Practice Exams:

Free 300-715 Exam Braindumps

Pass your Implementing and Configuring Cisco Identity Services Engine (SISE) exam with these free Questions and Answers

Page 2 of 48
PDF with 238 Questions
QUESTION 1

What is needed to configure wireless guest access on the network?

  1. A. endpoint already profiled in ISE
  2. B. WEBAUTH ACL for redirection
  3. C. valid user account in Active Directory
  4. D. Captive Portal Bypass turned on

Correct Answer: D

QUESTION 2

An administrator is configuring TACACS+ on a Cisco switch but cannot authenticate users with Cisco ISE. The configuration contains the correct key of Cisc039712287. but the switch is not receiving a response from the Cisco ISE instance What must be done to validate the AAA configuration and identify the problem with the TACACS+ servers?

  1. A. Check for server reachability using the test aaa group tacacs+ admin <key> legacy command.
  2. B. Test the user account on the server using the test aaa group radius server CUCS user admin pass legacy command.
  3. C. Validate that the key value is correct using the test aaa authentication admin legacy command.
  4. D. Conrm the authorization policies are correct using the test aaa authorization admin drop legacy command.

Correct Answer: A
https://medium.com/training-course-ccna-security-210-260/ccna-security-part-3-implementing-aaa-in-cisco-ios

QUESTION 3

Which three default endpoint identity groups does cisco ISE create? (Choose three)

  1. A. Unknown
  2. B. whitelist
  3. C. end point
  4. D. profiled
  5. E. blacklist

Correct Answer: ADE
Default Endpoint Identity Groups Created for Endpoints
Cisco ISE creates the following five endpoint identity groups by default: Blacklist, GuestEndpoints, Profiled, RegisteredDevices, and Unknown. In addition, it creates two more identity groups, such as Cisco-IP-Phone and Workstation, which are associated to the Profiled (parent) identity group. A parent group is the default identity group that exists in the system.
https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ise_admin_guide_24/b_ise_admin_guide

QUESTION 4

An engineer needs to configure a compliance policy on Cisco ISE to ensure that the latest encryption software is running on the C drive of all endpoints. Drag and drop the configuration steps from the left into the sequence on the right to accomplish this task.
300-715 dumps exhibit
Solution:
Diagram Description automatically generated

Does this meet the goal?

  1. A. Yes
  2. B. No

Correct Answer: A

QUESTION 5

Which two values are compared by the binary comparison (unction in authentication that is based on Active Directory?

  1. A. subject alternative name and the common name
  2. B. MS-CHAPv2 provided machine credentials and credentials stored in Active Directory
  3. C. user-presented password hash and a hash stored in Active Directory
  4. D. user-presented certificate and a certificate stored in Active Directory

Correct Answer: A
Basic certificate checking does not require an identity source. If you want binary comparison checking for the certificates, you must select an identity source. If you select Active Directory as an identity source, subject and common name and subject alternative name (all values) can be used to look up a user. https://www.cisco.com/c/en/us/td/docs/security/ise/1-3/admin_guide/b_ise_admin_guide_13/ b_ise_admin_guide_sample_chapter_01110.html

Page 2 of 48
PDF with 238 Questions

Post your Comments and Discuss Cisco 300-715 exam with other Community members: