300-715 Online Practice Questions and Answers

Which permission is common to the Active Directory Join and Leave operations?

A. Create a Cisco ISE machine account in the domain if the machine account does not already exist

B. Remove the Cisco ISE machine account from the domain.

C. Set attributes on the Cisco ISE machine account

D. Search Active Directory to see if a Cisco ISE machine account already ex.sts.

Which use case validates a change of authorization?

A. An authenticated, wired EAP-capable endpoint is discovered

B. An endpoint profiling policy is changed for authorization policy.

C. An endpoint that is disconnected from the network is discovered

D. Endpoints are created through device registration for the guests

Which profiling probe collects the user-agent string?

A. DHCP

B. AD

C. HTTP

D. NMAP

What does MAB stand for?

A. MAC Address Binding

B. MAC Authorization Binding

C. MAC Authorization Bypass

D. MAC Authentication Bypass

An engineer is working with a distributed deployment of cisco ise and needs to configure various network probes to collect a set of attributes from the endpoints on the network. Which node should be used to accomplish this task?

A. Policy service

B. Monitoring

C. Primary policy administrator

D. PxGrid

The security team identified a rogue endpoint with MAC address 00:47:44:40:54:1A attached to the network. Which action must security engineer take within Cisco ISE to effectively restrict network access for this endpoint?

A. Create authentication policy to force reauthentication.

B. Configure access control list on network switches to block traffic.

C. Add MAC address to the endpoint quarantine list.

D. Implement authentication policy to deny access.

What must be configured on the WLC to configure Central Web Authentication using Cisco ISE and a WLC?

A. Set the NAC State option to SNMP NAC.

B. Set the NAC State option to RADIUS NAC.

C. Use the radius-server vsa send authentication command.

D. Use the ip access-group webauth in command.

An employee logs on to the My Devices portal and marks a currently on-boarded device as `Lost'.

A. Certificates provisioned to the device are not revoked

B. BYOD Registration status is updated to No

C. The device access has been denied

D. BYOD Registration status is updated to Unknown.

E. The device status is updated to Stolen

An administrator needs to allow guest devices to connect to a private network without requiring usernames and passwords. Which two features must be configured to allow for this? (Choose two.)

A. hotspot guest portal

B. device registration WebAuth

C. central WebAuth

D. local WebAuth

E. self-registered guest portal

Refer to the exhibit.

An engineer is configuring a client but cannot authenticate to Cisco ISE During troubleshooting, the show authentication sessions command was issued to display the authentication status of each port Which command gives additional information to help identify the problem with the authentication?

A. show authentication sessions

B. show authentication sessions Interface Gil/0/1 output

C. show authentication sessions interface Gi1/0/1 details

D. show authentication sessions output

An administrator replaced a PSN in the distributed Cisco ISE environment. When endpoints authenticate to it, the devices are not getting the right profiles or attributes and as a result, are not hitting the correct policies. This was working correctly on the previous PSN. Which action must be taken to ensure the endpoints get identified?

A. Verify that the MnT node is tracking the session.

B. Verify the shared secret used between the switch and the PSN.

C. Verify that the profiling service is running on the new PSN.

D. Verify that the authentication request the PSN is receiving is not malformed.

What is a difference between RADIUS and TACACS+?

A. RADIUS uses connection-oriented transport, and TACACS+ uses best-effort delivery.

B. RADIUS offers multiprotocol support, and TACACS+ supports only IP traffic.

C. RADIUS combines authentication and authorization functions, and TACACS+ separates them.

D. RADIUS supports command accounting, and TACACS+ does not.

An engineer has been tasked with using Cisco ISE to restrict network access at the switchport level using 802.1X authentication. Users who fail 802.1X authentication should e redirected via web redirection and have their access restricted via an ACL. What must be configured in Cisco ISE to accomplish this task?

A. an authorization profile

B. an authorization rule

C. an authentication policy

D. an authentication profile

An administrator has manually added the MAC address of a wireless device to the Blocklist Identity Group for testing. When the device connects to the wireless network it triggers the Wireless Block List Default rule, but the device is still allowed to access the wireless network. What additional step must be taken to resolve tissue?

A. Disable URL redirection on the Authorization Profile.

B. Enable SNMP with read and write access on the Cisco WLC.

C. Create an ACL named BLOCKHOLE on the Cisco WLC.

D. Change the Access Type under the Authorization Profile lo ACCESS_REJECT.

A network engineer must configure a centralized Cisco ISE solution for wireless guest access with users in different time zones. The guest account activation time must be independent of the user time zone, and the guest account must be enabled automatically when the user self-registers on the guest portal. Which option in the time profile settings must be selected to meet the requirement?

A. Select FromFirstLogin from the Account Type dropdown.

B. Select FromCreation from the Account Type dropdown.

C. Set the Maximum Account Duration to 1 Day.

D. Set the Duration field to 24:00:00.