Get New 2023 Cisco exam 300-715 Dumps Bundle On flat Updated Dumps!
Full 300-715 Practice Test and 240 unique questions with explanations waiting just for you, get it now!
NEW QUESTION # 83
What gives Cisco ISE an option to scan endpoints for vulnerabilities?
- A. authorization policy
- B. authorization profile
- C. authentication policy
- D. authentication profile
Answer: B
NEW QUESTION # 84
What is needed to configure wireless guest access on the network?
- A. endpoint already profiled in ISE
- B. Captive Portal Bypass turned on
- C. WEBAUTH ACL for redirection
- D. valid user account in Active Directory
Answer: B
Explanation:
Section: Web Auth and Guest Services
Explanation/Reference:
NEW QUESTION # 85
By default, which traffic does an 802.IX-enabled switch allow before authentication?
- A. traffic permitted in the port dACL on Cisco ISE
- B. no traffic
- C. traffic permitted in the default ACL on the switch
- D. all traffic
Answer: C
NEW QUESTION # 86
A network administrator has just added a front desk receptionist account to the Cisco ISE Guest Service sponsor group. Using the Cisco ISE Guest Sponsor Portal, which guest services can the receptionist provide?
- A. Create and manage guest user accounts.
- B. Authenticate guest users to Cisco ISE.
- C. Keep track of guest user activities.
- D. Configure authorization settings for guest users.
Answer: A
Explanation:
Section: Web Auth and Guest Services
NEW QUESTION # 87
When creating a policy within Cisco ISE for network access control, the administrator wants to allow different access restrictions based upon the wireless SSID to which the device is connecting. Which policy condition must be used in order to accomplish this?
- A. DEVICE Device Type CONTAINS <SSID Name>
- B. Airespace Airespace-Wlan-ld CONTAINS <SSID Name>
- C. Network Access NetworkDeviceName CONTAINS <SSID Name>
- D. Radius Called-Station-ID CONTAINS <SSID Name>
Answer: D
Explanation:
Reference:
https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115734-ise-policies-ssid-00.html
NEW QUESTION # 88
What are two requirements of generating a single signing in Cisco ISE by using a certificate provisioning portal, without generating a certificate request? (Choose two )
- A. Enter the common name
- B. Location the CSV file for the device MAC
- C. Select the certificate template
- D. Enter the IP address of the device
- E. Choose the hashing method
Answer: A,C
Explanation:
Reference:
https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/200534-ISE-2-0-Certificate-Provisioning-Portal.html
NEW QUESTION # 89
What is the minimum certainty factor when creating a profiler policy?
- A. the maximum number that a device certainty factor must reach to become a member of the profile
- B. the minimum number that a predefined condition provides
- C. the maximum number that a predefined condition provides
- D. the minimum number that a device certainty factor must reach to become a member of the profile
Answer: D
NEW QUESTION # 90
What are two components of the posture requirement when configuring Cisco ISE posture? (Choose two.)
- A. conditions
- B. updates
- C. remediation actions
- D. Client Provisioning portal
- E. access policy
Answer: A,C
Explanation:
Section: Endpoint Compliance
NEW QUESTION # 91
What is a requirement for Feed Service to work?
- A. Cisco ISE has Internet access to download feed update
- B. TCP port 3080 must be opened between Cisco ISE and the feed server
- C. Cisco ISE has a base license.
- D. Cisco ISE has access to an internal server to download feed update
Answer: D
NEW QUESTION # 92
Which default endpoint identity group does an endpoint that does not match any profile in Cisco ISE become a member of?
- A. whitelist
- B. profiled
- C. blacklist
- D. endpoint
- E. unknown
Answer: E
Explanation:
Section: Profiler
Explanation/Reference: https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_man_identities.html
NEW QUESTION # 93
An administrator is manually adding a device to a Cisco ISE identity group to ensure that it is able to access the network when needed without authentication Upon testing, the administrator notices that the device never hits the correct authorization policy line using the condition EndPoints LogicalProfile EQUALS static_list Why is this occurring?
- A. The dynamic logical profile is overriding the statically assigned profile
- B. The logical profile is being statically assigned instead of the identity group
- C. The identity group is being assigned instead of the logical profile
- D. The device is changing identity groups after profiling instead ot remaining static
Answer: B
NEW QUESTION # 94
An organization wants to implement 802.1X and is debating whether to use PEAP-MSCHAPv2 or PEAP-EAP-TLS for authentication. Drag the characteristics on the left to the corresponding protocol on the right.
Answer:
Explanation:
NEW QUESTION # 95
During BYOD flow, where does a Microsoft Windows PC download the Network Setup Assistant?
- A. Cisco App Store
- B. Microsoft App Store
- C. Native OTA functionality
- D. Cisco ISE directly
Answer: D
Explanation:
Section: BYOD
Explanation/Reference: https://ciscocustomer.lookbookhq.com/iseguidedjourney/BYOD-configuration
NEW QUESTION # 96
A network administrator must use Cisco ISE to check whether endpoints have the correct version of antivirus installed Which action must be taken to allow this capability?
- A. Create a Cisco AnyConnect Network Visibility Module configuration profile to send the antivirus information of the endpoints to Cisco ISE.
- B. Create a Cisco AnyConnect configuration within Cisco ISE for the Compliance Module and associated configuration files
- C. Configure a native supplicant profile to be used for checking the antivirus version
- D. Configure Cisco ISE to push the HostScan package to the endpoints to check for the antivirus version.
Answer: A
NEW QUESTION # 97
What must be configured on the WLC to configure Central Web Authentication using Cisco ISE and a WLC?
- A. Use the radius-server vsa send authentication command.
- B. Set the NAC State option to RADIUS NAC.
- C. Use the ip access-group webauth in command.
- D. Set the NAC State option to SNMP NAC.
Answer: B
NEW QUESTION # 98
Which supplicant(s) and server(s) are capable of supporting EAP-CHAINING?
- A. Cisco AnyConnect NAM and Cisco Identity Service Engine
- B. Windows Native Supplicant and Cisco Identity Service Engine
- C. Cisco AnyConnect NAM and Cisco Access Control Server
- D. Cisco Secure Services Client and Cisco Access Control Server
Answer: A
NEW QUESTION # 99
Refer to the exhibit.
A network engineers configuring the switch to accept downloadable ACLs from a Cisco ISC server Which two commands should be run to complete the configuration? (Choose two)
- A. dot1x system-auth-control
- B. radius server vsa sand authentication
- C. aaa authorization auth-proxy default group radius
- D. ip device tracking
- E. radius-server attribute 8 include-in-access-req
Answer: B,E
NEW QUESTION # 100
An engineer has been tasked with standing up a new guest portal for customers that are waiting in the lobby. There is a requirement to allow guests to use their social media logins to access the guest network to appeal to more customers What must be done to accomplish this task?
- A. Create a sponsor portal to allow guests to create accounts using their social media logins.
- B. Create a hotspot portal and enable social media login for network access
- C. Create a sponsored guest portal and enable social media in the external identity sources.
- D. Create a self-registered guest portal and enable the feature for social media logins
Answer: D
NEW QUESTION # 101
......
[Jun-2023] Pass Cisco 300-715 Exam in First Attempt Guaranteed: https://drive.google.com/open?id=17yb4U_UQeMSU-bBMYJMP3LI5MAPgYW4i
Reduce Your Chance of Failure in 300-715 Exam: https://www.braindumpquiz.com/300-715-exam-material.html