Winter Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

Cisco 300-715 - Implementing and Configuring Cisco Identity Services Engine (SISE) v4.0 (300-715 SISE)

Cisco 300-715 Premium Access     Download Demo    
Page: 3 / 9
Total 295 questions

An administrator made changes in Cisco ISE and needs to apply new permissions for endpoints that have already been authenticated by sending a CoA packet to the network devices. Which IOS command must be configured on the devices to accomplish this goal?

A.

aaa server radius dynamic-author

B.

authentication command bounce-port

C.

authentication command disable-port

D.

aaa nas port extended

What are two requirements of generating a single signing in Cisco ISE by using a certificate provisioning portal, without generating a certificate request? (Choose two )

A.

Location the CSV file for the device MAC

B.

Select the certificate template

C.

Choose the hashing method

D.

Enter the common name

E.

Enter the IP address of the device

A network engineer needs to ensure that the access credentials are not exposed during the 802.1x authentication among components. Which two protocols should complete this task?

A.

PEAP

B.

EAP-MD5

C.

LEAP

D.

EAP-TLS

E.

EAP-TTLS

A Cisco ISE administrator needs to ensure that guest endpoint registrations are only valid for one day When testing the guest policy flow, the administrator sees that the Cisco ISE does not delete the endpoint in the Guest Endpoints identity store after one day and allows access to the guest network after that period. Which configuration is causing this problem?

A.

The Endpoint Purge Policy is set to 30 days for guest devices

B.

The RADIUS policy set for guest access is set to allow repeated authentication of the same device

C.

The length of access is set to 7 days in the Guest Portal Settings

D.

The Guest Account Purge Policy is set to 15 days

An engineer deploys Cisco ISE and must configure Active Directory to then use information from Active Directory in an authorization policy. Which two components must be configured, in addition to Active Directory groups, to achieve this goat? (Choose two )

A.

Active Directory External Identity Sources

B.

Library Condition for External Identity. External Groups

C.

Identity Source Sequences

D.

LDAP External Identity Sources

E Library Condition for Identity Group: User Identity Group

Wireless network users authenticate to Cisco ISE using 802.1X through a Cisco Catalyst switch. An engineer must create an updated configuration to assign a security group tag to the user's traffic using inline tagging to prevent unauthenticated users from accessing a restricted server. The configurations were performed:

• configured Cisco ISE as a Cisco TrustSec AAA server

• configured the switch as a RADIUS device in Cisco ISE

• configured the wireless LAN controller as a TrustSec device in Cisco ISE

• created a security group tog for the wireless users

• created a certificate authentication profile

â–  created an identity source sequence

• assigned an appropriate security group tag to the wireless users

• defined security group access control lists to specify an egress policy

• enforced the access control lists on the TrustSec policy matrix in Cisco ISE

• configured TrustSec on the switch

• configured TrustSec on the wireless LAN controller

Which two actions must be taken to complete the configuration? (Choose two.)

A.

Configure Security Group Tag Exchange Protocol on the wireless LAN controller.

B.

Configure Security Group Tag Exchange Protocol to distribute IP to security group tags on Cisco ISE.

C.

Configure inline tag propagation on the switch and wireless LAN controller.

D.

Create static IP-to-SGT mapping for the restricted web server.

E.

Configure Security Group Tag Exchange Protocol on the switch.

When configuring Active Directory groups, what does the Cisco ISE use to resolve ambiguous group names?

A.

MIB

B.

TGT

C.

OMAB

D.

SID

Refer to the exhibit. An engineer must configure BYOD in Cisco ISE. A single SSID must be used to allow BYOD devices to connect to the network. These configurations have been performed on Wireless LAN Controller already:

RADIUS server

BYOD-Dot1x SSID

Which two configurations must be done in Cisco ISE to meet the requirement? (Choose two.)

A.

FlexConnect ACL

B.

External identity source

C.

Authentication policy

D.

Redirect ACL

E.

Profiling policy

When creating a policy within Cisco ISE for network access control, the administrator wants to allow different access restrictions based upon the wireless SSID to which the device is connecting. Which policy condition must be used in order to accomplish this?

A.

Network Access NetworkDeviceName CONTAINS

B.

DEVICE Device Type CONTAINS

C.

Radius Called-Station-ID CONTAINS

D.

Airespace Airespace-Wlan-ld CONTAINS

What is a difference between RADIUS versus TACACS+ with regards to packet encryption?

A.

TACACS+ encrypts the entire body of the packet, and RADIUS encrypts the username and password in the access-request packet.

B.

RADIUS encrypts the entire body of the packet, and TACACS+ encrypts the username and password in the access-request packet.

C.

RADIUS encrypts the entire body of the packet, and TACACS+ encrypts only the password in the access-request packet.

D.

TACACS+ encrypts the entire body of the packet, and RADIUS encrypts only the password in the access-request packet.