Spring Sale Limited Time 75% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = simple75

Pass the Cisco CCNP Security 300-715 Questions and answers with Dumpstech

Home
Cisco
CCNP Security
300-715
300-715 Questions and Answers

Exam 300-715 Premium Access

View all detail and faqs for the 300-715 exam

Go to Exam

Practice at least 50% of the questions to maximize your chances of passing.

Viewing page 9 out of 9 pages

Viewing questions 81-90 out of questions

Questions # 81:

An administrator is configuring the Native Supplicant Profile to be used with the Cisco ISE posture agents and needs to test the connection using wired devices to determine which profile settings are available. Which two configuration settings should be used to accomplish this task? (Choose two.)

Options:

authentication mode

proxy host/IP

certificate template

security

allowed protocol

Answer

C, E

Questions # 82:

An engineer is configuring web authentication using non-standard ports and needs the switch to redirect traffic to the correct port. Which command should be used to accomplish this task?

Options:

permit tcp any any eq

aaa group server radius proxy

ip http port

aaa group server radius

Answer

Questions # 83:

What occurs when a Cisco ISE distributed deployment has two nodes and the secondary node is deregistered?

Options:

The primary node restarts

The secondary node restarts.

The primary node becomes standalone

Both nodes restart.

Answer

Explanation

https://www.cisco.com/c/en/us/td/docs/security/ise/1-1-1/installation_guide/ise_install_guide/ise_deploy.html

if your deployment has two nodes and you deregister the secondary node, both nodes in this primary-secondary pair are restarted. (The former primary and secondary nodes become standalone.)

Questions # 84:

A network security administrator wants to integrate Cisco ISE with Active Directory. Which configuration action must the security administrator take to accomplish the task?

Options:

Remove Cisco ISE user account from the domain.

Remove the ISE machine account from the domain.

Join Cisco ISE to the Active Directory domain.

Search Active Directory to see if admin user account exists.

Answer

Questions # 85:

An enterprise uses a separate PSN for each of its four remote sites. Recently, a user reported receiving an "EAP-TLS authentication failed" message when moving between remote sites. Which configuration must be applied on Cisco ISE?

Options:

Use a third-party certificate on the network device.

Add the device to all PSN nodes in the deployment.

Renew the expired certificate on one of the PSN.

Configure an authorization profile for the end users.

Answer

Explanation

When using separate PSNs for different sites, the network device must be added to all PSN nodes in the deployment, so that the device can communicate with the appropriate PSN based on the location of the user1. If the device is not added to all PSN nodes, the user may encounter an EAP-TLS authentication failure when moving between sites, as the device may not be able to reach the PSN that issued the certificate2. The other options are not relevant for this scenario, as they do not address the issue of PSN communication.

Questions # 86:

An administrator needs to connect ISE to Active Directory as an external authentication source and allow the proper ports through the firewall. Which two ports should be opened to accomplish this task? (Choose two)

Options:

TELNET 23

LDAP 389

HTTP 80

HTTPS 443

MSRPC 445

Answer

B, E

Questions # 87:

A network engineer must enforce access control using special tags, without re-engineering the network design. Which feature should be configured to achieve this in a scalable manner?

Options:

SGT

dACL

VLAN

RBAC

Answer

Questions # 88:

What are two differences between the RADIUS and TACACS+ protocols'? (Choose two.)

Options:

RADIUS is a Cisco proprietary protocol, whereas TACACS+ is an open standard protocol

TACACS+uses TCP port 49. whereas RADIUS uses UDP ports 1812 and 1813.

RADIUS offers multiprotocol support, whereas TACACS+ does not

RADIUS combines authentication and authorization, whereas TACACS+ does not

RADIUS enables encryption of all the packets, whereas with TACACS+. only the password is encrypted.

Answer

B, D

Questions # 89:

TION NO: 33

Which portal is used to customize the settings for a user to log in and download the compliance module?

Options:

Client Profiling

Client Endpoint

Client Provisioning

Client Guest

Answer

Questions # 90:

A network security administrator needs a web authentication configuration when a guest user connects to the network with a wireless connection using these steps:

. An initial MAB request is sent to the Cisco ISE node.

. Cisco ISE responds with a URL redirection authorization profile if the user's MAC address is unknown in the endpoint identity store.

. The URL redirection presents the user with an AUP acceptance page when the user attempts to go to any URL.

Which authentication must the administrator configure on Cisco ISE?

Options:

device registration WebAuth

WLC with local WebAuth

wired NAD with local WebAuth

NAD with central WebAuth

Answer

Explanation

Central Web Authentication (CWA) is a feature that allows the network access device (NAD) to redirect the web traffic of a guest user to a web portal hosted by Cisco ISE1. The NAD acts as a proxy between the guest user and the ISE node, and performs the authentication and authorization based on the RADIUS attributes returned by ISE1. To configure CWA on ISE, the administrator must create an authorization profile that contains the URL redirection attribute and assign it to the guest user1. The other options are not correct because they do not use CWA. Device registration WebAuth is a feature that allows users to register their devices on ISE before they can access the network2. WLC with local WebAuth is a feature that allows the wireless LAN controller (WLC) to host the web portal and authenticate the guest user locally3. Wired NAD with local WebAuth is a feature that allows the switch to host the web portal and authenticate the guest user locally

Viewing page 9 out of 9 pages

Viewing questions 81-90 out of questions

Modal title

Registered Required

In order to participate in the comments you need to be logged-in.
You can sign-up or login (it's free).