Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

Cisco 300-715 - Implementing and Configuring Cisco Identity Services Engine (SISE) v4.0 (300-715 SISE)

Cisco 300-715 Premium Access     Download Demo    
Page: 7 / 8
Total 243 questions

Which are two characteristics of TACACS+? (Choose two)

A.

It uses TCP port 49.

B.

It combines authorization and authentication functions.

C.

It separates authorization and authentication functions.

D.

It encrypts the password only.

E.

It uses UDP port 49.

An administrator for a small network is configuring Cisco ISE to provide dynamic network access to users. Management needs Cisco ISE to not automatically trigger a CoA whenever a profile change is detected. Instead, the administrator needs to verify the new profile and manually trigger a CoA. What must be configuring in the profiler to accomplish this goal?

A.

Port Bounce

B.

No CoA

C.

Session Query

D.

Reauth

A network engineer needs to ensure that the access credentials are not exposed during the 802.1x authentication among components. Which two protocols should complete this task?

A.

PEAP

B.

EAP-MD5

C.

LEAP

D.

EAP-TLS

E.

EAP-TTLS

Which two features are available when the primary admin node is down and the secondary admin node has not been promoted? (Choose two.)

A.

hotspot

B.

new AD user 802 1X authentication

C.

posture

D.

BYOD

E.

guest AUP

An engineer is configuring 802.1X and is testing out their policy sets. After authentication, some endpoints are given an access-reject message but are still allowed onto the network. What is causing this issue to occur?

A.

The switch port is configured with authentication event server dead action authorize vlan.

B.

The authorization results for the endpoints include a dACL allowing access.

C.

The authorization results for the endpoints include the Trusted security group tag.

D.

The switch port is configured with authentication open.

Which two probes must be enabled for the ARP cache to function in the Cisco ISE profile service so that a user can reliably bind the IP address and MAC addresses of endpoints? (Choose two.)

A.

NetFlow

B.

SNMP

C.

HTTP

D.

DHCP

E.

RADIUS

An organization is hosting a conference and must make guest accounts for several of the speakers attending. The conference ended two days early but the guest accounts are still being used to access the network. What must be configured to correct this?

A.

Create an authorization rule denying sponsored guest access.

B.

Navigate to the Guest Portal and delete the guest accounts.

C.

Create an authorization rule denying guest access.

D.

Navigate to the Sponsor Portal and suspend the guest accounts.

When configuring an authorization policy, an administrator cannot see specific Active Directory groups present in their domain to be used as a policy condition. However, other groups that are in the same domain are seen What is causing this issue?

A.

Cisco ISE only sees the built-in groups, not user created ones

B.

The groups are present but need to be manually typed as conditions

C.

Cisco ISE's connection to the AD join point is failing

D.

The groups are not added to Cisco ISE under the AD join point

An engineer is working on a switch and must tag packets with SGT values such that it learns via SXP. Which command must be entered to meet this requirement?

A.

ip source guard

B.

ip dhcp snooping

C.

ip device tracking maximum

D.

ip arp inspection

What happens when an internal user is configured with an external identity store for authentication, but an engineer uses the Cisco ISE admin portal to select an internal identity store as the identity source?

A.

Authentication is redirected to the internal identity source.

B.

Authentication is redirected to the external identity source.

C.

Authentication is granted.

D.

Authentication fails.