Spring Sale Limited Time 75% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = simple75

Pass the Cisco CCNP Security 300-715 Questions and answers with Dumpstech

Home
Cisco
CCNP Security
300-715
300-715 Questions and Answers

Exam 300-715 Premium Access

View all detail and faqs for the 300-715 exam

Go to Exam

Practice at least 50% of the questions to maximize your chances of passing.

Viewing page 5 out of 9 pages

Viewing questions 41-50 out of questions

Questions # 41:

An administrator is configuring the Native Supplicant Profile to be used with the Cisco ISE posture agents and needs to test the connection using wired devices to determine which profile settings are available. Which two configuration settings should be used to accomplish this task? (Choose two.)

Options:

authentication mode

proxy host/IP

certificate template

security

allowed protocol

Answer

C, E

Questions # 42:

Which file extension is required when deploying Cisco ISE using a ZTP configuration file in Microsoft Hyper-V?

Options:

.iso

.txt

.tar

.img

Answer

Questions # 43:

A network engineer is configuring a network device that needs to filter traffic based on security group tags using a security policy on a routed into this task?

Options:

cts role-based enforcement

cts cache enable

cts role-based policy priority-static

Answer

Questions # 44:

A network administrator is configuring a secondary cisco ISE node from the backup configuration of the primary cisco ISE node to create a high availability pair The Cisco ISE CA certificates and keys must be manually backed up from the primary Cisco ISE and copied into the secondary Cisco ISE Which command most be issued for this to work?

Options:

copy certificate Ise

application configure Ise

certificate configure Ise

Import certificate Ise

Answer

Explanation

https://community.cisco.com/t5/network-access-control/ise-certificate-import-export/m-p/3847746

Questions # 45:

An engineer must configure Cisco ISE to provide internet access for guests in which guests are required to enter a code to gain network access. Which action accomplishes the goal?

Options:

Configure the hotspot portal for guest access and require an access code.

Configure the sponsor portal with a single account and use the access code as the password.

Configure the self-registered guest portal to allow guests to create a personal access code.

Create a BYOD policy that bypasses the authentication of the user and authorizes access codes.

Answer

Questions # 46:

Which two VMware features are supported on a Cisco ISE virtual appliance? (Choose two.)

Options:

multivendor integration

VM hardware version 7+

VM snapshots

OVF support

VM cold migration

Answer

B, D

Questions # 47:

An engineer must use Cisco ISE to provide network access to endpoints that cannot support 802.1X. The endpoint MAC addresses must be allowlisted by configuring an endpoint identity group. These configurations were performed:

Configured an identity group named allowlist

Configured the endpoints to use the MAC address of incompatible 802.1X devices

Added the endpoints to the allowlist identity group

Configured an authentication policy for MAB users

What must be configured?

Options:

Authorization profile that has the PermitAccess permission and matches the allowlist identity group

Authentication profile that has the PermitAccess permission and matches the allowlist identity group

Authorization policy that has the PermitAccess permission and matches the allowlist identity group

Logical profile that matches the allowlist identity group based on the configured policy

Answer

Questions # 48:

An engineer is working on a switch and must tag packets with SGT values such that it learns via SXP. Which command must be entered to meet this requirement?

Options:

ip source guard

ip dhcp snooping

ip device tracking maximum

ip arp inspection

Answer

Explanation

The ip device tracking maximum command is used to configure the maximum number of IP-to-SGT bindings that can be learned via SXP on a switch1. This command also enables the switch to tag packets with SGT values based on the bindings learned from SXP peers. The other commands are not related to SGT tagging or SXP learning.

Questions # 49:

An engineer is designing a BYOD environment utilizing Cisco ISE for devices that do not support native supplicants Which portal must the security engineer configure to accomplish this task?

Options:

MDM

Client provisioning

My devices

BYOD

Answer

Explanation

https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/admin_guide/b_ise_admin_guide_22/b_ise_admin_guide_22_chapter_01111.html

Questions # 50:

An administrator needs to give the same level of access to the network devices when users are logging into them using TACACS+ However, the administrator must restrict certain commands based on one of three user roles that require different commands How is this accomplished without creating too many objects using Cisco ISE?

Options:

Create one shell profile and multiple command sets.

Create multiple shell profiles and multiple command sets.

Create one shell profile and one command set.

Create multiple shell profiles and one command set

Answer

Explanation

https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_0100010.html

https://www.youtube.com/watch?v=IlZwB71Szog &ab_channel=JasonMaynard

Viewing page 5 out of 9 pages

Viewing questions 41-50 out of questions

Modal title

Registered Required

In order to participate in the comments you need to be logged-in.
You can sign-up or login (it's free).