• Home
  • Articles
  • Start your 300-715 Exam Questions Preparation with Updated 347 Questions [Q105-Q128]

Start your 300-715 Exam Questions Preparation with Updated 347 Questions [Q105-Q128]

Share

Start your 300-715 Exam Questions Preparation with Updated 347 Questions

A Fully Updated 2024 300-715 Exam Dumps - PDF Questions and Testing Engine


Profiler: This domain evaluates the skills of the specialists in the processes, such as:

  • Applying profiler services
  • Setting endpoint identity administration
  • Implementing probes
  • Applying CoA

 

NEW QUESTION # 105
Which RADIUS attribute is used to dynamically assign the Inactivity active timer for MAB users from the Cisco ISE node?

  • A. session timeout
  • B. radius-server timeout
  • C. idle timeout
  • D. termination-action

Answer: C

Explanation:
When the inactivity timer is enabled, the switch monitors the activity from authenticated endpoints. When the inactivity timer expires, the switch removes the authenticated session. The inactivity timer for MAB can be statically configured on the switch port, or it can be dynamically assigned using the RADIUS Idle-Timeout attribute


NEW QUESTION # 106
A network administrator has just added a front desk receptionist account to the Cisco ISE Guest Service sponsor group.
Using the Cisco ISE Guest Sponsor Portal, which guest services can the receptionist provide?

  • A. Create and manage guest user accounts
  • B. Keep track of guest user activities
  • C. Configure authorization settings for guest users
  • D. Authenticate guest users to Cisco ISE

Answer: C


NEW QUESTION # 107
An organization is hosting a conference and must make guest accounts for several of the speakers attending. The conference ended two days early but the guest accounts are still being used to access the network. What must be configured to correct this?

  • A. Create an authorization rule denying sponsored guest access.
  • B. Create an authorization rule denying guest access.
  • C. Navigate to the Guest Portal and delete the guest accounts.
  • D. Navigate to the Sponsor Portal and suspend the guest accounts.

Answer: B


NEW QUESTION # 108
What occurs when a Cisco ISE distributed deployment has two nodes and the secondary node is deregistered?

  • A. Both nodes restart.
  • B. The secondary node restarts.
  • C. The primary node becomes standalone
  • D. The primary node restarts

Answer: A

Explanation:
Reference:
https://www.cisco.com/c/en/us/td/docs/security/ise/1-1-1/installation_guide/ise_install_guide/ise_deploy.html if your deployment has two nodes and you deregister the secondary node, both nodes in this primary-secondary pair are restarted. (The former primary and secondary nodes become standalone.)


NEW QUESTION # 109
A network administrator is configuring client provisioning resource policies for client machines and must ensure that an agent pop-up is presented to the client when attempting to connect to the network.
Which configuration item needs to be added to allow for this?

  • A. an API connection back to the client
  • B. a remote posture agent proxying the network connection
  • C. a temporal agent that gets installed onto the system
  • D. the client provisioning URL in the authorization policy

Answer: D

Explanation:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-
4/admin_guide/b_ISE_admin_guide_24/m_configure_client_provisioning.html#ID1405 It is mandatory to include the client provisioning URL in authorization policy to enable the agent to popup in the client machines. This prevents request from any random clients and ensures that only clients with proper redirect URL can request for posture assessment.


NEW QUESTION # 110
An engineer must organize endpoints in a Cisco ISE identity management store to improve the operational management of IP phone endpoints. The endpoints must meet these requirements:
- classify endpoints for finance, sales, and marketing departments
- tag each endpoint as profiled
Which action organizes the endpoints?

  • A. Create an endpoint identity group for each department with the profiled parent group.
  • B. Create an endpoint identity group for each department with the IP phone parent group.
  • C. Add a tag for the endpoints of each department and use the identity group filter.
  • D. Add a tag for the endpoints of each department and add an endpoint to profiled group.

Answer: A


NEW QUESTION # 111
An enterprise uses a separate PSN for each of its four remote sites. Recently, a user reported receiving an "EAP-TLS authentication failed" message when moving between remote sites.
Which configuration must be applied on Cisco ISE?

  • A. Configure an authorization profile for the end users.
  • B. Add the device to all PSN nodes in the deployment.
  • C. Renew the expired certificate on one of the PSN.
  • D. Use a third-party certificate on the network device.

Answer: B


NEW QUESTION # 112
Refer to the exhibit:

Which command is typed within the CU of a switch to view the troubleshooting output?

  • A. show authentication registrations
  • B. show authentication interface gigabitethemet2/0/36
  • C. show authentication sessions mac 000e.84af.59af details
  • D. show authentication sessions method

Answer: C


NEW QUESTION # 113
Refer to the exhibit. In which scenario does this switch configuration apply?

  • A. when allowing a hub with multiple clients connected
  • B. when passing IP phone authentication
  • C. when allowing multiple IP phones to be connected
  • D. when preventing users with hypervisor

Answer: A

Explanation:
Reference:
https://www.linkedin.com/pulse/mac-authentication-bypass-priyanka-kumari#:~:text=Multi%2Dauthentication%20host%20mode%3A%20You,allows%20multiple%20source%20MAC%20addresses.


NEW QUESTION # 114
An administrator is configuring cisco ISE lo authenticate users logging into network devices using TACACS+ The administrator is not seeing any of the authentication in the TACACS+ live logs. Which action ensures the users are able to log into the network devices?

  • A. Enable the device administration service in the Administration persona
  • B. Enable the device administration service in the PSN persona.
  • C. Enable the session services in the administration persona
  • D. Enable the service sessions in the PSN persona.

Answer: A


NEW QUESTION # 115
An organization is hosting a conference and must make guest accounts for several of the speakers attending. The conference ended two days early but the guest accounts are still being used to access the network. What must be configured to correct this?

  • A. Create an authorization rule denying sponsored guest access.
  • B. Create an authorization rule denying guest access.
  • C. Navigate to the Sponsor Portal and suspend the guest accounts.
  • D. Navigate to the Guest Portal and delete the guest accounts.

Answer: C


NEW QUESTION # 116
An administrator is configuring sponsored guest access using Cisco ISE Access must be restricted to the sponsor portal to ensure that only necessary employees can issue sponsored accounts and employees must be classified to do so What must be done to accomplish this task?

  • A. Edit the sponsor portal to only accept members from the selected groups
  • B. Modify the sponsor groups assigned to reflect the desired user groups
  • C. Create an authorization rule using the Guest Flow condition to authorize the administrators
  • D. Configure an identity-based access list in Cisco ISE to restrict the users allowed to login

Answer: B


NEW QUESTION # 117
Refer to the exhibit.

A network engineers configuring the switch to accept downloadable ACLs from a Cisco ISC server Which two commands should be run to complete the configuration? (Choose two)

  • A. aaa authorization auth-proxy default group radius
  • B. radius-server attribute 8 include-in-access-req
  • C. dot1x system-auth-control
  • D. radius server vsa sand authentication
  • E. ip device tracking

Answer: D,E


NEW QUESTION # 118
An administrator is configuring MAB and needs to create profiling policies to support devices that do not match the built-in profiles. Which two steps must the administrator take in order to use these new profiles in authorization policies? (Choose two.)

  • A. Use the profiling policies as the matching conditions in each authorization policy
  • B. Configure the profiling policy to make a matching identity group and use the group in the authorization policy
  • C. Feed the profiling policies into a logical profile and use the logical profile in the authorization policy
  • D. Edit the authorization policy to give the profiles as a result of the authentication and authorization results
  • E. Modify the endpoint identity group to feed the profiling policies into and match the parent group in the policy

Answer: A,C


NEW QUESTION # 119
Which two fields are available when creating an endpoint on the context visibility page of Cisco ISE? (Choose two.)

  • A. Endpoint Family
  • B. Security Group Tag
  • C. Policy Assignment
  • D. Identity Group Assignment
  • E. IP Address

Answer: C,D

Explanation:
Section: Policy Enforcement
Explanation/Reference: https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/admin_guide/b_ise_admin_guide_22/ b_ise_admin_guide_22_chapter_010101.html


NEW QUESTION # 120
An administrator is configuring a new profiling policy in Cisco ISE for a printer type that is missing from the profiler feed The logical profile Printers must be used in the authorization rule and the rule must be hit. What must be done to ensure that this configuration will be successful^

  • A. Add the new profiling policy to the logical profile Printers.
  • B. Enable the EndPoints:EndPointPolicy condition in the authorization policy.
  • C. Modify the profiler conditions to ensure that it goes into the correct logical profile
  • D. Create a new logical profile for the new printer policy

Answer: B


NEW QUESTION # 121
In a Cisco ISE split deployment model, which load is split between the nodes?

  • A. AAA
  • B. device admission
  • C. log collection
  • D. network admission

Answer: A

Explanation:
Reference:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-6/install_guide/b_ise_InstallationGuide26.pdf


NEW QUESTION # 122
Which advanced option within a WLAN must be enabled to trigger Central Web Authentication for Wireless users on AireOS controller?

  • A. static IP tunneling
  • B. override Interface ACL
  • C. DHCP server
  • D. AAA override

Answer: D

Explanation:
Section: Web Auth and Guest Services
Explanation/Reference: https://www.cisco.com/c/en/us/td/docs/wireless/controller/7-4/configuration/guides/consolidated/ b_cg74_CONSOLIDATED/b_cg74_CONSOLIDATED_chapter_010110111.html


NEW QUESTION # 123
Which two default endpoint identity groups does Cisco ISE create? (Choose two )

  • A. profiled
  • B. unknown
  • C. endpoint
  • D. block list
  • E. allow list

Answer: A,B

Explanation:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_010100.html Default Endpoint Identity Groups Created for Endpoints Cisco ISE creates the following five endpoint identity groups by default: Blacklist, GuestEndpoints, Profiled, RegisteredDevices, and Unknown. In addition, it creates two more identity groups, such as Cisco-IP-Phone and Workstation, which are associated to the Profiled (parent) identity group. A parent group is the default identity group that exists in the system.
Cisco ISE creates the following endpoint identity groups:
Blacklist-This endpoint identity group includes endpoints that are statically assigned to this group in Cisco ISE and endpoints that are block listed in the device registration portal. An authorization profile can be defined in Cisco ISE to permit, or deny network access to endpoints in this group.
GuestEndpoints-This endpoint identity group includes endpoints that are used by guest users.
Profiled-This endpoint identity group includes endpoints that match endpoint profiling policies except Cisco IP phones and workstations in Cisco ISE.
RegisteredDevices-This endpoint identity group includes endpoints, which are registered devices that are added by an employee through the devices registration portal. The profiling service continues to profile these devices normally when they are assigned to this group. Endpoints are statically assigned to this group in Cisco ISE, and the profiling service cannot reassign them to any other identity group. These devices will appear like any other endpoint in the endpoints list. You can edit, delete, and block these devices that you added through the device registration portal from the endpoints list in the Endpoints page in Cisco ISE. Devices that you have blocked in the device registration portal are assigned to the Blacklist endpoint identity group, and an authorization profile that exists in Cisco ISE redirects blocked devices to a URL, which displays "Unauthorised Network Access", a default portal page to the blocked devices.
Unknown-This endpoint identity group includes endpoints that do not match any profile in Cisco ISE.
In addition to the above system created endpoint identity groups, Cisco ISE creates the following endpoint identity groups, which are associated to the Profiled identity group:
Cisco-IP-Phone-An identity group that contains all the profiled Cisco IP phones on your network.
Workstation-An identity group that contains all the profiled workstations on your network.


NEW QUESTION # 124
An administrator is manually adding a device to a Cisco ISE identity group to ensure that it is able to access the network when needed without authentication Upon testing, the administrator notices that the device never hits the correct authorization policy line using the condition EndPoints LogicalProfile EQUALS static_list Why is this occurring?

  • A. The logical profile is being statically assigned instead of the identity group
  • B. The device is changing identity groups after profiling instead ot remaining static
  • C. The identity group is being assigned instead of the logical profile
  • D. The dynamic logical profile is overriding the statically assigned profile

Answer: A


NEW QUESTION # 125
An engineer is configuring Cisco ISE and needs to dynamically identify the network endpoints and ensure that endpoint access is protected.
Which service should be used to accomplish this task?

  • A. client provisioning
  • B. profiling
  • C. posture
  • D. guest access

Answer: B

Explanation:
Section: Profiler
Explanation


NEW QUESTION # 126
When creating a policy within Cisco ISE for network access control, the administrator wants to allow different access restrictions based upon the wireless SSID to which the device is connecting. Which policy condition must be used in order to accomplish this?

  • A. Airespace Airespace-Wlan-ld CONTAINS <SSID Name>
  • B. Network Access NetworkDeviceName CONTAINS <SSID Name>
  • C. Radius Called-Station-ID CONTAINS <SSID Name>
  • D. DEVICE Device Type CONTAINS <SSID Name>

Answer: C

Explanation:
Reference:
https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115734-ise-policies-ssid-00.html


NEW QUESTION # 127
A Cisco ISE administrator must restrict specific endpoints from accessing the network while in closed mode. The requirement is to have Cisco ISE centrally store the endpoints to restrict access from.
What must be done to accomplish this task?

  • A. Create a logical profile for each device's profile policy and block that via authorization policies.
  • B. Add each IP address to a policy denying access.
  • C. Add each MAC address manually to a blocklist identity group and create a policy denying access
  • D. Create a profiling policy for each endpoint with the cdpCacheDeviceld attribute.

Answer: C

Explanation:
To accomplish this task, the Cisco ISE administrator must follow these steps:
- Create a blocklist identity group.
- Add each MAC address of the endpoints that must be restricted from accessing the network to the blocklist identity group.
- Create a policy that denies access to the blocklist identity group.
- Apply the policy to the network access devices.


NEW QUESTION # 128
......

Easy Success Cisco 300-715 Exam in First Try: https://examcollection.actualcollection.com/300-715-exam-questions.html

Related Articles

more
Cisco 300-715 Certification Practice Exam

Copyright © 2026 ActualCollection NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy