New Year Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

Cisco 300-715 - Implementing and Configuring Cisco Identity Services Engine (SISE) v4.0 (300-715 SISE)

Cisco 300-715 Premium Access     Download Demo    
Page: 1 / 9
Total 299 questions

An administrator for a small network is configuring Cisco ISE to provide dynamic network access to users. Management needs Cisco ISE to not automatically trigger a CoA whenever a profile change is detected. Instead, the administrator needs to verify the new profile and manually trigger a CoA. What must be configuring in the profiler to accomplish this goal?

A.

Port Bounce

B.

No CoA

C.

Session Query

D.

Reauth

NO: 184

An engineer builds a five-node distributed Cisco ISE deployment The first two deployed nodes are responsible for the primary and secondary administration and monitoring personas Which persona configuration is necessary to have the remaining three Cisco ISE nodes serve as dedicated nodes in the Cisco ISE cube that is responsible only for handling the RADIUS and TACACS+ authentication requests, identity lookups, and policy evaluation?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

What is a method for transporting security group tags throughout the network?

A.

by enabling 802.1AE on every network device

B.

by the Security Group Tag Exchange Protocol

C.

by embedding the security group tag in the IP header

D.

by embedding the security group tag in the 802.1Q header

An engineer needs to configure a Cisco ISE server to issue a CoA for endpoints already authenticated to access the network. The CoA option must be enforced on a session, even if there are multiple active sessions on a port. What must be configured to accomplish this task?

A.

the Reauth CoA option in the Cisco ISE system profiling settings enabled

B.

an endpoint profiling policy with the No CoA option enabled

C.

an endpoint profiling policy with the Port Bounce CoA option enabled

D.

the Port Bounce CoA option in the Cisco ISE system profiling settings enabled

An engineer is assigned to enhance security across the campus network. The task is to enable MAB across all access switches in the network. Which command must be entered on the switch to enable MAB?

A.

Switch# authentication port-control auto

B.

Switch{conflg)# mab

C.

Switch{config-lf) # mab

D.

Switch(config)# authentication port-control auto

Which two ports do network devices typically use for CoA? (Choose two)

A.

443

B.

19005

C.

8080

D.

3799

E.

1700

Refer to the exhibit. An engineer needs to configure central web authentication on the Cisco Wireless LAN Controller to use Cisco ISE for all guests connected to the wireless network. The components are configured already:

• Cisco Wireless LAN Controller is fully configured

• authorization profile on the Cisco ISE

• authentication policy on the Cisco ISE

Which component would be configured next on Cisco ISE?

A.

authorization policy

B.

authentication profile

C.

accounting profile

D.

authorization rule

A network security engineer needs to configure 802.1X port authentication to allow a single host to be authenticated for data and another single host to be authenticated for voice. Which command should the engineer run on the interface to accomplish this goal?

A.

authentication host-mode single-host

B.

authentication host-mode multi-auth

C.

authentication host-mode multi-host

D.

authentication host-mode multi-domain

Which two values are compared by the binary comparison (unction in authentication that is based on Active Directory?

A.

subject alternative name and the common name

B.

MS-CHAPv2 provided machine credentials and credentials stored in Active Directory

C.

user-presented password hash and a hash stored in Active Directory

D.

user-presented certificate and a certificate stored in Active Directory

An engineer wants to learn more about Cisco ISE and deployed a new lab with two nodes. Which two persona configurations allow the engineer to successfully test redundancy of a failed node? (Choose two.)

A.

Configure one of the Cisco ISE nodes as the Health Check node.

B.

Configure both nodes with the PAN and MnT personas only.

C.

Configure one of the Cisco ISE nodes as the primary PAN and MnT personas and the other as the secondary.

D.

Configure both nodes with the PAN, MnT, and PSN personas.

E.

Configure one of the Cisco ISE nodes as the primary PAN and PSN personas and the other as the secondary.