New Year Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

Cisco 300-715 - Implementing and Configuring Cisco Identity Services Engine (SISE) v4.0 (300-715 SISE)

Cisco 300-715 Premium Access     Download Demo    
Page: 4 / 9
Total 299 questions

Which two external identity stores support EAP-TLS and PEAP-TLS? (Choose two.)

A.

Active Directory

B.

RADIUS Token

C.

Internal Database

D.

RSA SecurlD

E.

LDAP

An administrator must provide wired network access to unidentified Cisco devices that fail 802.1X authentication. Cisco ISE profiling services must be configured to gather Cisco Discovery Protocol and LLDP endpoint information from a Cisco switch. These configurations were performed:

• configured switches to accept SNMP queries from Cisco ISE

• enabled Cisco Discovery Protocol and LLDP on the switches

• added the switch as a NAD to Cisco ISE

What must be enabled to complete the configuration?

A.

SNMP traps on the switch

B.

SNMP MIBs in Cisco ISE

C.

SNMP Trap probe in Cisco ISE

D.

SNMP Query probe in Cisco ISE

An administrator is configuring the Native Supplicant Profile to be used with the Cisco ISE posture agents and needs to test the connection using wired devices to determine which profile settings are available. Which two configuration settings should be used to accomplish this task? (Choose two.)

A.

authentication mode

B.

proxy host/IP

C.

certificate template

D.

security

E.

allowed protocol

What is an advantage of using EAP-TLS over EAP-MS-CHAPv2 for client authentication?

A.

EAP-TLS uses a username and password for authentication to enhance security, while EAP-MS-CHAPv2 does not.

B.

EAP-TLS secures the exchange of credentials, while EAP-MS-CHAPv2 does not.

C.

EAP-TLS uses a device certificate for authentication to enhance security, while EAP-MS-CHAPv2 does not.

D.

EAP-TLS uses multiple forms of authentication, while EAP-MS-CHAPv2 only uses one.

An engineer is tasked with placing a guest access anchor controller in the DMZ. Which two ports or port sets must be opened up on the firewall to accomplish this task? (Choose two.)

A.

UDP port 1812 RADIUS

B.

TCP port 161

C.

C. TCP port 514

D.

UDP port 79

E.

UDP port 16666

Which RADIUS attribute is used to dynamically assign the Inactivity active timer for MAB users from the Cisco ISE node?

A.

session timeout

B.

idle timeout

C.

radius-server timeout

D.

termination-action

Refer to the exhibit.

An engineer must configure Cisco ISE to be used as the TACACS+ server for any administrator that signs into the router. Users must be able to change their Telnet password through the TACACS+ server. Drag and drop the configuration steps from the left into the sequence on the right.

A network administrator is configuring client provisioning resource policies for client machines and must ensure that an agent pop-up is presented to the client when attempting to connect to the network Which configuration item needs to be added to allow for this'?

A.

the client provisioning URL in the authorization policy

B.

a temporal agent that gets installed onto the system

C.

a remote posture agent proxying the network connection

D.

an API connection back to the client

Which two endpoint compliance statuses are possible? (Choose two.)

A.

unknown

B.

known

C.

invalid

D.

compliant

E.

valid

Which type of identity store allows for creating single-use access credentials in Cisco ISE?

A.

OpenLDAP

B.

Local

C.

PKI

D.

RSA SecurID