Spring Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

Cisco 300-715 - Implementing and Configuring Cisco Identity Services Engine (SISE) v4.0 (300-715 SISE)

Cisco 300-715 Premium Access     Download Demo    
Page: 8 / 9
Total 299 questions

TION NO: 69

Refer to the exhibit.

A network engineers configuring the switch to accept downloadable ACLs from a Cisco ISC server Which two commands should be run to complete the configuration? (Choose two)

A.

aaa authorization auth-proxy default group radius

B.

radius server vsa sand authentication

C.

radius-server attribute 8 include-in-access-req

D.

ip device tracking

E.

dot1x system-auth-control

What is an advantage of TACACS+ versus RADIUS authentication when reviewing reports in Cisco ISE?

A.

TACACS+ reduces authentication latency, and RADIUS increases latency by adding additional packet headers.

B.

TACACS+ performs secure communication with IPsec, and RADIUS uses DTLS encryption.

C.

TACACS+ provides command accounting, and RADIUS combines authentication and authorization.

D.

TACACS+ uses SSL certificates, and RADIUS does not have encryption.

A network administrator notices that after a company-wide shut down, many users cannot connect their laptops to the corporate SSID. What must be done to permit access in a timely manner?

A.

Authenticate the user's system to the secondary Cisco ISE node and move this user to the primary with the renewed certificate.

B.

Connect this system as a guest user and then redirect the web auth protocol to log in to the network.

C.

Add a certificate issue from the CA server, revoke the expired certificate, and add the new certificate in system.

D.

Allow authentication for expired certificates within the EAP-TLS section under the allowed protocols.

A network security administrator needs a web authentication configuration when a guest user connects to the network with a wireless connection using these steps:

. An initial MAB request is sent to the Cisco ISE node.

. Cisco ISE responds with a URL redirection authorization profile if the user's MAC address is unknown in the endpoint identity store.

. The URL redirection presents the user with an AUP acceptance page when the user attempts to go to any URL.

Which authentication must the administrator configure on Cisco ISE?

A.

device registration WebAuth

B.

WLC with local WebAuth

C.

wired NAD with local WebAuth

D.

NAD with central WebAuth

NO: 188

During a 802 1X deployment, an engineer must identify failed authentications without causing problems for the connected endpoint. Which command will successfully achieve this''

A.

dot1x system-auth-control

B.

dot1x pae authenticator

C.

authentication open

D.

authentication port-control auto

Which three default endpoint identity groups does cisco ISE create? (Choose three)

A.

Unknown

B.

whitelist

C.

end point

D.

profiled

E.

blacklist

An engineer needs to configure a compliance policy on Cisco ISE to ensure that the latest encryption software is running on the C drive of all endpoints. Drag and drop the configuration steps from the left into the sequence on the right to accomplish this task.

An engineer is testing Cisco ISE policies in a lab environment with no support for a deployment server. In order to push supplicant profiles to the workstations for testing, firewall ports will need to be opened. From which Cisco ISE persona should this traffic be originating?

A.

monitoring

B.

policy service

C.

administration

D.

authentication

What gives Cisco ISE an option to scan endpoints for vulnerabilities?

A.

authorization policy

B.

authentication policy

C.

authentication profile

D.

authorization profile

An engineer is creating a new authorization policy to give the endpoints access to VLAN 310 upon successful authentication The administrator tests the 802.1X authentication for the endpoint and sees that it is authenticating successfully What must be done to ensure that the endpoint is placed into the correct VLAN?

A.

Configure the switchport access vlan 310 command on the switch port

B.

Ensure that the security group is not preventing the endpoint from being in VLAN 310

C.

Add VLAN 310 in the common tasks of the authorization profile

D.

Ensure that the endpoint is using The correct policy set