300-715 Exam Questions

Total 152 Questions

Last Updated Exam : 16-Dec-2024

What allows an endpoint to obtain a digital certificate from Cisco ISE during a BYOD flow?


A.

Network Access Control


B.

My Devices Portal


C.

Application Visibility and Control


D.

Supplicant Provisioning Wizard





B.
  

My Devices Portal



Which use case validates a change of authorization?


A.

An authenticated, wired EAP-capable endpoint is discovered


B.

An endpoint profiling policy is changed for authorization policy


C.

An endpoint that is disconnected from the network is discovered


D.

Endpoints are created through device registration for the guests





B.
  

An endpoint profiling policy is changed for authorization policy



When configuring Active Directory groups, what does the Cisco ISE use to resolve ambiguous group names?


A.

MIB


B.

TGT


C.

OMAB


D.

SID





D.
  

SID



What is the minimum certainty factor when creating a profiler policy?


A.

the minimum number that a predefined condition provides


B.

the maximum number that a predefined condition provides


C.

the minimum number that a device certainty factor must reach to become a member of the profile


D.

the maximum number that a device certainty factor must reach to become a member of the profile





C.
  

the minimum number that a device certainty factor must reach to become a member of the profile



What gives Cisco ISE an option to scan endpoints for vulnerabilities?


A.

authorization policy


B.

authentication policy


C.

authentication profile


D.

authorization profile





A.
  

authorization policy



What is a requirement for Feed Service to work?


A.

TCP port 3080 must be opened between Cisco ISE and the feed server


B.

Cisco ISE has a base license


C.

Cisco ISE has access to an internal server to download feed update


D.

Cisco ISE has Internet access to download feed update





C.
  

Cisco ISE has access to an internal server to download feed update



Which two values are compared by the binary comparison (unction in authentication that is based on Active Directory?


A.

subject alternative name and the common name


B.

MS-CHAPv2 provided machine credentials and credentials stored in Active Directory


C.

user-presented password hash and a hash stored in Active Directory


D.

user-presented certificate and a certificate stored in Active Directory





A.
  

subject alternative name and the common name



B.
  

MS-CHAPv2 provided machine credentials and credentials stored in Active Directory



Basic certificate checking does not require an identity source. If you want binary comparison checking for the certificates, you must select an identity source. If you select Active Directory as an identity source, subject and common name and subject alternative
name (all values) can be used to look up a user.
https://www.cisco.com/c/en/us/td/docs/security/ise/1-
3/admin_guide/b_ise_admin_guide_13/ b_ise_admin_guide_sample_chapter_01110.html

Which two default endpoint identity groups does cisco ISE create? (Choose three )


A.

Unknown


B.

whitelist


C.

end point


D.

profiled


E.

blacklist





A.
  

Unknown



D.
  

profiled



E.
  

blacklist



Default Endpoint Identity Groups Created for EndpointsCisco ISE creates the following five endpoint identity groups by default: Blacklist, GuestEndpoints, Profiled, RegisteredDevices, and Unknown. In addition, it creates two more identity groups, such as Cisco-IP-Phone and Workstation, which are associated to the Profiled (parent) identity group. A parent group is the default identity group that exists in the system.
https://www.cisco.com/c/en/us/td/docs/security/ise/2-
4/admin_guide/b_ise_admin_guide_24/b_ise_admin_guide_24_new_chapter_010101.html #ID1678

A network administrator has just added a front desk receptionist account to the Cisco ISE Guest Service sponsor group. Using the Cisco ISE Guest Sponsor Portal, which guest services can the receptionist provide?


A.

Keep track of guest user activities


B.

Configure authorization settings for guest users


C.

Create and manage guest user accounts


D.

Authenticate guest users to Cisco ISE





C.
  

Create and manage guest user accounts



Which personas can a Cisco ISE node assume'?


A.

policy service, gatekeeping, and monitoring


B.

administration, policy service, and monitoring


C.

administration, policy service, gatekeeping


D.

administration, monitoring, and gatekeeping





B.
  

administration, policy service, and monitoring



https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_dis_deploy.html
The persona or personas of a node determine the services provided by a node. An ISE node can assume any or all of the following personas: Administration, Policy Service, and Monitoring. The menu options that are available through the administrative user interface are dependent on the role and personas that an ISE node assumes. See Cisco ISE Nodes and Available Menu Options for more information.


Page 5 out of 16 Pages
Previous