Summer Certification Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: validbest

Discussions
  1. Home
  2. Cisco
  3. CCNP Security
  4. 300-715
  5. Implementing and Configuring Cisco Identity Services Engine (SISE) v4.0 (300-715 SISE) Questions and Answers

Pass the Cisco CCNP Security 300-715 Questions and answers with ValidTests

Exam 300-715 All Questions
Exam 300-715 Premium Access

View all detail and faqs for the 300-715 exam

Go to Exam
Viewing page 7 out of 9 pages
Viewing questions 61-70 out of questions
Questions # 61:

An administrator has added a new Cisco ISE PSN to their distributed deployment. Which two features must the administrator enable to accept authentication requests and profile the endpoints correctly, and add them to their respective endpoint identity groups? (Choose two )

Options:

A.

Session Services

B.

Endpoint Attribute Filter

C.

Posture Services

D.

Profiling Services

E.

Radius Service

Expert Solution
Questions # 62:

When configuring Active Directory groups, what does the Cisco ISE use to resolve ambiguous group names?

Options:

A.

MIB

B.

TGT

C.

OMAB

D.

SID

Expert Solution
Questions # 63:

An engineer is configuring Cisco ISE policies to support MAB for devices that do not have 802.1X capabilities. The engineer is configuring new endpoint identity groups as conditions to be used in the AuthZ policies, but noticed that the endpoints are not hitting the correct policies. What must be done in order to get the devices into the right policies?

Options:

A.

Manually add the MAC addresses of the devices to endpoint ID groups in the context visibility database.

B.

Create an AuthZ policy to identify Unknown devices and provide partial network access prior to profiling.

C.

Add an identity policy to dynamically add the IP address of the devices to their endpoint identity groups.

D.

Identify the non 802.1X supported device types and create custom profiles for them to profile into.

Expert Solution
Questions # 64:

An enterprise uses a separate PSN for each of its four remote sites. Recently, a user reported receiving an "EAP-TLS authentication failed" message when moving between remote sites. Which configuration must be applied on Cisco ISE?

Options:

A.

Use a third-party certificate on the network device.

B.

Add the device to all PSN nodes in the deployment.

C.

Renew the expired certificate on one of the PSN.

D.

Configure an authorization profile for the end users.

Expert Solution
Questions # 65:

An administrator is configuring RADIUS on a Cisco switch with a key set to Cisc403012128 but is receiving the error “Authentication failed: 22040 Wrong password or invalid shared secret. “what must be done to address this issue?

Options:

A.

Add the network device as a NAD inside Cisco ISE using the existing key.

B.

Configure the key on the Cisco ISE instead of the Cisco switch.

C.

Use a key that is between eight and ten characters.

D.

Validate that the key is correct on both the Cisco switch as well as Cisco ISE.

Expert Solution
Questions # 66:

An administrator is configuring posture assessment in Cisco ISE for the first time. Which two components must be uploaded to Cisco ISE to use Anyconnect for the agent configuration in a client provisioning policy? (Choose two.)

Options:

A.

Anyconnect network visibility module

B.

Anyconnect compliance module

C.

AnyConnectProfile.xml file

D.

AnyConnectProfile.xsd file

E.

Anyconnect agent image

Expert Solution
Questions # 67:

A network engineer needs to ensure that the access credentials are not exposed during the 802.1x authentication among components. Which two protocols should complete this task?

Options:

A.

PEAP

B.

EAP-MD5

C.

LEAP

D.

EAP-TLS

E.

EAP-TTLS

Expert Solution
Questions # 68:

The security team identified a rogue endpoint with MAC address 00:46:91:02:28:4A attached to the network. Which action must security engineer take within Cisco ISE to effectively

restrict network access for this endpoint?

Options:

A.

Configure access control list on network switches to block traffic.

B.

Create authentication policy to force reauthentication.

C.

Add MAC address to the endpoint quarantine list.

D.

Implement authentication policy to deny access.

Expert Solution
Questions # 69:

An engineer is designing a new distributed deployment for Cisco ISE in the network and is considering failover options for the admin nodes. There is a need to ensure that an admin node is available for configuration of policies at all times. What is the requirement to enable this feature?

Options:

A.

one primary admin and one secondary admin node in the deployment

B.

one policy services node and one secondary admin node

C.

one policy services node and one monitoring and troubleshooting node

D.

one primary admin node and one monitoring and troubleshooting node

Expert Solution
Questions # 70:

A Cisco ISE administrator needs to ensure that guest endpoint registrations are only valid for 1 day. When testing the guest policy flow, the administrator sees that the Cisco ISE does not delete the endpoint in the Guest Endpoints identity store after one day and allows access to the guest network after that period. Which configuration is causing this problem?

Options:

A.

The RADIUS policy set for guest access is set to allow repeated authentication of the same device.

B.

The length of access is set to 7 days in the Guest Portal Settings.

C.

The Endpoint Purge Policy is set to 30 days for guest devices.

D.

The Guest Account Purge Policy is set to 15 days.

Expert Solution
Viewing page 7 out of 9 pages
Viewing questions 61-70 out of questions