups by default: Blacklist, GuestEndpoints, Profiled, RegisteredDevices, and Unknown. In addition, it creates two more identity groups, such as Cisco-IP-Phone and Workstation, which are associated to the Profiled (parent) identity group. A parent group is the default identity group that exists in the system.
https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ise_admin_guide_24/b_ise_admin_guide
NEW QUESTION # 128
Which term refers to an endpoint agent that tries to join an 802 1X-enabled network?
- A. authenticator
- B. EAP server
- C. supplicant
- D. client
Answer: C
Explanation:
Reference:
https://www.oreilly.com/library/view/cisco-ise-for/9780133103632/ch16.html#:~:text=What%20is%20a%20supplicant%3F,networks%2C%20both%20wired%20and%20wireless.&text=The%20802.1X%20transactions%20are,Identity%20Services%20Engine%20(ISE).
NEW QUESTION # 129
A network administrator is configuring a secondary cisco ISE node from the backup configuration of the primary cisco ISE node to create a high availability pair The Cisco ISE CA certificates and keys must be manually backed up from the primary Cisco ISE and copied into the secondary Cisco ISE Which command most be issued for this to work?
- A. copy certificate Ise
- B. application configure Ise
- C. Import certificate Ise
- D. certificate configure Ise
Answer: B
Explanation:
https://community.cisco.com/t5/network-access-control/ise-certificate-import-export/m-p/3847746
NEW QUESTION # 130
What is a characteristic of the UDP protocol?
- A. UDP offers best-effort delivery.
- B. UDP can detect when a server is slow.
- C. UDP offers information about a non-existent server.
- D. UDP can detect when a server is down.
Answer: A
Explanation:
Section: Network Access Device Administration
Explanation/Reference:
NEW QUESTION # 131
Refer to the exhibit:
Which command is typed within the CU of a switch to view the troubleshooting output?
- A. show authentication sessions mac 000e.84af.59af details
- B. show authentication interface gigabitethemet2/0/36
- C. show authentication sessions method
- D. show authentication registrations
Answer: A
NEW QUESTION # 132
Which two default endpoint identity groups does cisco ISE create? (Choose two )
- A. whitelist
- B. profiled
- C. end point
- D. Unknown
- E. blacklist
Answer: B,E
Explanation:
Explanation
Default Endpoint Identity Groups Created for EndpointsCisco ISE creates the following five endpoint identity groups by default: Blacklist, GuestEndpoints, Profiled, RegisteredDevices, and Unknown. In addition, it creates two more identity groups, such as Cisco-IP-Phone and Workstation, which are associated to the Profiled (parent) identity group. A parent group is the default identity group that exists in the system.
https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ise_admin_guide_24/b_ise_admin_guide
NEW QUESTION # 133
Refer to the exhibit.
A network engineers configuring the switch to accept downloadable ACLs from a Cisco ISC server Which two commands should be run to complete the configuration? (Choose two)
- A. radius-server attribute 8 include-in-access-req
- B. ip device tracking
- C. aaa authorization auth-proxy default group radius
- D. dot1x system-auth-control
- E. radius server vsa sand authentication
Answer: A,E
NEW QUESTION # 134
When creating a policy within Cisco ISE for network access control, the administrator wants to allow different access restrictions based upon the wireless SSID to which the device is connecting. Which policy condition must be used in order to accomplish this?
- A. Network Access NetworkDeviceName CONTAINS <SSID Name>
- B. Airespace Airespace-Wlan-ld CONTAINS <SSID Name>
- C. Radius Called-Station-ID CONTAINS <SSID Name>
- D. DEVICE Device Type CONTAINS <SSID Name>
Answer: C
Explanation:
Explanation
https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115734-ise-policies-ssid-00.ht
NEW QUESTION # 135
An administrator for a small network is configuring Cisco ISE to provide dynamic network access to users. Management needs Cisco ISE to not automatically trigger a CoA whenever a profile change is detected. Instead, the administrator needs to verify the new profile and manually trigger a CoA.
What must be configuring in the profiler to accomplish this goal?
- A. Port Bounce
- B. Reauth
- C. Session Query
- D. No CoA
Answer: D
Explanation:
https://ciscocustomer.lookbookhq.com/iseguidedjourney/ISE-profiling-policies
NEW QUESTION # 136
An engineer has been tasked with standing up a new guest portal for customers that are waiting in the lobby. There is a requirement to allow guests to use their social media logins to access the guest network to appeal to more customers What must be done to accomplish this task?
- A. Create a self-registered guest portal and enable the feature for social media logins
- B. Create a sponsored guest portal and enable social media in the external identity sources.
- C. Create a sponsor portal to allow guests to create accounts using their social media logins.
- D. Create a hotspot portal and enable social media login for network access
Answer: A
NEW QUESTION # 137
......
LATEST 300-715 Exam Practice Material: https://freetorrent.pdfdumps.com/300-715-valid-exam.html