Free 300-715 Sample Questions — Implementing and Configuring Cisco Identity Services Engine (300-715 SISE)

An engineer is creating a new authorization policy to give the endpoints access to VLAN 310 upon successful authentication. The administrator tests the 802.1X authentication for the endpoint and sees that it is authenticating successful. What must be done to ensure that the endpoint is placed into the correct VLAN?

• A. Configure the switchport access vlan 310 command on the switch port
• B. Add VLAN 310 in the common tasks of the authorization profile
• C. Ensure that the endpoint is using the correct policy set
• D. Ensure that the security group is not preventing the endpoint from being in VLAN 310

An administrator is attempting to replace the built-in self-signed certificates on a Cisco ISE appliance. The CA is requesting some information about the appliance in order to sign the new certificate. What must be done in order to provide the CA this information?

• A. Install the Root CA and intermediate CA
• B. Generate the CSR
• C. Download the CA server certificate
• D. Download the intermediate server certificate

MacOS users are complaining about having to read through wordy instructions when remediating their workstations to gain access to the network. Which alternate method should be used to tell users how to remediate?

• A. file distribution
• B. executable
• C. message text
• D. URL link

An administrator needs to allow guest devices to connect to a private network without requiring usernames and passwords. Which two features must be configured to allow for this? (Choose two.)

• A. central WebAuth
• B. device registration WebAuth
• C. local WebAuth
• D. self-registered guest portal
• E. hotspot guest portal

An administrator is configuring sponsored guest access using Cisco ISE. Access must be restricted to the sponsor portal to ensure that only necessary employees can issue sponsored accounts, and employees must be classified to do so. What must be done to accomplish this task?

• A. Modify the sponsor groups assigned to reflect the desired user groups
• B. Configure an identity-based access list in Cisco ISE to restrict the users allowed to login
• C. Edit the sponsor portal to only accept members from the selected groups
• D. Create an authorization rule using the Guest Flow condition to authorize the administrators

Which file extension is required when deploying Cisco ISE using a ZTP configuration file in Microsoft Hyper-V?

• A. txt
• B. img
• C. tar
• D. iso

An engineer is configuring a guest password policy and needs to ensure that the password complexity requirements are set to mitigate brute force attacks. Which two requirements should be included in this policy? (Choose two.)

• A. active username limit
• B. password expiration period
• C. access code control
• D. username expiration date
• E. minimum password length

An engineer tests Cisco ISE posture services on the network and must configure the compliance module to automatically download and install on endpoints. Which action accomplishes this task for VPN users?

• A. Push the compliance module from Cisco FTD prior to attempting posture
• B. Use a compound posture condition to check for the compliance module and download, if needed
• C. Configure the compliance module to be downloaded from within the posture policy
• D. Create a Cisco AnyConnect configuration and Client Provisioning policy within Cisco ISE

An engineer is configuring 802.1X and is testing out their policy sets. After authentication, some endpoints are given an access-reject message but are still allowed onto the network. What is causing this issue to occur?

• A. The authorization results for the endpoints include the Trusted security group tag
• B. The authorization results for the endpoints include a dACL allowing access
• C. The switch port is configured with authentication event server dead action authorize vlan
• D. The switch port is configured with authentication open

What allows an endpoint to obtain a digital certificate from Cisco ISE during a BYOD flow?

• A. Application Visibility and Control
• B. Supplicant Provisioning Wizard
• C. My Devices Portal
• D. Network Access Control

An administrator in a health facility must assign a medical device to a static profiling policy. Under which settings group must it be configured?

• A. user-defined exception actions
• B. CoA under global settings
• C. global profiling settings
• D. system-defined exceptions actions

Which two external identity stores support EAP-TLS and PEAP-TLS? (Choose two.)

• A. RSA SecurID
• B. RADIUS Token
• C. Active Directory
• D. Internal Database
• E. LDAP

A network security administrator wants to integrate Cisco ISE with Active Directory. Which configuration action must the security administrator take to accomplish the task?

• A. Search Active Directory to see if admin user account exists
• B. Remove the ISE machine account from the domain
• C. Remove Cisco ISE user account from the domain
• D. Join Cisco ISE to the Active Directory domain

An organization is implementing Cisco ISE posture services and must ensure that a host-based firewall is in place on every Windows and Mac computer that attempts to access the network. They have multiple vendors' firewall applications for their devices, so the engineers creating the policies are unable to use a specific application check in order to validate the posture for this. What should be done to enable this type of posture check?

• A. Enable the default application condition to identify the applications installed and validate the firewall app
• B. Enable the default firewall condition to check for any vendor firewall application
• C. Use a compound condition to look for the Windows or Mac native firewall applications
• D. Use the file registry condition to ensure that the firewall is installed and running appropriately

An organization is hosting a conference and must make guest accounts for several of the speakers attending. The conference ended two days early but the guest accounts are still being used to access the network. What must be configured to correct this?

• A. Create an authorization rule denying sponsored guest access
• B. Create an authorization rule denying guest access
• C. Navigate to the Guest Portal and delete the guest accounts
• D. Navigate to the Sponsor Portal and suspend the guest accounts

An organization is adding nodes to their Cisco ISE deployment and has two nodes designated as primary and secondary PAN and MnT nodes. The organization also has four PSNs. An administrator is adding two more PSNs to this deployment but is having problems adding one of them. What is the problem?

• A. Only five PSNs are allowed to be in the Cisco ISE cube if configured this way
• B. One of the new nodes must be designated as a pxGrid node
• C. The new nodes must be set to primary prior to being added to the deployment
• D. The current PAN is only able to track a max of four nodes

A network engineer needs to ensure that the access credentials are not exposed during the 802.1X authentication among components. Which two protocols should be configured to accomplish this task? (Choose two.)

• A. PEAP
• B. EAP-TLS
• C. EAP-MD5
• D. EAP-TTLS
• E. LEAP

Which command displays all 802.1X/MAB sessions that are active on the switch ports of a Cisco Catalyst switch?

• A. show authentication sessions interface Gi1/0/x output
• B. show authentication sessions
• C. show authentication sessions output
• D. show authentication sessions interface Gi 1/0/x

Which default endpoint identity group does an endpoint that does not match any profile in Cisco ISE become a member of?

• A. block list
• B. unknown
• C. allow list
• D. profiled
• E. endpoint

Which Cisco ISE deployment model is recommended for an enterprise that has over 50,000 concurrent active endpoints?

• A. large deployment with fully distributed nodes running all personas
• B. medium deployment with primary and secondary PAN/MnT/pxGrid nodes with shared PSNs
• C. medium deployment with primary and secondary PAN/MnT/pxGrid nodes with dedicated PSNs
• D. small deployment with one primary and one secondary node running all personas