300-715 Online Practice Questions and Answers

Which two features are available when the primary admin node is down and the secondary admin node has not been promoted? (Choose 2)

A. hotspot

B. new AD user 802 1X authentication

C. posture

D. BYOD

E. guest AUP

In addition to the CLI, what is another option to manage a Cisco IPS?

A. SDEE

B. Cisco SDM

C. Cisco IDM

D. Cisco ISE

A network administrator is setting up wireless guest access and has been unsuccessful in testing client access. The endpoint is able to connect to the SSID but is unable to grant access to the guest network through the guest portal. What must be done to identify the problem?

A. Use context visibility to verify posture status.

B. Use the endpoint ID to execute a session trace.

C. Use the identity group to validate the authorization rules.

D. Use traceroute to ensure connectivity.

A network engineer is configuring Cisco TrustSec and needs to ensure that the Security Group Tag is being transmitted between two devices Where in the Layer 2 frame should this be verified?

A. CMD filed

B. 802.1Q filed

C. Payload

D. 802.1 AE header

An administrator is configuring RADIUS on a Cisco switch with a key set to Cisc403012128 but is receiving the error "Authentication failed: 22040 Wrong password or invalid shared secret. "

What must be done to address this issue?

A. Add the network device as a NAD inside Cisco ISE using the existing key.

B. Configure the key on the Cisco ISE instead of the Cisco switch.

C. Use a key that is between eight and ten characters.

D. Validate that the key is correct on both the Cisco switch as well as Cisco ISE.

An organization has a fully distributed Cisco ISE deployment. When implementing probes, an administrator must scan for unknown endpoints to learn the IP-to-MAC address bindings The scan is complete on one PSN, but the information is not available on the others.

What must be done to make the information available?

A. Cisco ISE must be configured to learn the IP-MAC binding of unknown endpoints via RADIUS authentication, not via scanning.

B. Cisco ISE must learn the IP-MAC binding of unknown endpoints via DHCP profiling, not via scanning.

C. Scanning must be initiated from the MnT node to centrally gather the information.

D. Scanning must be initiated from the PSN that last authenticated the endpoint.

Which two default guest portals are available with Cisco ISE? (Choose two.)

A. WiFi-access

B. self-registered

C. central web authentication

D. visitor

E. sponsored

An engineer is configuring TACACS+ within Cisco ISE for use with a non-Cisco network device. They need to send special attributes in the Access-Accept response to ensure that the users are given the appropriate access.

What must be configured to accomplish this'?

A. dACLs to enforce the various access policies for the users

B. custom access conditions for defining the different roles

C. shell profiles with custom attributes that define the various roles

D. TACACS+ command sets to provide appropriate access

A network engineer is attempting to terminate and reinitialize wireless user sessions individually by using the Live Sessions tab in Cisco ISE. Cisco ISE and the Cisco WLC are separated by a firewall. Which port must be allowed on the firewall so that the network engineer can perform this function from Cisco ISE?

A. TCP port 8443

B. UDP port 5246

C. UDP port 1700

D. TCP port 3791

An engineer is working on a switch and must tag packets with SGT values such that it learns via SXP. Which command must be entered to meet this requirement?

A. ip source guard

B. ip dhcp snooping

C. ip device tracking maximum

D. ip arp inspection