Cisco 300-715 - Implementing and Configuring Cisco Identity Services Engine (SISE) v4.0 (300-715 SISE)

Cisco 300-715 Premium Access Download Demo

Page: 2 / 8
Total 243 questions

Question # 11

What is a difference between TACACS+ and RADIUS in regards to encryption?

TACACS+ encrypts only the password, whereas RADIUS encrypts the username and password.

TACACS+ encrypts the username and password, whereas RADIUS encrypts only the password.

TACACS+ encrypts the password, whereas RADIUS sends the entire packet in clear text.

TACACS+ encrypts the entire packet, whereas RADIUS encrypts only the password.

Question # 12

When planning for the deployment of Cisco ISE, an organization's security policy dictates that they must use network access authentication via RADIUS. It also states that the deployment provide an adequate amount of security and visibility for the hosts on the network. Why should the engineer configure MAB in this situation?

The Cisco switches only support MAB.

MAB provides the strongest form of authentication available.

The devices in the network do not have a supplicant.

MAB provides user authentication.

Question # 13

What is an advantage of using EAP-TLS over EAP-MS-CHAPv2 for client authentication?

EAP-TLS uses a username and password for authentication to enhance security, while EAP-MS-CHAPv2 does not.

EAP-TLS secures the exchange of credentials, while EAP-MS-CHAPv2 does not.

EAP-TLS uses a device certificate for authentication to enhance security, while EAP-MS-CHAPv2 does not.

EAP-TLS uses multiple forms of authentication, while EAP-MS-CHAPv2 only uses one.

Question # 14

Users in an organization report issues about having to remember multiple usernames and passwords. The network administrator wants the existing Cisco ISE deployment to utilize an external identity source to alleviate this issue. Which two requirements must be met to implement this change? (Choose two.)

Enable IPC access over port 80.

Ensure that the NAT address is properly configured

Establish access to one Global Catalog server.

Provide domain administrator access to Active Directory.

Configure a secure LDAP connection.

Question # 15

An engineer is using Cisco ISE and configuring guest services to allow wireless devices to access the network. Which action should accomplish this task?

Create the redirect ACL on the WLC and add it to the WLC policy

Create the redirect ACL on the WLC and add it to the Cisco ISE policy.

Create the redirect ACL on Cisco ISE and add it to the WLC policy

Create the redirect ACL on Cisco ISE and add it to the Cisco ISE Policy

Question # 16

Which two default endpoint identity groups does Cisco ISE create? (Choose two )

block list

endpoint

profiled

allow list

unknown

Explanation:

https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_010100.html

Default Endpoint Identity Groups Created for EndpointsCisco ISE creates the following five endpoint identity groups by default: Blacklist, GuestEndpoints, Profiled, RegisteredDevices, and Unknown. In addition, it creates two more identity groups, such as Cisco-IP-Phone and Workstation, which are associated to the Profiled (parent) identity group. A parent group is the default identity group that exists in the system.

Cisco ISE creates the following endpoint identity groups:

Blacklistâ€”This endpoint identity group includes endpoints that are statically assigned to this group in Cisco ISE and endpoints that are block listed in the device registration portal. An authorization profile can be defined in Cisco ISE to permit, or deny network access to endpoints in this group.

GuestEndpointsâ€”This endpoint identity group includes endpoints that are used by guest users.

Profiledâ€”This endpoint identity group includes endpoints that match endpoint profiling policies except Cisco IP phones and workstations in Cisco ISE.

RegisteredDevicesâ€”This endpoint identity group includes endpoints, which are registered devices that are added by an employee through the devices registration portal. The profiling service continues to profile these devices normally when they are assigned to this group. Endpoints are statically assigned to this group in Cisco ISE, and the profiling service cannot reassign them to any other identity group. These devices will appear like any other endpoint in the endpoints list. You can edit, delete, and block these devices that you added through the device registration portal from the endpoints list in the Endpoints page in Cisco ISE. Devices that you have blocked in the device registration portal are assigned to the Blacklist endpoint identity group, and an authorization profile that exists in Cisco ISE redirects blocked devices to a URL, which displays â€œUnauthorised Network Accessâ€, a default portal page to the blocked devices.

Unknownâ€”This endpoint identity group includes endpoints that do not match any profile in Cisco ISE.

In addition to the above system created endpoint identity groups, Cisco ISE creates the following endpoint identity groups, which are associated to the Profiled identity group:

Cisco-IP-Phoneâ€”An identity group that contains all the profiled Cisco IP phones on your network.

Workstationâ€”An identity group that contains all the profiled workstations on your network.

Question # 17

Drag and drop the configuration steps from the left into the sequence on the right to install two Cisco ISE nodes in a distributed deployment.

Question # 18

A Cisco device has a port configured in multi-authentication mode and is accepting connections only from hosts assigned the SGT of SGT_0422048549 The VLAN trunk link supports a maximum of 8 VLANS What is the reason for these restrictions?

The device is performing inline tagging without acting as a SXP speaker

The device is performing mime tagging while acting as a SXP speaker

The IP subnet addresses are dynamically mapped to an SGT.

The IP subnet addresses are statically mapped to an SGT

Question # 19

An engineer must configure Cisco ISE to provide internet access for guests in which guests are required to enter a code to gain network access. Which action accomplishes the goal?

Configure the hotspot portal for guest access and require an access code.

Configure the sponsor portal with a single account and use the access code as the password.

Configure the self-registered guest portal to allow guests to create a personal access code.

Create a BYOD policy that bypasses the authentication of the user and authorizes access codes.

Question # 20

An organization is adding nodes to their Cisco ISE deployment and has two nodes designated as primary and secondary PAN and MnT nodes. The organization also has four PSNs An administrator is adding two more PSNs to this deployment but is having problems adding one of them What is the problem?

The new nodes must be set to primary prior to being added to the deployment

The current PAN is only able to track a max of four nodes

Only five PSNs are allowed to be in the Cisco ISE cube if configured this way.

One of the new nodes must be designated as a pxGrid node

Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

Cisco 300-715 - Implementing and Configuring Cisco Identity Services Engine (SISE) v4.0 (300-715 SISE)

The Answer Is:

The Answer Is:

The Answer Is:

The Answer Is:

The Answer Is:

The Answer Is:

Explanation:

The Answer Is:

Explanation:

The Answer Is:

The Answer Is:

The Answer Is: