This page was exported from Actual Test Materials [ http://blog.actualtests4sure.com ] Export date:Fri Nov 15 20:26:09 2024 / +0000 GMT ___________________________________________________ Title: Share Latest Nov-2022 300-715 DUMP with 210 Questions and Answers [Q118-Q137] --------------------------------------------------- Share Latest Nov-2022 300-715 DUMP with 210 Questions and Answers PDF Dumps 2022 Exam Questions with Practice Test NO.118 A network administrator is setting up wireless guest access and has been unsuccessful in testing client access. The endpoint is able to connect to the SSID but is unable to grant access to the guest network through the guest portal. What must be done to identify the problem?  Use context visibility to verify posture status.  Use the endpoint ID to execute a session trace.  Use the identity group to validate the authorization rules.  Use traceroute to ensure connectivity. https://www.cisco.com/c/en/us/td/docs/security/ise/1-3/admin_guide/b_ise_admin_guide_13/b_ise_admin_guide_sample_chapter_011001.html#concept_87916A77E8774545B36D0BB422429596NO.119 An engineer is designing a BYOD environment utilizing Cisco ISE for devices that do not support native supplicants Which portal must the security engineer configure to accomplish this task?  MDM  Client provisioning  My devices  BYOD Reference:https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/admin_guide/b_ise_admin_guide_22/b_ise_admin_guide_22_chapter_01111.htmlNO.120 Which two task types are included in the Cisco ISE common tasks support for TACACS+ profiles? (Choose two.)  Firepower  WLC  IOS  ASA  Shell https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_0100010.html TACACS+ Profile TACACS+ profiles control the initial login session of the device administrator. A session refers to each individual authentication, authorization, or accounting request. A session authorization request to a network device elicits an ISE response. The response includes a token that is interpreted by the network device, which limits the commands that may be executed for the duration of a session. The authorization policy for a device administration access service can contain a single shell profile and multiple command sets. The TACACS+ profile definitions are split into two components:Common tasksCustom attributesThere are two views in the TACACS+ Profiles page (Work Centers > Device Administration > Policy Elements > Results > TACACS Profiles)–Task Attribute View and Raw View. Common tasks can be entered using the Task Attribute View and custom attributes can be created in the Task Attribute View as well as the Raw View.The Common Tasks section allows you to select and configure the frequently used attributes for a profile. The attributes that are included here are those defined by the TACACS+ protocol draft specifications. However, the values can be used in the authorization of requests from other services. In the Task Attribute View, the ISE administrator can set the privileges that will be assigned to the device administrator. The common task types are:ShellWLCNexusGenericThe Custom Attributes section allows you to configure additional attributes. It provides a list of attributes that are not recognized by the Common Tasks section. Each definition consists of the attribute name, an indication of whether the attribute is mandatory or optional, and the value for the attribute. In the Raw View, you can enter the mandatory attributes using a equal to (=) sign between the attribute name and its value and optional attributes are entered using an asterisk (*) between the attribute name and its value. The attributes entered in the Raw View are reflected in the Custom Attributes section in the Task Attribute View and vice versa. The Raw View is also used to copy paste the attribute list (for example, another product’s attribute list) from the clipboard onto ISE. Custom attributes can be defined for nonshell services.NO.121 What are two requirements of generating a single signing in Cisco ISE by using a certificate provisioning portal, without generating a certificate request? (Choose two )  Location the CSV file for the device MAC  Select the certificate template  Choose the hashing method  Enter the common name  Enter the IP address of the device Explanationhttps://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/200534-ISE-2-0-Certificate-ProvisNO.122 When creating a policy within Cisco ISE for network access control, the administrator wants to allow different access restrictions based upon the wireless SSID to which the device is connecting. Which policy condition must be used in order to accomplish this?  Network Access NetworkDeviceName CONTAINS <SSID Name>  DEVICE Device Type CONTAINS <SSID Name>  Radius Called-Station-ID CONTAINS <SSID Name>  Airespace Airespace-Wlan-ld CONTAINS <SSID Name> Explanationhttps://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115734-ise-policies-ssid-00.htNO.123 Refer to the exhibit.A network engineers configuring the switch to accept downloadable ACLs from a Cisco ISC server Which two commands should be run to complete the configuration? (Choose two)  aaa authorization auth-proxy default group radius  radius server vsa sand authentication  radius-server attribute 8 include-in-access-req  ip device tracking  dot1x system-auth-control NO.124 Which portal is used to customize the settings for a user to log in and download the compliance module?  Client Provisioning  Client Endpoint  Client Profiling  Client Guest Section: Endpoint ComplianceNO.125 What is the purpose of the ip http server command on a switch?  It enables the https server for users for web authentication  It enables MAB authentication on the switch  It enables the switch to redirect users for web authentication.  It enables dot1x authentication on the switch. NO.126 How is policy services node redundancy achieved in a deployment?  by enabling VIP  by utilizing RADIUS server list on the NAD  by creating a node group  by deploying both primary and secondary node NO.127 An organization wants to improve their BYOD processes to have Cisco ISE issue certificates to the BYOD endpoints. Currently, they have an active certificate authority and do not want to replace it with Cisco ISE. What must be configured within Cisco ISE to accomplish this goal?  Create a certificate signing request and have the root certificate authority sign it.  Add the root certificate authority to the trust store and enable it for authentication.  Create an SCEP profile to link Cisco ISE with the root certificate authority.  Add an OCSP profile and configure the root certificate authority as secondary. NO.128 Which two values are compared by the binary comparison (unction in authentication that is based on Active Directory?  subject alternative name and the common name  MS-CHAPv2 provided machine credentials and credentials stored in Active Directory  user-presented password hash and a hash stored in Active Directory  user-presented certificate and a certificate stored in Active Directory Basic certificate checking does not require an identity source. If you want binary comparison checking for the certificates, you must select an identity source. If you select Active Directory as an identity source, subject and common name and subject alternative name (all values) can be used to look up a user. https://www.cisco.com/c/en/us/td/docs/security/ise/1-3/admin_guide/b_ise_admin_guide_13/ b_ise_admin_guide_sample_chapter_01110.htmlNO.129 An administrator is attempting to replace the built-in self-signed certificates on a Cisco ISE appliance. The CA is requesting some information about the appliance in order to sign the new certificate. What must be done in order to provide the CA this information?  Install the Root CA and intermediate CA.  Generate the CSR.  Download the intermediate server certificate.  Download the CA server certificate. NO.130 Which personas can a Cisco ISE node assume’?  policy service, gatekeeping, and monitoring  administration, policy service, and monitoring  administration, policy service, gatekeeping  administration, monitoring, and gatekeeping Reference:https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_dis_deploy.html The persona or personas of a node determine the services provided by a node. An ISE node can assume any or all of the following personas: Administration, Policy Service, and Monitoring. The menu options that are available through the administrative user interface are dependent on the role and personas that an ISE node assumes. See Cisco ISE Nodes and Available Menu Options for more information.NO.131 An engineer is configuring a virtual Cisco ISE deployment and needs each persona to be on a different node.Which persona should be configured with the largest amount of storage in this environment?  policy Services  Primary Administration  Monitoring and Troubleshooting  Platform Exchange Grid NO.132 An organization wants to implement 802.1X and is debating whether to use PEAP-MSCHAPv2 or PEAP-EAP-TLS for authentication. Drag the characteristics on the left to the corresponding protocol on the right. NO.133 Drag the steps to configure a Cisco ISE node as a primary administration node from the left into the correct order on the night. Explanationhttps://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ise_admin_guide_24/b_ise_admin_guide Step 1 Choose Administration > System The Register button will be disabled initially. To enable this button, you must configure a Primary PAN.Step 2Check the check box next to the current node, and clickStep 3Click Make Primary to configure your Primary PAN.Step 4Enter data on the General Settings tab.Step 5Click Save to save the node configuration.NO.134 Drag and Drop QuestionDrag the steps to configure a Cisco ISE node as a primary administration node from the left into the correct order on the night. Explanation:https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ise_admin_guide_24/b_ise_admin_guide_24_new_chapter_011.html Step 1 Choose Administration > System > Deployment.The Register button will be disabled initially. To enable this button, you must configure a Primary PAN.Step 2Check the check box next to the current node, and click Edit.Step 3Click Make Primary to configure your Primary PAN.Step 4Enter data on the General Settings tab.Step 5Click Save to save the node configuration.NO.135 An administrator is troubleshooting an endpoint that is supposed to bypass 802 1X and use MAB. The endpoint is bypassing 802.1X and successfully getting network access using MAB. however the endpoint cannot communicate because it cannot obtain an IP address. What is the problem?  The DHCP probe for Cisco ISE is not working as expected.  The 802.1 X timeout period is too long.  The endpoint is using the wrong protocol to authenticate with Cisco ISE.  An AC I on the port is blocking HTTP traffic NO.136 What does a fully distributed Cisco ISE deployment include?  PAN and PSN on the same node while MnTs are on their own dedicated nodes.  PAN and MnT on the same node while PSNs are on their own dedicated nodes.  All Cisco ISE personas on their own dedicated nodes.  All Cisco ISE personas are sharing the same node. NO.137 In which two ways can users and endpoints be classified for TrustSec?(Choose Two.)  VLAN  SXP  dynamic  QoS  SGACL  Loading … Dumps for Free 300-715 Practice Exam Questions: https://www.actualtests4sure.com/300-715-test-questions.html --------------------------------------------------- Images: https://blog.actualtests4sure.com/wp-content/plugins/watu/loading.gif https://blog.actualtests4sure.com/wp-content/plugins/watu/loading.gif --------------------------------------------------- --------------------------------------------------- Post date: 2022-11-13 14:36:27 Post date GMT: 2022-11-13 14:36:27 Post modified date: 2022-11-13 14:36:27 Post modified date GMT: 2022-11-13 14:36:27