Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

Cisco 300-715 - Implementing and Configuring Cisco Identity Services Engine (SISE) v4.0 (300-715 SISE)

Cisco 300-715 Premium Access     Download Demo    
Page: 3 / 8
Total 243 questions

What gives Cisco ISE an option to scan endpoints for vulnerabilities?

A.

authorization policy

B.

authentication policy

C.

authentication profile

D.

authorization profile

Which compliance status is set when a matching posture policy has been defined for that endpomt. but all the mandatory requirements during posture assessment are not met?

A.

unauthorized

B.

untrusted

C.

non-compliant

D.

unknown

A customer wants to set up the Sponsor portal and delegate the authentication flow to a third party for added security while using Kerberos Which database should be used to accomplish this goal?

A.

RSA Token Server

B.

Active Directory

C.

Local Database

D.

LDAP

A network administrator is configuring authorization policies on Cisco ISE There is a requirement to use AD group assignments to control access to network resources After a recent power failure and Cisco ISE rebooting itself, the AD group assignments no longer work What is the cause of this issue?

A.

The AD join point is no longer connected.

B.

The AD DNS response is slow.

C.

The certificate checks are not being conducted.

D.

The network devices ports are shut down.

What is a function of client provisioning?

A.

It ensures an application process is running on the endpoint.

B.

It checks a dictionary' attribute with a value.

C.

It ensures that endpoints receive the appropriate posture agents

D.

It checks the existence date and versions of the file on a client.

An engineer is configuring ISE for network device administration and has devices that support both protocols. What are two benefits of choosing TACACS+ over RADUs for these devices? (Choose two.)

A.

TACACS+ is FIPS compliant while RADIUS is not

B.

TACACS+ is designed for network access control while RADIUS is designed for role-based access.

C.

TACACS+ uses secure EAP-TLS while RADIUS does not.

D.

TACACS+ provides the ability to authorize specific commands while RADIUS does not

E.

TACACS+ encrypts the entire payload being sent while RADIUS only encrypts the password.

Which two values are compared by the binary comparison (unction in authentication that is based on Active Directory?

A.

subject alternative name and the common name

B.

MS-CHAPv2 provided machine credentials and credentials stored in Active Directory

C.

user-presented password hash and a hash stored in Active Directory

D.

user-presented certificate and a certificate stored in Active Directory

Which statement about configuring certificates for BYOD is true?

A.

An Android endpoint uses EST, whereas other operating systems use SCEP for enrollment

B.

The SAN field is populated with the end user name.

C.

An endpoint certificate is mandatory for the Cisco ISE BYOD

D.

The CN field is populated with the endpoint host name

An administrator must block access to BYOD endpoints that were onboarded without a certificate and have been reported as stolen in the Cisco ISE My Devices Portal. Which condition must be used when configuring an authorization policy that sets DenyAccess permission?

A.

Endpoint Identity Group is Blocklist, and the BYOD state is Registered.

B.

Endpoint Identify Group is Blocklist, and the BYOD state is Pending.

C.

Endpoint Identity Group is Blocklist, and the BYOD state is Lost.

D.

Endpoint Identity Group is Blocklist, and the BYOD state is Reinstate.

An administrator is configuring a new profiling policy within Cisco ISE The organization has several endpoints that are the same device type and all have the same Block ID in their MAC address. The profiler does not currently have a profiling policy created to categorize these endpoints. therefore a custom profiling policy must be created Which condition must the administrator use in order to properly profile an ACME Al Connector endpoint for network access with MAC address ?

A.

MAC_OUI_STARTSWITH_

B.

CDP_cdpCacheDevicelD_CONTAINS_

C.

MAC_MACAddress_CONTAINS_

D.

Radius Called Station-ID STARTSWITH