Practice Exams:

Free 300-715 Exam Braindumps

Pass your Implementing and Configuring Cisco Identity Services Engine (SISE) exam with these free Questions and Answers

Page 9 of 48
PDF with 238 Questions
QUESTION 36

An organization has a fully distributed Cisco ISE deployment When implementing probes, an administrator must scan for unknown endpoints to learn the IP-to-MAC address bindings. The scan is complete on one FPSN. but the information is not available on the others. What must be done to make the information available?

  1. A. Scanning must be initiated from the PSN that last authenticated the endpoint
  2. B. Cisco ISE must learn the IP-MAC binding of unknown endpoints via DHCP profiling, not via scanning
  3. C. Scanning must be initiated from the MnT node to centrally gather the information
  4. D. Cisco ISE must be configured to learn the IP-MAC binding of unknown endpoints via RADIUS authentication, not via scanning

Correct Answer: B

QUESTION 37

Refer to the exhibit.
300-715 dumps exhibit
A network engineers configuring the switch to accept downloadable ACLs from a Cisco ISC server Which two commands should be run to complete the configuration? (Choose two)

  1. A. aaa authorization auth-proxy default group radius
  2. B. radius server vsa sand authentication
  3. C. radius-server attribute 8 include-in-access-req
  4. D. ip device tracking
  5. E. dot1x system-auth-control

Correct Answer: BC

QUESTION 38

An administrator is configuring the Native Supplicant Profile to be used with the Cisco ISE posture agents and needs to test the connection using wired devices to determine which profile settings are available. Which two configuration settings should be used to accomplish this task? (Choose two.)

  1. A. authentication mode
  2. B. proxy host/IP
  3. C. certificate template
  4. D. security
  5. E. allowed protocol

Correct Answer: CE

QUESTION 39

What must be configured on the WLC to configure Central Web Authentication using Cisco ISE and a WLC?

  1. A. Set the NAC State option to SNMP NAC.
  2. B. Set the NAC State option to RADIUS NAC.
  3. C. Use the radius-server vsa send authentication command.
  4. D. Use the ip access-group webauth in command.

Correct Answer: B

QUESTION 40

A laptop was stolen and a network engineer added it to the block list endpoint identity group What must be done on a new Cisco ISE deployment to redirect the laptop and restrict access?

  1. A. Select DenyAccess within the authorization policy.
  2. B. Ensure that access to port 8443 is allowed within the ACL.
  3. C. Ensure that access to port 8444 is allowed within the ACL.
  4. D. Select DROP under If Auth fail within the authentication policy.

Correct Answer: C
https://www.cisco.com/c/en/us/td/docs/security/ise/1-3/admin_guide/b_ise_admin_guide_13/b_ise_admin_guide

Page 9 of 48
PDF with 238 Questions

Post your Comments and Discuss Cisco 300-715 exam with other Community members: