100% Pass Top-selling 300-715 Exams - New 2021 Cisco Pratice Exam [Q85-Q107]

100% Pass Top-selling 300-715 Exams - New 2021 Cisco  Pratice Exam

CCNP Security Dumps 300-715 Exam for Full Questions - Exam Study Guide

NEW QUESTION 85
Which of these is not a method to obtain Cisco ISE profiling data?

• A. active scans
• B. DNS
• C. Netflow
• D. SNMP query
• E. HTTP
• F. RADIUS

Answer: A

 

NEW QUESTION 86
An engineer is designing a BYOD environment utilizing Cisco ISE for devices that do not support native supplicants Which portal must the security engineer configure to accomplish this task?

• A. MDM
• B. Client provisioning
• C. BYOD
• D. My devices

Answer: D

Explanation:
Reference:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/admin_guide/b_ise_admin_guide_22/b_ise_admin_guide_22_chapter_01111.html

 

NEW QUESTION 87
In a standalone Cisco ISE deployment, which two personas are configured on a node? (Choose two )

• A. administration
• B. subscriber
• C. primary
• D. publisher
• E. policy service

Answer: A,E

Explanation:
Reference:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-0/admin_guide/b_ise_admin_guide_20/b_ise_admin_guide_20_chapter_010.html

 

NEW QUESTION 88
Which term refers to an endpoint agent that tries to join an 802 1X-enabled network?

• A. EAP server
• B. authenticator
• C. client
• D. supplicant

Answer: B

 

NEW QUESTION 89
An administrator is adding network devices for a new medical building into Cisco ISE. These devices must be in a network device group that is identifying them as "Medical Switch" so that the policies can be made separately for the endpoints connecting through them. Which configuration item must be changed in the network device within Cisco ISE to accomplish this goal?

• A. Change the device location to Medical Switch.
• B. Change the device type to Medical Switch.
• C. Change the model name to Medical Switch.
• D. Change the device profile to Medical Switch.

Answer: B

 

NEW QUESTION 90
Which protocol must be allowed for a BYOD device to access the BYOD portal?

• A. SSH
• B. HTTPS
• C. HTTP
• D. SMTP

Answer: B

 

NEW QUESTION 91
A network administrator changed a Cisco ISE deployment from pilot to production and noticed that the JVM memory utilization increased significantly. The administrator suspects this is due to replication between the nodes What must be configured to minimize performance degradation?

• A. Ensure that Cisco ISE is updated with the latest profiler feed update
• B. Review the profiling policies for any misconfiguration
• C. Enable the endpoint attribute filter
• D. Change the reauthenticate interval.

Answer: C

Explanation:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/admin_guide/b_ise_admin_guide_23/b_ise_admin_guide_23_chapter_010111.html

 

NEW QUESTION 92
Which advanced option within a WLAN must be enabled to trigger Central Web Authentication for Wireless users on AireOS controller?

• A. AAA override
• B. override Interface ACL
• C. static IP tunneling
• D. DHCP server

Answer: A

Explanation:
Section: Web Auth and Guest Services
Explanation/Reference: https://www.cisco.com/c/en/us/td/docs/wireless/controller/7-4/configuration/guides/consolidated/ b_cg74_CONSOLIDATED/b_cg74_CONSOLIDATED_chapter_010110111.html

 

NEW QUESTION 93
An engineer is configuring 802.1X and wants it to be transparent from the users' point of view. The implementation should provide open authentication on the switch ports while providing strong levels of security for non-authenticated devices. Which deployment mode should be used to achieve this?

• A. closed
• B. high-impact
• C. open
• D. low-impact

Answer: D

Explanation:
Reference:
https://www.lookingpoint.com/blog/cisco-ise-wired-802.1x-deployment-monitormode#:~:text=Low%20impact%20mode%20works%20similar,DHCP%2C%20PXE%20boot%2C%20etc.

 

NEW QUESTION 94
What happens when an internal user is configured with an external identity store for authentication, but an engineer uses the Cisco ISE admin portal to select an internal identity store as the identity source?

• A. Authentication is granted.
• B. Authentication is redirected to the internal identity source.
• C. Authentication fails.
• D. Authentication is redirected to the external identity source.

Answer: C

 

NEW QUESTION 95
Refer to the exhibit:

Which command is typed within the CU of a switch to view the troubleshooting output?

• A. show authentication registrations
• B. show authentication sessions method
• C. show authentication sessions mac 000e.84af.59af details
• D. show authentication interface gigabitethemet2/0/36

Answer: C

 

NEW QUESTION 96
An engineer is configuring web authentication and needs to allow specific protocols to permit DNS traffic. Which type of access list should be used for this configuration?

• A. extended ACL
• B. reflexive ACL
• C. standard ACL
• D. numbered ACL

Answer: A

 

NEW QUESTION 97
Which supplicant(s) and server(s) are capable of supporting EAP-CHAINING?

• A. Cisco AnyConnect NAM and Cisco Access Control Server
• B. Cisco Secure Services Client and Cisco Access Control Server
• C. Cisco AnyConnect NAM and Cisco Identity Service Engine
• D. Windows Native Supplicant and Cisco Identity Service Engine

Answer: C

 

NEW QUESTION 98
Drag the Cisco ISE node types from the left onto the appropriate purposes on the right.

Answer:

Explanation:

Explanation

Monitoring = provides advanced monitoring and troubleshooting tools that you can use to effectively manage your network and resources Policy Service = provides network access, posture, guest access, client provisioning, and profiling services.
This persona evaluates the policies and makes all the decisions.
Administration = manages all system-related configuration and configurations that relate to functionality such as authentication, authorization, auditing, and so on pxGrid = shares context-sensitive information from Cisco ISE to subscribers
https://www.cisco.com/c/en/us/td/docs/security/ise/1-4/admin_guide/b_ise_admin_guide_14/b_ise_admin_guide

 

NEW QUESTION 99
Drag the steps to configure a Cisco ISE node as a primary administration node from the left into the correct order on the night.

Answer:

Explanation:

Explanation
https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ise_admin_guide_24/b_ise_admin_guide Step 1 Choose Administration > System > Deployment.
The Register button will be disabled initially. To enable this button, you must configure a Primary PAN.
Step 2
Check the check box next to the current node, and click Edit.
Step 3
Click Make Primary to configure your Primary PAN.
Step 4
Enter data on the General Settings
Step 5
Click Save to save the node configuration.

 

NEW QUESTION 100
Refer to the exhibit.

An organization recently implemented network device administration using Cisco ISE. Upon testing the ability to access all of the required devices, a user in the Cisco ISE group IT Admins is attempting to login to a device in their organization's finance department but is unable to. What is the problem?

• A. The finance location is not a condition in the policy set.
• B. The IT training rule is taking precedence over the IT Admins rule.
• C. The authorization policy doesn't correctly grant them access to the finance devices.
• D. The authorization conditions wrongly allow IT Admins group no access to finance devices.

Answer: C

 

NEW QUESTION 101
When planning for the deployment of Cisco ISE, an organization's security policy dictates that they must use network access authentication via RADIUS. It also states that the deployment provide an adequate amount of security and visibility for the hosts on the network. Why should the engineer configure MAB in this situation?

• A. The devices in the network do not have a supplicant.
• B. MAB provides the strongest form of authentication available.
• C. MAB provides user authentication.
• D. The Cisco switches only support MAB.

Answer: A

 

NEW QUESTION 102
Which two task types are included in the Cisco ISE common tasks support for TACACS+ profiles?
(Choose two.)

• A. Shell
• B. Firepower
• C. IOS
• D. ASA
• E. WLC

Answer: A,E

Explanation:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_0100010.html TACACS+ Profile TACACS+ profiles control the initial login session of the device administrator. A session refers to each individual authentication, authorization, or accounting request. A session authorization request to a network device elicits an ISE response. The response includes a token that is interpreted by the network device, which limits the commands that may be executed for the duration of a session. The authorization policy for a device administration access service can contain a single shell profile and multiple command sets. The TACACS+ profile definitions are split into two components:
Common tasks
Custom attributes
There are two views in the TACACS+ Profiles page (Work Centers > Device Administration > Policy Elements > Results > TACACS Profiles)-Task Attribute View and Raw View. Common tasks can be entered using the Task Attribute View and custom attributes can be created in the Task Attribute View as well as the Raw View.
The Common Tasks section allows you to select and configure the frequently used attributes for a profile. The attributes that are included here are those defined by the TACACS+ protocol draft specifications. However, the values can be used in the authorization of requests from other services. In the Task Attribute View, the ISE administrator can set the privileges that will be assigned to the device administrator. The common task types are:
Shell
WLC
Nexus
Generic
The Custom Attributes section allows you to configure additional attributes. It provides a list of attributes that are not recognized by the Common Tasks section. Each definition consists of the attribute name, an indication of whether the attribute is mandatory or optional, and the value for the attribute. In the Raw View, you can enter the mandatory attributes using a equal to (=) sign between the attribute name and its value and optional attributes are entered using an asterisk (*) between the attribute name and its value. The attributes entered in the Raw View are reflected in the Custom Attributes section in the Task Attribute View and vice versa. The Raw View is also used to copy paste the attribute list (for example, another product's attribute list) from the clipboard onto ISE. Custom attributes can be defined for nonshell services.

 

NEW QUESTION 103
An organization wants to standardize the 802 1X configuration on their switches and remove static ACLs on the switch ports while allowing Cisco ISE to communicate to the switch what access to provide What must be configured to accomplish this task?

• A. security group tag within the authorization policy
• B. port security on the switch based on the client's information
• C. extended access-list on the switch for the client
• D. dynamic access list within the authorization profile

Answer: A

Explanation:
https://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_sga_pol.html#

 

NEW QUESTION 104
Which profiling probe collects the user-agent string?

• A. AD
• B. HTTP
• C. NMAP
• D. DHCP

Answer: B

 

NEW QUESTION 105
Which two features are available when the primary admin node is down and the secondary admin node has not been promoted? ()

• A. new AD user 802 1X authentication
• B. BYOD
• C. guest AUP
• D. posture
• E. hotspot

Answer: C,E

 

NEW QUESTION 106
In a Cisco ISE split deployment model, which load is split between the nodes?

• A. log collection
• B. AAA
• C. device admission
• D. network admission

Answer: B

Explanation:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-6/install_guide/b_ise_InstallationGuide26.pdf

 

NEW QUESTION 107
......

Authentic Best resources for 300-715 Online Practice Exam: https://www.validvce.com/300-715-exam-collection.html

300-715 Test Engine Practice Exam: https://drive.google.com/open?id=1JlXD2mIbnrclA9sHjTPF07phWgaPYvoT