300-715 Dumps (V20.02) Have Been Proven As a Reliable Study Guide: Continue to Check the 300-715 Free Dumps (Part 2, Q41-Q80) Online

1. An administrator is adding a switch to a network that is running Cisco ISE and is only for IP Phones The phones do not have the ability to authenticate via 802 1X.

Which command is needed on each switch port for authentication?

2. An administrator is configuring TACACS+ on a Cisco switch but cannot authenticate users with Cisco ISE. The configuration contains the correct key of Cisc039712287. but the switch is not receiving a response from the Cisco ISE instance.

What must be done to validate the AAA configuration and identify the problem with the TACACS+ servers?

3. Which permission is common to the Active Directory Join and Leave operations?

4. What is a requirement for Feed Service to work?

5. What are two requirements of generating a single signing in Cisco ISE by using a certificate provisioning portal, without generating a certificate request? (Choose two)

6. A network engineer is configuring guest access and notices that when a guest user registers a second device for access, the first device loses access.

What must be done to ensure that both devices for a particular user are able to access the guest network simultaneously?

7. What does the dot1x system-auth-control command do?

8. An administrator needs to connect ISE to Active Directory as an external authentication source and allow the proper ports through the firewall.

Which two ports should be opened to accomplish this task? (Choose two)

9. What must match between Cisco ISE and the network access device to successfully authenticate endpoints?

10. Which portal is used to customize the settings for a user to log in and download the compliance module?

11. How is policy services node redundancy achieved in a deployment?

12. What allows an endpoint to obtain a digital certificate from Cisco ISE during a BYOD flow?

13. There is a need within an organization for a new policy to be created in Cisco ISE. It must validate that a specific anti-virus application is not only installed, but running on a machine before it is allowed access to the network.

Which posture condition should the administrator configure in order for this policy to work?

14. An engineer is configuring Cisco ISE and needs to dynamically identify the network endpoints and ensure that endpoint access is protected.

Which service should be used to accomplish this task?

15. Which personas can a Cisco ISE node assume'?

16. DRAG DROP

Drag the Cisco ISE node types from the left onto the appropriate purposes on the right.

17. An administrator is configuring posture with Cisco ISE and wants to check that specific services are present on the workstations that are attempting to access the network.

What must be configured to accomplish this goal?

18. If a user reports a device lost or stolen, which portal should be used to prevent the device from accessing the network while still providing information about why the device is blocked?

19. An engineer is configuring a guest password policy and needs to ensure that the password complexity requirements are set to mitigate brute force attacks.

Which two requirement complete this policy? (Choose two)

20. A network engineer needs to ensure that the access credentials are not exposed during the 802.1x authentication among components.

Which two protocols should complete this task?

21. When setting up profiling in an environment using Cisco ISE for network access control, an organization must use non-proprietary protocols for collecting the information at layer 2.

Which two probes will provide this information without forwarding SPAN packets to Cisco ISE? {Choose two.)

22. Which two probes must be enabled for the ARP cache to function in the Cisco ISE profile service so that a user can reliably bind the IP address and MAC addresses of endpoints? (Choose two.)

23. An engineer is designing a new distributed deployment for Cisco ISE in the network and is considering failover options for the admin nodes. There is a need to ensure that an admin node is available for configuration of policies at all times.

What is the requirement to enable this feature?

24. Which two values are compared by the binary comparison (unction in authentication that is based on Active Directory?

25. Which two ports do network devices typically use for CoA? (Choose two)

26. What sends the redirect ACL that is configured in the authorization profile back to the Cisco WLC?

27. An engineer is working with a distributed deployment of Cisco ISE and needs to configure various network probes to collect a set of attributes from the used to accomplish this task?

28. An organization wants to improve their BYOD processes to have Cisco ISE issue certificates to the BYOD endpoints. Currently, they have an active certificate authority and do not want to replace it with Cisco ISE.

What must be configured within Cisco ISE to accomplish this goal?

29. What is the purpose of the ip http server command on a switch?

30. An engineer is configuring 802.1X and wants it to be transparent from the users' point of view. The implementation should provide open authentication on the switch ports while providing strong levels of security for non-authenticated devices.

Which deployment mode should be used to achieve this?

31. A network engineer is configuring a network device that needs to filter traffic based on security group tags using a security policy on a routed into this task?

32. Which two endpoint compliance statuses are possible? (Choose two.)

33. What is a characteristic of the UDP protocol?

34. Which Cisco ISE service allows an engineer to check the compliance of endpoints before connecting to the network?

35. A network administrator changed a Cisco ISE deployment from pilot to production and noticed that the JVM memory utilization increased significantly. The administrator suspects this is due to replication between the nodes.

What must be configured to minimize performance degradation?

36. DRAG DROP

Drag the steps to configure a Cisco ISE node as a primary administration node from the left into the correct order on the night.

37. A network engineer must enforce access control using special tags, without re-engineering the

network design.

Which feature should be configured to achieve this in a scalable manner?

38. Which port does Cisco ISE use for native supplicant provisioning of a Windows laptop?

39. During BYOD flow, from where does a Microsoft Windows PC download the Network Setup Assistant?

40. An administrator is attempting to replace the built-in self-signed certificates on a Cisco ISE appliance. The CA is requesting some information about the appliance in order to sign the new certificate.

What must be done in order to provide the CA this information?