New Year Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

Cisco 300-715 - Implementing and Configuring Cisco Identity Services Engine (SISE) v4.0 (300-715 SISE)

Cisco 300-715 Premium Access     Download Demo    
Page: 2 / 9
Total 299 questions

An engineer is configuring posture assessment for their network access control and needs to use an agent that supports using service conditions as conditions for the assessment. The agent should be run as a background process to avoid user interruption but when it is run. the user can see it. What is the problem?

A.

The engineer is using the "Anyconnect” posture agent but should be using the "Stealth Anyconnect posture agent

B.

The posture module was deployed using the headend instead of installing it with SCCM

C.

The user was in need of remediation so the agent appeared m the notifications

D.

The proper permissions were no! given to the temporal agent to conduct the assessment

Refer to the exhibit. In which scenario does this switch configuration apply?

A.

when allowing a hub with multiple clients connected

B.

when passing IP phone authentication

C.

when allowing multiple IP phones to be connected

D.

when preventing users with hypervisor

An administrator is configuring TACACS+ on a Cisco switch but cannot authenticate users with Cisco ISE. The configuration contains the correct key of Cisc039712287. but the switch is not receiving a response from the Cisco ISE instance What must be done to validate the AAA configuration and identify the problem with the TACACS+ servers?

A.

Check for server reachability using the test aaa group tacacs+ admin legacy command.

B.

Test the user account on the server using the test aaa group radius server CUCS user admin pass legacy command.

C.

Validate that the key value is correct using the test aaa authentication admin legacy command.

D.

Confirm the authorization policies are correct using the test aaa authorization admin drop legacy command.

The IT manager wants to provide different levels of access to network devices when users authenticate using TACACS+. The company needs specific commands to be allowed based on the Active Directory group membership of the different roles within the IT department. The solution must minimize the number of objects created in Cisco ISE. What must be created to accomplish this task?

A.

one shell profile and one command set

B.

multiple shell profiles and one command set

C.

one shell profile and multiple command sets

D.

multiple shell profiles and multiple command sets

A policy is being created in order to provide device administration access to the switches on a network. There is a requirement to ensure that if the session is not actively being used, after 10 minutes, it will be disconnected. Which task must be configured in order to meet this requirement?

A.

session timeout

B.

idle time

C.

monitor

D.

set attribute as

An engineer is deploying Cisco ISE in a network that contains an existing Cisco Secure Firewall ASA. The customer requested that Cisco TrustSec be configured so that Cisco ISE and the firewall can share SGT information.

Which protocol must be configured on Cisco ISE to meet the requirement?

A.

PAC

B.

SXP

C.

RADIUS

D.

pxGrid

Which permission is common to the Active Directory Join and Leave operations?

A.

Create a Cisco ISE machine account in the domain if the machine account does not already exist

B.

Remove the Cisco ISE machine account from the domain.

C.

Set attributes on the Cisco ISE machine account

D.

Search Active Directory to see if a Cisco ISE machine account already ex.sts.

A network administrator is currently using Cisco ISE to authenticate devices and users via 802 1X There is now a need to also authorize devices and users using EAP-TLS. Which two additional components must be configured in Cisco ISE to accomplish this'? (Choose two.)

A.

Network Device Group

B.

Serial Number attribute that maps to a CA Server

C.

Common Name attribute that maps to an identity store

D.

Certificate Authentication Profile

E.

EAP Authorization Profile

Which default endpoint identity group does an endpoint that does not match any profile in Cisco ISE become a member of?

A.

Endpoint

B.

unknown

C.

blacklist

D.

white list

E.

profiled

An engineer is configuring Cisco ISE to reprofile endpoints based only on new requests of INIT-REBOOT and SELECTING message types. Which probe should be used to accomplish this task?

A.

MMAP

B.

DNS

C.

DHCP

D.

RADIUS