300-715 Online Practice Questions and Answers

Which default endpoint identity group does an endpoint that does not match any profile in Cisco ISE become a member of?

A. Endpoint

B. unknown

C. blacklist

D. white list

E. profiled

What does the dot1x system-auth-control command do?

A. causes a network access switch not to track 802.1x sessions

B. globally enables 802.1x

C. enables 802.1x on a network access device interface

D. causes a network access switch to track 802.1x sessions

In a Cisco ISE split deployment model, which load is split between the nodes?

A. AAA

B. network admission

C. log collection

D. device admission

Which file extension is required when deploying Cisco ISE using a ZTP configuration file in Microsoft Hyper-V?

A. .txt

B. .img

C. .tar

D. .iso

A Cisco ISE server sends a CoA to a NAD after a user logs in successfully using CWA Which action does the CoA perform?

A. It terminates the client session

B. It applies the downloadable ACL provided in the CoA

C. It applies new permissions provided in the CoA to the client session.

D. It triggers the NAD to reauthenticate the client

An administrator is configuring a Cisco ISE posture agent in the client provisioning policy and needs to ensure that the posture policies that interact with clients are monitored, and end users are required to comply with network usage rules Which two resources must be added in Cisco ISE to accomplish this goal? (Choose two)

A. AnyConnect

B. Supplicant

C. Cisco ISE NAC

D. PEAP

E. Posture Agent

An administrator is configuring cisco ISE lo authenticate users logging into network devices live logs. Which action ensures the users are able to log into the network devices?

A. Enable the device administration service in the Administration persona

B. Enable the session services in the administration persona.

C. Enable the service sessions in the PSN persona.

D. Enable the device administration service in the PSN persona.

An administrator is troubleshooting an endpoint that is supposed to bypass 802.1X and use MAB. The endpoint is bypassing 802.1X and successfully getting network access using MAB, however the endpoint cannot communicate because it cannot obtain an IP address.

What is the problem?

A. The endpoint is using the wrong protocol to authenticate with Cisco ISE.

B. The 802.1X timeout period is too long.

C. The DHCP probe for Cisco ISE is not working as expected.

D. An ACL on the port is blocking HTTP traffic.

An engineer needs to configure Cisco ISE Profiling Services to authorize network access for IP speakers that require access to the intercom system. This traffic needs to be identified if the ToS bit is set to 5 and the destination IP address is the intercom system. What must be configured to accomplish this goal?

A. NMAP

B. NETFLOW

C. pxGrid

D. RADIUS

A network engineer is configuring a new certificate template on the internal CA within Cisco ISE to provision certificates to BYOD devices that must be enrolled in the network. What must be configured in the SAN field of the certificate to identify the devices after enrollment?

A. MAC address

B. email address

C. user principal name

D. common name