New Year Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

Cisco 300-715 - Implementing and Configuring Cisco Identity Services Engine (SISE) v4.0 (300-715 SISE)

Cisco 300-715 Premium Access     Download Demo    
Page: 3 / 9
Total 299 questions

What should be considered when configuring certificates for BYOD?

    An endpoint certificate is mandatory for the Cisco ISE BYOD

A.

An Android endpoint uses EST whereas other operation systems use SCEP for enrollment

B.

The CN field is populated with the endpoint host name.

C.

The SAN field is populated with the end user name

Which Cisco ISE deployment model is recommended for an enterprise that has over 50,000 concurrent active endpoints?

A.

large deployment with fully distributed nodes running all personas

B.

medium deployment with primary and secondary PAN/MnT/pxGrid nodes with shared PSNs

C.

medium deployment with primary and secondary PAN/MnT/pxGrid nodes with dedicated PSNs

D.

small deployment with one primary and one secondary node running all personas

Which RADIUS attribute is used to dynamically assign the inactivity active timer for MAB users from the Cisco ISE node'?

A.

radius-server timeout

B.

session-timeout

C.

idle-timeout

D.

termination-action

An administrator must block access to BYOD endpoints that were onboarded without a certificate and have been reported as stolen in the Cisco ISE My Devices Portal. Which condition must be used when configuring an authorization policy that sets DenyAccess permission?

A.

Endpoint Identity Group is Blocklist, and the BYOD state is Registered.

B.

Endpoint Identify Group is Blocklist, and the BYOD state is Pending.

C.

Endpoint Identity Group is Blocklist, and the BYOD state is Lost.

D.

Endpoint Identity Group is Blocklist, and the BYOD state is Reinstate.

Which nodes are supported in a distributed Cisco ISE deployment?

A.

Policy Service nodes tor automatic failover

B.

Administration nodes for session failover

C.

Monitoring nodes for PxGrid services

D.

Policy Service nodes for session failover

A network engineer needs to ensure that the access credentials are not exposed during the 802.1x authentication among components. Which two protocols should complete this task?

A.

PEAP

B.

EAP-MD5

C.

LEAP

D.

EAP-TLS

E.

EAP-TTLS

An engineer is configuring Cisco ISE policies to support MAB for devices that do not have 802.1X capabilities. The engineer is configuring new endpoint identity groups as conditions to be used in the AuthZ policies, but noticed that the endpoints are not hitting the correct policies. What must be done in order to get the devices into the right policies?

A.

Manually add the MAC addresses of the devices to endpoint ID groups in the context visibility database.

B.

Create an AuthZ policy to identify Unknown devices and provide partial network access prior to profiling.

C.

Add an identity policy to dynamically add the IP address of the devices to their endpoint identity groups.

D.

Identify the non 802.1X supported device types and create custom profiles for them to profile into.

What are two requirements of generating a single signing in Cisco ISE by using a certificate provisioning portal, without generating a certificate request? (Choose two )

A.

Location the CSV file for the device MAC

B.

Select the certificate template

C.

Choose the hashing method

D.

Enter the common name

E.

Enter the IP address of the device

What are two differences between the RADIUS and TACACS+ protocols'? (Choose two.)

A.

RADIUS is a Cisco proprietary protocol, whereas TACACS+ is an open standard protocol

B.

TACACS+uses TCP port 49. whereas RADIUS uses UDP ports 1812 and 1813.

C.

RADIUS offers multiprotocol support, whereas TACACS+ does not

D.

RADIUS combines authentication and authorization, whereas TACACS+ does not

E.

RADIUS enables encryption of all the packets, whereas with TACACS+. only the password is encrypted.

An engineer is starting to implement a wired 802.1X project throughout the campus. The task is to ensure that the authentication procedure is disabled on the ports but still allows all endpoints to connect to the network. Which port-control option must the engineer configure?

A.

pae-disabled

B.

force-unauthorized

C.

auto

D.

force-authorized