Practice Free 300-715 Exam Online Questions
When setting up profiling in an environment using Cisco ISE for network access control, an organization must use non-proprietary protocols for collecting the information at layer 2.
Which two probes will provide this information without forwarding SPAN packets to Cisco ISE? {Choose two.)
- A . DHCP SPAN probe
- B . SNMP query probe
- C . NetFlow probe
- D . RADIUS probe
- E . DNS probe
BD
Explanation:
https://ciscocustomer.lookbookhq.com/iseguidedjourney/ISE-profiling-design
An engineer is configuring 802.1X and is testing out their policy sets. After authentication, some endpoints are given an access-reject message but are still allowed onto the network.
What is causing this issue to occur?
- A . The switch port is configured with authentication event server dead action authorize vlan.
- B . The authorization results for the endpoints include a dACL allowing access.
- C . The authorization results for the endpoints include the Trusted security group tag.
- D . The switch port is configured with authentication open.
A network engineer must enable a profiling probe. The profiling must take details through the Active Directory.
Where in the Cisco ISE interface would the engineer enable the probe?
- A . Policy > Policy Elements > Profiling
- B . Administration > Deployment > System > Profiling
- C . Policy > Deployment > System > Profiling
- D . Administration > System > Deployment > Profiling
A policy is being created in order to provide device administration access to the switches on a network. There is a requirement to ensure that if the session is not actively being used, after 10 minutes, it will be disconnected.
Which task must be configured in order to meet this requirement?
- A . session timeout
- B . idle time
- C . monitor
- D . set attribute as
A
Explanation:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ISE_admin_guide_24/m_admin_accesspolicy_settings.html#reference_0E24B8FB FAB248219E1194435670347F
A company manager is hosting a conference. Conference participants must connect to an open guest SSID and only use a preassigned code that they enter into the guest portal prior to gaining access to the network.
How should the manager configure Cisco ISE to accomplish this goal?
- A . Create entries in the guest identity group for all participants.
- B . Create an access code to be entered in the AUP page.
- C . Create logins for each participant to give them sponsored access.
- D . Create a registration code to be entered on the portal splash page.
There is a need within an organization for a new policy to be created in Cisco ISE. It must validate that a specific anti-virus application is not only installed, but running on a machine before it is allowed access to the network.
Which posture condition should the administrator configure in order for this policy to work?
- A . file
- B . registry
- C . application
- D . service
A security administrator is using Cisco ISE to create a BYOD onboarding solution for all employees who use personal devices on the corporate network. The administrator generates a Certificate Signing Request and signs the request using an external Certificate Authority server.
Which certificate usage option must be selected when importing the certificate into ISE?
- A . RADIUS
- B . DLTS
- C . Portal
- D . Admin
What must be configured on the WLC to configure Central Web Authentication using Cisco ISE and a WLC?
- A . Set the NAC State option to SNMP NAC.
- B . Set the NAC State option to RADIUS NAC.
- C . Use the radius-server vsa send authentication command.
- D . Use the ip access-group webauth in command.
An engineer is configuring Cisco ISE and needs to dynamically identify the network endpoints and ensure that endpoint access is protected.
Which service should be used to accomplish this task?
Profiling
Guest access
Client provisioning
Posture
Refer to the exhibit
Which switch configuration change will allow only one voice and one data endpoint on each port?
- A . Multi-auth to multi-domain
- B . Mab to dot1x
- C . Auto to manual
- D . Multi-auth to single-auth
A
Explanation:
https://community.cisco.com/t5/network-access-control/cisco-ise-multi-auth-or-multi-host/m-p/3750907