[Jun 07, 2024] 300-715 PDF Recently Updated Questions Dumps to Improve Exam Score 300-715 Dumps Full Questions with Free PDF Questions to Pass NEW QUESTION # 41 Which statement about configuring certificates for BYOD is true? A. An endpoint certificate is mandatory for the Cisco ISE BYOD. B. The CN field is populated with the endpoint host name. C. The SAN field is populated with the end user name. [...]

All Products Contact now

[Jun 07, 2024] 300-715 PDF Recently Updated Questions Dumps to Improve Exam Score [Q41-Q61]

Share

[Jun 07, 2024] 300-715 PDF Recently Updated Questions Dumps to Improve Exam Score

300-715 Dumps Full Questions with Free PDF Questions to Pass

NEW QUESTION # 41
Which statement about configuring certificates for BYOD is true?

  • A. An endpoint certificate is mandatory for the Cisco ISE BYOD.
  • B. The CN field is populated with the endpoint host name.
  • C. The SAN field is populated with the end user name.
  • D. An Android endpoint uses EST, whereas other operating systems use SCEP for enrollment.

Answer: A

Explanation:
Section: BYOD


NEW QUESTION # 42
What are two requirements of generating a single signing in Cisco ISE by using a certificate provisioning portal, without generating a certificate request? (Choose two )

  • A. Choose the hashing method
  • B. Enter the IP address of the device
  • C. Enter the common name
  • D. Location the CSV file for the device MAC
  • E. Select the certificate template

Answer: C,E

Explanation:
Reference:
https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/200534-ISE-2-0-Certificate-Provisioning-Portal.html


NEW QUESTION # 43
What is the minimum certainty factor when creating a profiler policy?

  • A. the maximum number that a predefined condition provides
  • B. the minimum number that a device certainty factor must reach to become a member of the profile
  • C. the maximum number that a device certainty factor must reach to become a member of the profile
  • D. the minimum number that a predefined condition provides

Answer: A


NEW QUESTION # 44
Which two task types are included in the Cisco ISE common tasks support for TACACS+ profiles?
(Choose two.)

  • A. WLC
  • B. Firepower
  • C. ASA
  • D. IOS
  • E. Shell

Answer: A,E

Explanation:
Explanation
https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide TACACS+ ProfileTACACS+ profiles control the initial login session of the device administrator. A session refers to each individual authentication, authorization, or accounting request. A session authorization request to a network device elicits an ISE response. The response includes a token that is interpreted by the network device, which limits the commands that may be executed for the duration of a session. The authorization policy for a device administration access service can contain a single shell profile and multiple command sets.
The TACACS+ profile definitions are split into two components:
* Common tasks
* Custom attributes
There are two views in the TACACS+ Profiles page (Work Centers > Device Administration > Policy Elements > Results > TACACS Profiles)-Task Attribute View and Raw View. Common tasks can be entered using the Task Attribute View and custom attributes can be created in the Task Attribute View as well as the Raw View.
The Common Tasks section allows you to select and configure the frequently used attributes for a profile. The attributes that are included here are those defined by the TACACS+ protocol draft specifications. However, the values can be used in the authorization of requests from other services. In the Task Attribute View, the ISE administrator can set the privileges that will be assigned to the device administrator. The common task types are:
* Shell
* WLC
* Nexus
* Generic
The Custom Attributes section allows you to configure additional attributes. It provides a list of attributes that are not recognized by the Common Tasks section. Each definition consists of the attribute name, an indication of whether the attribute is mandatory or optional, and the value for the attribute. In the Raw View, you can enter the mandatory attributes using a equal to (=) sign between the attribute name and its value and optional attributes are entered using an asterisk (*) between the attribute name and its value. The attributes entered in the Raw View are reflected in the Custom Attributes section in the Task Attribute View and vice versa. The Raw View is also used to copy paste the attribute list (for example, another product's attribute list) from the clipboard onto ISE. Custom attributes can be defined for nonshell services.


NEW QUESTION # 45
If there is a firewall between Cisco ISE and an Active Directory external identity store, which port does not need to be open?

  • A. UDP123
  • B. TCP 21
  • C. TCP 88
  • D. UDP/TCP 389
  • E. TCP 445

Answer: B


NEW QUESTION # 46
Refer to the exhibit.

An engineer is configuring a client but cannot authenticate to Cisco ISE During troubleshooting, the show authentication sessions command was issued to display the authentication status of each port Which command gives additional information to help identify the problem with the authentication?

  • A. show authentication sessions output
  • B. show authentication sessions interface Gi1/0/1 details
  • C. show authentication sessions
  • D. show authentication sessions Interface Gil/0/1 output

Answer: B


NEW QUESTION # 47
Which default endpoint identity group does an endpoint that does not match any profile in Cisco ISE become a member of?

  • A. endpoint
  • B. blacklist
  • C. profiled
  • D. whitelist
  • E. unknown

Answer: E

Explanation:
Section: Profiler
Explanation/Reference: https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_man_identities.html


NEW QUESTION # 48
What must match between Cisco ISE and the network access device to successfully authenticate endpoints?

  • A. certificate
  • B. SNMP version
  • C. profile
  • D. shared secret

Answer: D

Explanation:
Explanation
https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_man_network_devices.html


NEW QUESTION # 49
An engineer is configuring 802.1X and is testing out their policy sets. After authentication, some endpoints are given an access-reject message but are still allowed onto the network. What is causing this issue to occur?

  • A. The switch port is configured with authentication event server dead action authorize vlan.
  • B. The authorization results for the endpoints include a dACL allowing access.
  • C. The authorization results for the endpoints include the Trusted security group tag.
  • D. The switch port is configured with authentication open.

Answer: D


NEW QUESTION # 50
An engineer is configuring sponsored guest access and needs to limit each sponsored guest to a maximum of two devices. There are other guest services in production that rely on the default guest types. How should this configuration change be made without disrupting the other guest services currently offering three or more guest devices per user?

  • A. Create an LDAP login for each guest and tag that in the guest portal for authentication.
  • B. Create a new sponsor group and adjust the settings to limit the devices for each guest.
  • C. Create a new guest type and set the maximum number of devices sponsored guests can register
  • D. Create an ISE identity group to add users to and limit the number of logins via the group configuration.

Answer: B


NEW QUESTION # 51
An administrator needs to give the same level of access to the network devices when users are logging into them using TACACS+ However, the administrator must restrict certain commands based on one of three user roles that require different commands How is this accomplished without creating too many objects using Cisco ISE?

  • A. Create one shell profile and one command set.
  • B. Create multiple shell profiles and multiple command sets.
  • C. Create multiple shell profiles and one command set
  • D. Create one shell profile and multiple command sets.

Answer: B

Explanation:
Explanation
https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_g
https://www.youtube.com/watch?v=IlZwB71Szog ab_channel=JasonMaynard


NEW QUESTION # 52
A network engineer must enforce access control using special tags, without re-engineering the network design. Which feature should be configured to achieve this in a scalable manner?

  • A. VLAN
  • B. RBAC
  • C. dACL
  • D. SGT

Answer: D


NEW QUESTION # 53
Which two default endpoint identity groups does Cisco ISE create? (Choose two )

  • A. endpoint
  • B. block list
  • C. unknown
  • D. profiled
  • E. allow list

Answer: C,D

Explanation:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_010100.html Default Endpoint Identity Groups Created for Endpoints Cisco ISE creates the following five endpoint identity groups by default: Blacklist, GuestEndpoints, Profiled, RegisteredDevices, and Unknown. In addition, it creates two more identity groups, such as Cisco-IP-Phone and Workstation, which are associated to the Profiled (parent) identity group. A parent group is the default identity group that exists in the system.
Cisco ISE creates the following endpoint identity groups:
Blacklist-This endpoint identity group includes endpoints that are statically assigned to this group in Cisco ISE and endpoints that are block listed in the device registration portal. An authorization profile can be defined in Cisco ISE to permit, or deny network access to endpoints in this group.
GuestEndpoints-This endpoint identity group includes endpoints that are used by guest users.
Profiled-This endpoint identity group includes endpoints that match endpoint profiling policies except Cisco IP phones and workstations in Cisco ISE.
RegisteredDevices-This endpoint identity group includes endpoints, which are registered devices that are added by an employee through the devices registration portal. The profiling service continues to profile these devices normally when they are assigned to this group. Endpoints are statically assigned to this group in Cisco ISE, and the profiling service cannot reassign them to any other identity group. These devices will appear like any other endpoint in the endpoints list. You can edit, delete, and block these devices that you added through the device registration portal from the endpoints list in the Endpoints page in Cisco ISE. Devices that you have blocked in the device registration portal are assigned to the Blacklist endpoint identity group, and an authorization profile that exists in Cisco ISE redirects blocked devices to a URL, which displays "Unauthorised Network Access", a default portal page to the blocked devices.
Unknown-This endpoint identity group includes endpoints that do not match any profile in Cisco ISE.
In addition to the above system created endpoint identity groups, Cisco ISE creates the following endpoint identity groups, which are associated to the Profiled identity group:
Cisco-IP-Phone-An identity group that contains all the profiled Cisco IP phones on your network.
Workstation-An identity group that contains all the profiled workstations on your network.


NEW QUESTION # 54
During a 802 1X deployment, an engineer must identify failed authentications without causing problems for the connected endpoint. Which command will successfully achieve this''

  • A. dot1x system-auth-control
  • B. authentication open
  • C. dot1x pae authenticator
  • D. authentication port-control auto

Answer: B


NEW QUESTION # 55
A network security engineer needs to configure 802.1X port authentication to allow a single host to be authenticated for data and another single host to be authenticated for voice. Which command should the engineer run on the interface to accomplish this goal?

  • A. authentication host-mode multi-host
  • B. authentication host-mode single-host
  • C. authentication host-mode multi-auth
  • D. authentication host-mode multi-domain

Answer: D


NEW QUESTION # 56
Which two features are available when the primary admin node is down and the secondary admin node has not been promoted? ()

  • A. guest AUP
  • B. hotspot
  • C. BYOD
  • D. new AD user 802 1X authentication
  • E. posture

Answer: A,B


NEW QUESTION # 57
Refer to the exhibit. In which scenario does this switch configuration apply?

  • A. when preventing users with hypervisor
  • B. when allowing multiple IP phones to be connected
  • C. when allowing a hub with multiple clients connected
  • D. when passing IP phone authentication

Answer: C

Explanation:
Reference:
https://www.linkedin.com/pulse/mac-authentication-bypass-priyanka-kumari#:~:text=Multi%2Dauthentication%20host%20mode%3A%20You,allows%20multiple%20source%20MAC%20addresses.


NEW QUESTION # 58
What is a characteristic of the UDP protocol?

  • A. UDP can detect when a server is slow.
  • B. UDP can detect when a server is down.
  • C. UDP offers best-effort delivery.
  • D. UDP offers information about a non-existent server.

Answer: C

Explanation:
Section: Network Access Device Administration
Explanation/Reference:


NEW QUESTION # 59
Which two values are compared by the binary comparison (unction in authentication that is based on Active Directory?

  • A. user-presented password hash and a hash stored in Active Directory
  • B. MS-CHAPv2 provided machine credentials and credentials stored in Active Directory
  • C. user-presented certificate and a certificate stored in Active Directory
  • D. subject alternative name and the common name

Answer: D

Explanation:
Basic certificate checking does not require an identity source. If you want binary comparison checking for the certificates, you must select an identity source. If you select Active Directory as an identity source, subject and common name and subject alternative name (all values) can be used to look up a user. https://www.cisco.com/c/en/us/td/docs/security/ise/1-3/admin_guide/b_ise_admin_guide_13/ b_ise_admin_guide_sample_chapter_01110.html


NEW QUESTION # 60
A network administrator is configuring a secondary cisco ISE node from the backup configuration of the primary cisco ISE node to create a high availability pair The Cisco ISE CA certificates and keys must be manually backed up from the primary Cisco ISE and copied into the secondary Cisco ISE Which command most be issued for this to work?

  • A. certificate configure Ise
  • B. copy certificate Ise
  • C. Import certificate Ise
  • D. application configure Ise

Answer: D

Explanation:
https://community.cisco.com/t5/network-access-control/ise-certificate-import-export/m-p/3847746


NEW QUESTION # 61
......

100% Updated Cisco 300-715 Enterprise PDF Dumps: https://freetorrent.braindumpsvce.com/300-715_exam-dumps-torrent.html

Related Articles

more
Cisco 300-715 Certification Practice Exam