New Year Special Sale - 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: spcl70

Practice Free 300-715 Implementing and Configuring Cisco Identity Services Engine (SISE) v4.0 (300-715 SISE) Exam Questions Answers With Explanation

We at Crack4sure are committed to giving students who are preparing for the Cisco 300-715 Exam the most current and reliable questions . To help people study, we've made some of our Implementing and Configuring Cisco Identity Services Engine (SISE) v4.0 (300-715 SISE) exam materials available for free to everyone. You can take the Free 300-715 Practice Test as many times as you want. The answers to the practice questions are given, and each answer is explained.

Get Full 299 Questions Search Other Cisco Exam
Question # 6

300-715 question answer

Refer to the exhibit. In which scenario does this switch configuration apply?

A.

when allowing a hub with multiple clients connected

B.

when passing IP phone authentication

C.

when allowing multiple IP phones to be connected

D.

when preventing users with hypervisor

Question # 7

An engineer is assigned to enhance security across the campus network. The task is to enable MAB across all access switches in the network. Which command must be entered on the switch to enable MAB?

A.

Switch# authentication port-control auto

B.

Switch{conflg)# mab

C.

Switch{config-lf) # mab

D.

Switch(config)# authentication port-control auto

Question # 8

The security engineer for a company has recently deployed Cisco ISE to perform centralized authentication of all network device logins using TACACS+ against the local AD domain. Some of the other network engineers are having a hard time remembering to enter their AD account password instead of the local admin password that they have used for years. The security engineer wants to change the password prompt to "Use Local AD Password:" as a way of providing a hint to the network engineers when logging in. Under which page in Cisco ISE would this change be made?

A.

Work Centers > Device Administration > Settings > Connection Settings

B.

Work Centers > Device Administration > Ext Id Sources > Advanced Settings

C.

The password prompt cannot be changed on a Cisco IOS device

D.

Work Centers > Device Administration > Network Resources > Network Devices

Question # 9

An engineer is creating a new authorization policy to give the endpoints access to VLAN 310 upon successful authentication The administrator tests the 802.1X authentication for the endpoint and sees that it is authenticating successfully What must be done to ensure that the endpoint is placed into the correct VLAN?

A.

Configure the switchport access vlan 310 command on the switch port

B.

Ensure that the security group is not preventing the endpoint from being in VLAN 310

C.

Add VLAN 310 in the common tasks of the authorization profile

D.

Ensure that the endpoint is using The correct policy set

Question # 10

Which two responses from the RADIUS server to NAS are valid during the authentication process? (Choose two)

A.

access-response

B.

access-request

C.

access-reserved

D.

access-accept

E.

access-challenge

Question # 11

When planning for the deployment of Cisco ISE, an organization's security policy dictates that they must use network access authentication via RADIUS. It also states that the deployment provide an adequate amount of security and visibility for the hosts on the network. Why should the engineer configure MAB in this situation?

A.

The Cisco switches only support MAB.

B.

MAB provides the strongest form of authentication available.

C.

The devices in the network do not have a supplicant.

D.

MAB provides user authentication.

Question # 12

An engineer is configuring web authentication and needs to allow specific protocols to permit DNS traffic. Which type of access list should be used for this configuration?

A.

reflexive ACL

B.

extended ACL

C.

standard ACL

D.

numbered ACL

Question # 13

An engineer is configuring a guest password policy and needs to ensure that the password complexity requirements are set to mitigate brute force attacks. Which two requirement complete this policy? (Choose two)

A.

minimum password length

B.

active username limit

C.

access code control

D.

gpassword expiration period

E.

username expiration date

Question # 14

A policy is being created in order to provide device administration access to the switches on a network. There is a requirement to ensure that if the session is not actively being used, after 10 minutes, it will be disconnected. Which task must be configured in order to meet this requirement?

A.

session timeout

B.

idle time

C.

monitor

D.

set attribute as

Question # 15

An engineer is starting to implement a wired 802.1X project throughout the campus. The task is for failed authentication to be logged to Cisco ISE and also have a minimal impact on the users. Which command must the engineer configure?

A.

authentication open

B.

pae dot1x enabled

C.

authentication host-mode multi-auth

D.

monitor-mode enabled

Question # 16

A network engineer needs to deploy 802.1x using Cisco ISE in a wired network environment where thin clients download their system image upon bootup using PXE. For which mode must the switch ports be configured?

A.

closed

B.

restricted

C.

monitor

D.

low-impact

Question # 17

Which type of identity store allows for creating single-use access credentials in Cisco ISE?

A.

OpenLDAP

B.

Local

C.

PKI

D.

RSA SecurID

Question # 18

An administrator needs to allow guest devices to connect to a private network without requiring usernames and passwords. Which two features must be configured to allow for this? (Choose two.)

A.

hotspot guest portal

B.

device registration WebAuth

C.

central WebAuth

D.

local WebAuth

E.

self-registered guest portal

Question # 19

A Cisco ISE administrator needs to ensure that guest endpoint registrations are only valid for one day When testing the guest policy flow, the administrator sees that the Cisco ISE does not delete the endpoint in the Guest Endpoints identity store after one day and allows access to the guest network after that period. Which configuration is causing this problem?

A.

The Endpoint Purge Policy is set to 30 days for guest devices

B.

The RADIUS policy set for guest access is set to allow repeated authentication of the same device

C.

The length of access is set to 7 days in the Guest Portal Settings

D.

The Guest Account Purge Policy is set to 15 days

Question # 20

An engineer is configuring TACACS+ within Cisco ISE for use with a non-Cisco network device. They need to send special attributes in the Access-Accept response to ensure that the users are given the appropriate access. What must be configured to accomplish this'?

A.

dACLs to enforce the various access policies for the users

B.

custom access conditions for defining the different roles

C.

shell profiles with custom attributes that define the various roles

D.

TACACS+ command sets to provide appropriate access

Question # 21

MacOS users are complaining about having to read through wordy instructions when remediating their workstations to gam access to the network Which alternate method should be used to tell users how to remediate?

A.

URL link

B.

message text

C.

executable

D.

file distribution

Question # 22

An engineer must use Cisco ISE to provide network access to endpoints that cannot support 802.1X. The endpoint MAC addresses must be allowlisted by configuring an endpoint identity group. These configurations were performed:

• configured an identity group named allowlist

• configured the endpoints to use the MAC address of incompatible 802.1X devices

• added the endpoints to the allowlist identity group

• configured an authentication policy for MAB users

What must be configured?

A.

authorization profile that has the PermitAccess permission and matches the allowlist identity group

B.

logical profile that matches the allowlist identity group based on the configured policy

C.

authentication profile that has the PermitAccess permission and matches the allowlist identity group authorization policy that has the PermitAccess permission and matches the allowlist identity group

D.

authorization policy that has the PermitAccess permission and matches the allowtist identity group

Question # 23

A network administrator adds network access devices to Cisco ISE. After a security breach, the management team mandates that all network devices must comply with certain standards. All network devices must authenticate through Cisco ISE. Some devices use nondefault CoA ports.

What must be configured in Cisco ISE?

A.

Network device profile with a port specified

B.

Network access manager with a port specified

C.

Network device group with a port specified

D.

Network device with a port specified

Question # 24

An administrator is configuring posture with Cisco ISE and wants to check that specific services are present on the workstations that are attempting to access the network. What must be configured to accomplish this goal?

A.

Create a registry posture condition using a non-OPSWAT API version.

B.

Create an application posture condition using a OPSWAT API version.

C.

Create a compound posture condition using a OPSWAT API version.

D.

Create a service posture condition using a non-OPSWAT API version.

Question # 25

A network security administrator wants to integrate Cisco ISE with Active Directory. Which configuration action must the security administrator take to accomplish the task?

A.

Remove Cisco ISE user account from the domain.

B.

Remove the ISE machine account from the domain.

C.

Join Cisco ISE to the Active Directory domain.

D.

Search Active Directory to see if admin user account exists.

Question # 26

A network engineer needs to ensure that the access credentials are not exposed during the 802.1x authentication among components. Which two protocols should complete this task?

A.

PEAP

B.

EAP-MD5

C.

LEAP

D.

EAP-TLS

E.

EAP-TTLS

Question # 27

An engineer must use Cisco ISE to provide network access to endpoints that cannot support 802.1X. The endpoint MAC addresses must be allowlisted by configuring an endpoint identity group. These configurations were performed:

    Configured an identity group named allowlist

    Configured the endpoints to use the MAC address of incompatible 802.1X devices

    Added the endpoints to the allowlist identity group

    Configured an authentication policy for MAB users

What must be configured?

A.

Authorization profile that has the PermitAccess permission and matches the allowlist identity group

B.

Authentication profile that has the PermitAccess permission and matches the allowlist identity group

C.

Authorization policy that has the PermitAccess permission and matches the allowlist identity group

D.

Logical profile that matches the allowlist identity group based on the configured policy

Question # 28

What is an advantage of TACACS+ versus RADIUS authentication when reviewing reports in Cisco ISE?

A.

TACACS+ reduces authentication latency, and RADIUS increases latency by adding additional packet headers.

B.

TACACS+ performs secure communication with IPsec, and RADIUS uses DTLS encryption.

C.

TACACS+ provides command accounting, and RADIUS combines authentication and authorization.

D.

TACACS+ uses SSL certificates, and RADIUS does not have encryption.

Question # 29

An engineer is working with a distributed deployment of Cisco ISE and needs to configure various network probes to collect a set of attributes from the used to accomplish this task?

A.

policy service

B.

monitoring

C.

pxGrid

D.

primary policy administrator

Question # 30

What is a valid status of an endpoint attribute during the device registration process?

A.

block listed

B.

pending

C.

unknown

D.

DenyAccess

Question # 31

What service can be enabled on the Cisco ISE node to identity the types of devices connecting to a network?

A.

MAB

B.

profiling

C.

posture

D.

central web authentication

Question # 32

Which two endpoint compliance statuses are possible? (Choose two.)

A.

unknown

B.

known

C.

invalid

D.

compliant

E.

valid

Question # 33

A security engineer configures a Cisco Catalyst switch to use Cisco TrustSec. The engineer must define the PAC key to authenticate the switch to Cisco IISE. Drag and drop the commands from the left into sequence on the right. Not all options are used.

300-715 question answer

Question # 34

Refer to the exhibit:

300-715 question answer

Which command is typed within the CU of a switch to view the troubleshooting output?

A.

show authentication sessions mac 000e.84af.59af details

B.

show authentication registrations

C.

show authentication interface gigabitethemet2/0/36

D.

show authentication sessions method

Question # 35

An administrator plans to use Cisco ISE to deploy posture policies to assess Microsoft Windows endpoints that run Cisco Secure Client. The administrator wants to minimize the occurrence of messages related to unknown posture profiles if Cisco ISE fails to determine the posture of the endpoint. Secure Client is deployed to all the endpoints. and all the required Cisco ISE authentication, authorization, and posture policy configurations were performed. Which action must be taken next to complete the configuration?

A.

Install the latest version of the Secure Client client on the endpoints.

B.

Enable Cisco ISE posture on Secure Client configuration.

C.

Configure a native supplicant on the endpoints to support the posture policies.

D.

Install the compliance module on the endpoints.

Question # 36

A Cisco device has a port configured in multi-authentication mode and is accepting connections only from hosts assigned the SGT of SGT_0422048549 The VLAN trunk link supports a maximum of 8 VLANS What is the reason for these restrictions?

A.

The device is performing inline tagging without acting as a SXP speaker

B.

The device is performing mime tagging while acting as a SXP speaker

C.

The IP subnet addresses are dynamically mapped to an SGT.

D.

The IP subnet addresses are statically mapped to an SGT

Question # 37

Which two features must be used on Cisco ISE to enable the TACACS. feature? (Choose two)

A.

Device Administration License

B.

Server Sequence

C.

Command Sets

D.

Enable Device Admin Service

E.

External TACACS Servers

Question # 38

Which use case validates a change of authorization?

A.

An authenticated, wired EAP-capable endpoint is discovered

B.

An endpoint profiling policy is changed for authorization policy.

C.

An endpoint that is disconnected from the network is discovered

D.

Endpoints are created through device registration for the guests

Question # 39

What must match between Cisco ISE and the network access device to successfully authenticate endpoints?

A.

SNMP version

B.

shared secret

C.

certificate

D.

profile

Question # 40

An organization is adding nodes to their Cisco ISE deployment and has two nodes designated as primary and secondary PAN and MnT nodes. The organization also has four PSNs An administrator is adding two more PSNs to this deployment but is having problems adding one of them What is the problem?

A.

The new nodes must be set to primary prior to being added to the deployment

B.

The current PAN is only able to track a max of four nodes

C.

Only five PSNs are allowed to be in the Cisco ISE cube if configured this way.

D.

One of the new nodes must be designated as a pxGrid node

Question # 41

An administrator is editing a csv list of endpoints and wants to reprofile some of the devices indefinitely before importing the list into Cisco ISE. Which field and Boolean value must be changed for the devices before the list is reimported?

A.

Identity Group Assignment field and Static Assignment field set to the value FALSE

B.

Policy Assignment field and Static Assignment field set to the value TRUE

C.

Policy Assignment field and Static Assignment field set to the value FALSE

D.

Identity Group Assignment field and Static Assignment field set to the value TRUE

Question # 42

A network engineer is configuring Cisco TrustSec and needs to ensure that the Security Group Tag is being transmitted between two devices Where in the Layer 2 frame should this be verified?

A.

CMD filed

B.

802.1Q filed

C.

Payload

D.

802.1 AE header

Question # 43

An engineer is assigned to enhance security across the campus network. The task is to enable MAB across all access switches in the network. Which command must be entered on the switch to enable MAB?

A.

Switch(config-if)# mab

B.

Switch(config)# mab

C.

Switch# authentication port-control auto

D.

Switch(config)# authentication port-control auto

Question # 44

Which platform does a Windows-based device download the Network Assistant Manager from?

A.

Microsoft app store

B.

Cisco Catalyst Switch

C.

native OS

D.

Cisco ISE

Question # 45

What does the dot1x system-auth-control command do?

A.

causes a network access switch not to track 802.1x sessions

B.

globally enables 802.1x

C.

enables 802.1x on a network access device interface

D.

causes a network access switch to track 802.1x sessions

Question # 46

300-715 question answer

Refer to the exhibit. An engineer must configure BYOD in Cisco ISE. A single SSID must be used to allow BYOD devices to connect to the network. These configurations have been performed on Wireless LAN Controller already:

RADIUS server

BYOD-Dot1x SSID

Which two configurations must be done in Cisco ISE to meet the requirement? (Choose two.)

A.

FlexConnect ACL

B.

External identity source

C.

Authentication policy

D.

Redirect ACL

E.

Profiling policy

Question # 47

An engineer is configuring a new Cisco ISE node. Context-sensitive information must be shared between the Cisco ISE and a Cisco ASA. Which persona must be enabled?

A.

Administration

B.

Policy Service

C.

pxGrid

D.

Monitoring

Question # 48

An administrator is attempting to replace the built-in self-signed certificates on a Cisco ISE appliance. The CA is requesting some information about the appliance in order to sign the new certificate. What must be done in order to provide the CA this information?

A.

Install the Root CA and intermediate CA.

B.

Generate the CSR.

C.

Download the intermediate server certificate.

D.

Download the CA server certificate.

Question # 49

An administrator is configuring the Native Supplicant Profile to be used with the Cisco ISE posture agents and needs to test the connection using wired devices to determine which profile settings are available. Which two configuration settings should be used to accomplish this task? (Choose two.)

A.

authentication mode

B.

proxy host/IP

C.

certificate template

D.

security

E.

allowed protocol

Question # 50

An administrator is trying to collect metadata information about the traffic going across the network to gam added visibility into the hosts. This Information will be used to create profiling policies for devices us mg Cisco ISE so that network access policies can be used What must be done to accomplish this task?

A.

Configure the RADIUS profiling probe within Cisco ISE

B.

Configure NetFlow to be sent to me Cisco ISE appliance.

C.

Configure SNMP to be used with the Cisco ISE appliance

D.

Configure the DHCP probe within Cisco ISE

Question # 51

Refer to the exhibit.

300-715 question answer

An engineer is configuring a client but cannot authenticate to Cisco ISE During troubleshooting, the show authentication sessions command was issued to display the authentication status of each port Which command gives additional information to help identify the problem with the authentication?

A.

show authentication sessions

B.

show authentication sessions Interface Gil/0/1 output

C.

show authentication sessions interface Gi1/0/1 details

D.

show authentication sessions output

Question # 52

An engineer is deploying a new Cisco ISE environment for a company. The company wants the deployment to use TACACS+. The engineer verifies that Cisco ISE has a Device Administration license. What must be configured to enable TACACS+ operations?

A.

Device Administration Work Center

B.

Device Admin service

C.

Device Administration Deployment settings

D.

Device Admin Policy Sets settings

Question # 53

Which two roles are taken on by the administration person within a Cisco ISE distributed environment? (Choose two.)

A.

backup

B.

secondary

C.

standby

D.

primary

E.

active

Question # 54

What should be considered when configuring certificates for BYOD?

    An endpoint certificate is mandatory for the Cisco ISE BYOD

A.

An Android endpoint uses EST whereas other operation systems use SCEP for enrollment

B.

The CN field is populated with the endpoint host name.

C.

The SAN field is populated with the end user name

Question # 55

A network administrator is configuring a secondary cisco ISE node from the backup configuration of the primary cisco ISE node to create a high availability pair The Cisco ISE CA certificates and keys must be manually backed up from the primary Cisco ISE and copied into the secondary Cisco ISE Which command most be issued for this to work?

A.

copy certificate Ise

B.

application configure Ise

C.

certificate configure Ise

D.

Import certificate Ise

Question # 56

If a user reports a device lost or stolen, which portal should be used to prevent the device from accessing the network while still providing information about why the device is blocked?

A.

Client Provisioning

B.

Guest

C.

BYOD

D.

Blacklist

Question # 57

An engineer must configure guest access on Cisco ISE for company visitors. Which step must be taken on the Cisco ISE PSNs before a guest portal is configured?

A.

Enable profiling services.

B.

Install SSL certificates.

C.

Create a node group.

D.

Enable session services.

Question # 58

An administrator is adding a switch to a network that is running Cisco ISE and is only for IP Phones The phones do not have the ability to authenticate via 802 1X Which command is needed on each switch port for authentication?

A.

dot1x system-auth-control

B.

enable bypass-mac

C.

enable network-authentication

D.

mab

Question # 59

An engineer is configuring a posture policy for Windows 10 endpoints and wants to ensure that users in each AD group have different conditions to meet to be compliant. What must be done to accomplish this task?

A.

identify The users groups needed for different policies and create service conditions to map each one to its posture requirement

B.

Configure a simple condition for each AD group and use it in the posture policy for each use case

C.

Use the authorization policy within the policy set to group each AD group with their respective posture policy

D.

Change the posture requirements to use an AD group lor each use case then use those requirements in the posture policy

Question # 60

What is needed to configure wireless guest access on the network?

A.

endpoint already profiled in ISE

B.

WEBAUTH ACL for redirection

C.

valid user account in Active Directory

D.

Captive Portal Bypass turned on

Question # 61

An engineer wants to learn more about Cisco ISE and deployed a new lab with two nodes. Which two persona configurations allow the engineer to successfully test redundancy of a failed node? (Choose two.)

A.

Configure one of the Cisco ISE nodes as the Health Check node.

B.

Configure both nodes with the PAN and MnT personas only.

C.

Configure one of the Cisco ISE nodes as the primary PAN and MnT personas and the other as the secondary.

D.

Configure both nodes with the PAN, MnT, and PSN personas.

E.

Configure one of the Cisco ISE nodes as the primary PAN and PSN personas and the other as the secondary.

Question # 62

In a Cisco ISE split deployment model, which load is split between the nodes?

A.

AAA

B.

network admission

C.

log collection

D.

device admission

Question # 63

What is the purpose of the ip http server command on a switch?

A.

It enables the https server for users for web authentication

B.

It enables MAB authentication on the switch

C.

It enables the switch to redirect users for web authentication.

D.

It enables dot1x authentication on the switch.

Question # 64

Which statement about configuring certificates for BYOD is true?

A.

An Android endpoint uses EST, whereas other operating systems use SCEP for enrollment

B.

The SAN field is populated with the end user name.

C.

An endpoint certificate is mandatory for the Cisco ISE BYOD

D.

The CN field is populated with the endpoint host name

Question # 65

What is a difference between RADIUS versus TACACS+ with regards to packet encryption?

A.

TACACS+ encrypts the entire body of the packet, and RADIUS encrypts the username and password in the access-request packet.

B.

RADIUS encrypts the entire body of the packet, and TACACS+ encrypts the username and password in the access-request packet.

C.

RADIUS encrypts the entire body of the packet, and TACACS+ encrypts only the password in the access-request packet.

D.

TACACS+ encrypts the entire body of the packet, and RADIUS encrypts only the password in the access-request packet.

Question # 66

An administrator is configuring new probes to use with Cisco ISE and wants to use metadata to help profile the endpoints. The metadata must contain traffic information relating to the endpoints instead of industry-standard protocol information Which probe should be enabled to meet these requirements?

A.

NetFlow probe

B.

DNS probe

C.

DHCP probe

D.

SNMP query probe

Question # 67

Which advanced option within a WLAN must be enabled to trigger Central Web Authentication for Wireless users on AireOS controller?

A.

DHCP server

B.

static IP tunneling

C.

override Interface ACL

D.

AAA override

Question # 68

An administrator is configuring a switch port for use with 802 1X What must be done so that the port will allow voice and multiple data endpoints?

A.

Configure the port with the authentication host-mode multi-auth command

B.

Connect the data devices to the port, then attach the phone behind them.

C.

Use the command authentication host-mode multi-domain on the port

D.

Connect a hub to the switch port to allow multiple devices access after authentication

Question # 69

An engineer is starting to implement a wired 802.1X project throughout the campus. The task is to ensure that the authentication procedure is disabled on the ports but still allows all endpoints to connect to the network. Which port-control option must the engineer configure?

A.

pae-disabled

B.

force-unauthorized

C.

auto

D.

force-authorized

Question # 70

An engineer is working with a distributed deployment of Cisco ISE and needs to configure various network probes to collect a set of attributes from the endpoints on the network. Which node should be used to accomplish this task?

A.

PSN

B.

primary PAN

C.

pxGrid

D.

MnT

Question # 71

Which Cisco ISE deployment model provides redundancy by having every node in the deployment configured with the Administration. Policy Service, and Monitoring personas to protect from a complete node failure?

A.

distributed

B.

dispersed

C.

two-node

D.

hybrid

Question # 72

An administrator is configuring sponsored guest access using Cisco ISE Access must be restricted to the sponsor portal to ensure that only necessary employees can issue sponsored accounts and employees must be classified to do so What must be done to accomplish this task?

A.

Configure an identity-based access list in Cisco ISE to restrict the users allowed to login

B.

Edit the sponsor portal to only accept members from the selected groups

C.

Modify the sponsor groups assigned to reflect the desired user groups

D.

Create an authorization rule using the Guest Flow condition to authorize the administrators

Question # 73

An engineer is configuring sponsored guest access and needs to limit each sponsored guest to a maximum of two devices. There are other guest services in production that rely on the default guest types. How should this configuration change be made without disrupting the other guest services currently offering three or more guest devices per user?

A.

Create an ISE identity group to add users to and limit the number of logins via the group configuration.

B.

Create a new guest type and set the maximum number of devices sponsored guests can register

C.

Create an LDAP login for each guest and tag that in the guest portal for authentication.

D.

Create a new sponsor group and adjust the settings to limit the devices for each guest.

Question # 74

An engineer is working on a switch and must tag packets with SGT values such that it learns via SXP. Which command must be entered to meet this requirement?

A.

ip source guard

B.

ip dhcp snooping

C.

ip device tracking maximum

D.

ip arp inspection

Question # 75

An adminístrator is migrating device administration access to Cisco ISE from the legacy TACACS+ solution that used only privilege 1 and 15 access levels. The organization requires more granular controls of the privileges and wants to customize access levels 2-5 to correspond with different roles and access needs. Besides defining a new shell profile in Cisco ISE. what must be done to accomplish this configuration?

A.

Enable the privilege levels in Cisco ISE

B.

B. Enable the privilege levels in the IOS devices.

C.

Define the command privileges for levels 2-5 in the IOS devices

D.

Define the command privileges for levels 2-5 in Cisco ISE

Question # 76

An engineer is deploying a new guest WLAN for a company. The company wants this WLAN to use a sponsored guest portal for secure guest access. The wireless LAN controller must direct the guests to a web page on Cisco ISE for authentication. Which type of authentication must be configured for the guest portal in Cisco ISE?

A.

EWA

B.

DWA

C.

CWA

D.

web portal

Question # 77

An engineer is configuring Cisco ISE to reprofile endpoints based only on new requests of INIT-REBOOT and SELECTING message types. Which probe should be used to accomplish this task?

A.

MMAP

B.

DNS

C.

DHCP

D.

RADIUS

Question # 78

Which two components are required for creating a Native Supplicant Profile within a BYOD flow? (Choose two)

A.

Windows Settings

B.

Connection Type

C.

iOS Settings

D.

Redirect ACL

E.

Operating System

Question # 79

The Cisco Wireless LAN Controller and guest portal must be set up in Cisco ISE. These configurations were performed:

• configured all the required Cisco Wireless LAN Controller configurations

• added the wireless controller to Cisco ISE network devices

• created an endpoint identity group

• configured credentials to be sent by email

• configured the SMTP server

• configured an authorization profile with redirection to the guest portal and redirected the access control list

• configured an authentication policy for MAB users

• created an authorization policy

Which two components would be required to complete the configuration? (Choose two.)

A.

sponsor group

B.

hotspot guest portal

C.

sponsor portal

D.

self-registered guest portal

E.

guest type

Question # 80

A network administrator must configura endpoints using an 802 1X authentication method with EAP identity certificates that are provided by the Cisco ISE When the endpoint presents the identity certificate to Cisco ISE to validate the certificate, endpoints must be authorized to connect to the network Which EAP type must be configured by the network administrator to complete this task?

A.

EAP-PEAP-MSCHAPv2

B.

EAP-TTLS

C.

EAP-FAST

D.

EAP-TLS

Question # 81

An administrator must provide wired network access to unidentified Cisco devices that fail 802.1X authentication. Cisco ISE profiling services must be configured to gather Cisco Discovery Protocol and LLDP endpoint information from a Cisco switch. These configurations were performed:

• configured switches to accept SNMP queries from Cisco ISE

• enabled Cisco Discovery Protocol and LLDP on the switches

• added the switch as a NAD to Cisco ISE

What must be enabled to complete the configuration?

A.

SNMP traps on the switch

B.

SNMP MIBs in Cisco ISE

C.

SNMP Trap probe in Cisco ISE

D.

SNMP Query probe in Cisco ISE

Question # 82

What is the default port used by Cisco ISE for NetFlow version 9 probe?

A.

UDP 9996

B.

UDP 9997

C.

UDP 9998

D.

UDP 9999

Question # 83

An engineer is configuring Central Web Authentication in Cisco ISE to provide guest access. When an authentication rule is configured in the Default Policy Set for the Wired_MAB or Wireless_MAB conditions, what must be selected for the "if user not found" setting?

A.

CONTINUE

B.

REJECT

C.

ACCEPT

D.

DROP

Question # 84

Which profiling probe collects the user-agent string?

A.

DHCP

B.

AD

C.

HTTP

D.

NMAP

Question # 85

Drag the Cisco ISE node types from the left onto the appropriate purposes on the right.

300-715 question answer

Question # 86

A network engineer must enforce access control using special tags, without re-engineering the network design. Which feature should be configured to achieve this in a scalable manner?

A.

SGT

B.

dACL

C.

VLAN

D.

RBAC

Question # 87

A Cisco ISE server sends a CoA to a NAD after a user logs in successfully using CWA Which action does the CoA perform?

A.

It terminates the client session

B.

It applies the downloadable ACL provided in the CoA

C.

It applies new permissions provided in the CoA to the client session.

D.

It triggers the NAD to reauthenticate the client

Question # 88

How is policy services node redundancy achieved in a deployment?

A.

by enabling VIP

B.

by utilizing RADIUS server list on the NAD

C.

by creating a node group

D.

by deploying both primary and secondary node

Question # 89

An engineer is configuring web authentication using non-standard ports and needs the switch to redirect traffic to the correct port. Which command should be used to accomplish this task?

A.

permit tcp any any eq

B.

aaa group server radius proxy

C.

ip http port

D.

aaa group server radius

300-715 PDF

$42

$139.99

3 Months Free Update

Add to Cart
  • Printable Format
  • Value of Money
  • 100% Pass Assurance
  • Verified Answers
  • Researched by Industry Experts
  • Based on Real Exams Scenarios
  • 100% Real Questions

300-715 PDF + Testing Engine

$57

$189.99

3 Months Free Update

Add to Cart
  • Exam Name: Implementing and Configuring Cisco Identity Services Engine (SISE) v4.0 (300-715 SISE)
  • Last Update: Dec 14, 2025
  • Questions and Answers: 299
  • Free Real Questions Demo
  • Recommended by Industry Experts
  • Best Economical Package
  • Immediate Access

300-715 Engine

$48

$159.99

3 Months Free Update

Add to Cart
  • Best Testing Engine
  • One Click installation
  • Recommended by Teachers
  • Easy to use
  • 3 Modes of Learning
  • State of Art Technology
  • 100% Real Questions included