Winter Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = pass65

Pass the Cisco CCNP Security 300-715 Questions and answers with Dumpstech

Exam 300-715 Premium Access

View all detail and faqs for the 300-715 exam

Go to Exam
Practice at least 50% of the questions to maximize your chances of passing.
Viewing page 1 out of 9 pages
Viewing questions 1-10 out of questions
Questions # 1:

An engineer is using the low-impact mode for a phased deployment of Cisco ISE and is trying to connect to the network prior to authentication. Which access will be denied in this?

Options:

A.

HTTP

B.

DNS

C.

EAP

D.

DHCP

Questions # 2:

What is a requirement for Feed Service to work?

Options:

A.

TCP port 3080 must be opened between Cisco ISE and the feed server

B.

Cisco ISE has a base license.

C.

Cisco ISE has access to an internal server to download feed update

D.

Cisco ISE has Internet access to download feed update

Questions # 3:

A network engineer is in the predeployment discovery phase of a Cisco ISE deployment and must discover the network. There is an existing network management system in the network.

Which type of probe must be configured to gather the information?

Options:

A.

RADIUS

B.

NMAP

C.

NetFlow

D.

SNMP

Questions # 4:

An engineer is configuring a dedicated SSID for onboarding devices. Which SSID type accomplishes this configuration?

Options:

A.

dual

B.

hidden

C.

broadcast

D.

guest

Questions # 5:

What is the difference between how RADIUS and TACACS+ handle encryption?

Options:

A.

RADIUS encrypts only the username and password fields, whereas TACACS+ encrypts the entire packet.

B.

RADIUS encrypts the entire packet, whereas TACACS+ only encrypts the password field.

C.

RADIUS only encrypts the password field, whereas TACACS+ encrypts the payload of packet.

D.

RADIUS encrypts the entire packet, whereas TACACS+ encrypts only the username and password fields.

Questions # 6:

An engineer is creating a new authorization policy to give the endpoints access to VLAN 310 upon successful authentication The administrator tests the 802.1X authentication for the endpoint and sees that it is authenticating successfully What must be done to ensure that the endpoint is placed into the correct VLAN?

Options:

A.

Configure the switchport access vlan 310 command on the switch port

B.

Ensure that the security group is not preventing the endpoint from being in VLAN 310

C.

Add VLAN 310 in the common tasks of the authorization profile

D.

Ensure that the endpoint is using The correct policy set

Questions # 7:

When configuring an authorization policy, an administrator cannot see specific Active Directory groups present in their domain to be used as a policy condition. However, other groups that are in the same domain are seen What is causing this issue?

Options:

A.

Cisco ISE only sees the built-in groups, not user created ones

B.

The groups are present but need to be manually typed as conditions

C.

Cisco ISE's connection to the AD join point is failing

D.

The groups are not added to Cisco ISE under the AD join point

Questions # 8:

A Cisco ISE administrator must authenticate users against Microsoft Active Directory. The solution must meet these requirements:

    Users and computers must be authenticated.

    User groups must be retrieved during authentication.

Which protocol must be added to the allowed protocols on the policy to authenticate the users?

Options:

A.

EAP-GTC

B.

EAP-TLS

C.

LEAP

D.

MS-CHAPv2

Questions # 9:

Which two default guest portals are available with Cisco ISE? (Choose two.)

Options:

A.

visitor

B.

WIFI-access

C.

self-registered

D.

central web authentication

E.

sponsored

Questions # 10:

Which default endpoint identity group does an endpoint that does not match any profile in Cisco ISE become a member of?

Options:

A.

Endpoint

B.

unknown

C.

blacklist

D.

white list

E.

profiled

Viewing page 1 out of 9 pages
Viewing questions 1-10 out of questions