Spring Sale Limited Time 75% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = simple75

Pass the Cisco CCNP Security 300-715 Questions and answers with Dumpstech

Home
Cisco
CCNP Security
300-715
300-715 Questions and Answers

Exam 300-715 Premium Access

View all detail and faqs for the 300-715 exam

Go to Exam

Practice at least 50% of the questions to maximize your chances of passing.

Viewing page 4 out of 9 pages

Viewing questions 31-40 out of questions

Questions # 31:

A new employee just connected their workstation to a Cisco IP phone. The network administrator wants to ensure that the Cisco IP phone remains online when the user disconnects their Workstation from the corporate network Which CoA configuration meets this requirement?

Options:

Port Bounce

Reauth

NoCoA

Disconnect

Answer

Explanation

https://ciscocustomer.lookbookhq.com/iseguidedjourney/ISE-profiling-design

Question no : 139

An administrator is configuring cisco ISE lo authenticate users logging into network devices using TACACS+ The administrator is not seeing any oí the authentication in the TACACS+ live logs. Which action ensures the users are able to log into the network devices?

A. Enable the device administration service in the Administration persona

B. Enable the session services in the administration persona

C. Enable the service sessions in the PSN persona.

D. Enable the device administration service in the PSN persona.

Answer: D

https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ISE_admin_guide_24/m_ise_tacacs_device_admin.html

Questions # 32:

Which two actions must be verified to confirm that the internet is accessible via guest access when configuring a guest portal? (Choose two.)

Options:

The guest device successfully associates with the correct SSID.

The guest user gets redirected to the authentication page when opening a browser.

The guest device has internal network access on the WLAN.

The guest device can connect to network file shares.

Cisco ISE sends a CoA upon successful guest authentication.

Answer

B, E

Questions # 33:

An engineer must use Cisco ISE to provide network access to endpoints that cannot support 802.1X. The endpoint MAC addresses must be allowlisted by configuring an endpoint identity group. These configurations were performed:

• configured an identity group named allowlist

• configured the endpoints to use the MAC address of incompatible 802.1X devices

• added the endpoints to the allowlist identity group

• configured an authentication policy for MAB users

What must be configured?

Options:

authorization profile that has the PermitAccess permission and matches the allowlist identity group

logical profile that matches the allowlist identity group based on the configured policy

authentication profile that has the PermitAccess permission and matches the allowlist identity group authorization policy that has the PermitAccess permission and matches the allowlist identity group

authorization policy that has the PermitAccess permission and matches the allowtist identity group

Answer

Questions # 34:

Which Cisco ISE deployment model is recommended for an enterprise that has over 50,000 concurrent active endpoints?

Options:

large deployment with fully distributed nodes running all personas

medium deployment with primary and secondary PAN/MnT/pxGrid nodes with shared PSNs

medium deployment with primary and secondary PAN/MnT/pxGrid nodes with dedicated PSNs

small deployment with one primary and one secondary node running all personas

Answer

Questions # 35:

What is a restriction of a standalone Cisco ISE node deployment?

Options:

Only the Policy Service persona can be disabled on the node.

The domain name of the node cannot be changed after installation.

Personas are enabled by default and cannot be edited on the node.

The hostname of the node cannot be changed after installation.

Answer

Questions # 36:

A user misplaces a personal phone and wants to blacklist the device from accessing the company network. The company uses Cisco ISE for corporate and BYOD device authentication. Which action must the user take in Cisco ISE?

Options:

Answer

Questions # 37:

Which advanced option within a WLAN must be enabled to trigger Central Web Authentication for Wireless users on AireOS controller?

Options:

DHCP server

static IP tunneling

override Interface ACL

AAA override

Answer

Questions # 38:

Which three default endpoint identity groups does cisco ISE create? (Choose three)

Options:

Unknown

whitelist

end point

profiled

blacklist

Answer

A, D, E

Explanation

Default Endpoint Identity Groups Created for Endpoints

Cisco ISE creates the following five endpoint identity groups by default: Blacklist, GuestEndpoints, Profiled, RegisteredDevices, and Unknown. In addition, it creates two more identity groups, such as Cisco-IP-Phone and Workstation, which are associated to the Profiled (parent) identity group. A parent group is the default identity group that exists in the system.

https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ise_admin_guide_24/b_ise_admin_guide_24_new_chapter_010101.html#ID1678

Questions # 39:

While configuring Cisco TrustSec on Cisco IOS devices the engineer must set the CTS device ID and password in order for the devices to authenticate with each other. However after this is complete the devices are not able to property authenticate What issue would cause this to happen even if the device ID and passwords are correct?

Options:

The device aliases are not matching

The 5GT mappings have not been defined

The devices are missing the configuration cts credentials trustsec verify 1

EAP-FAST is not enabled

Answer

Questions # 40:

What is a valid status of an endpoint attribute during the device registration process?

Options:

block listed

pending

unknown

DenyAccess

Answer

Viewing page 4 out of 9 pages

Viewing questions 31-40 out of questions

Modal title

Registered Required

In order to participate in the comments you need to be logged-in.
You can sign-up or login (it's free).