Download Implementing and Configuring Cisco Identity Services Engine.300-715.CertDumps.2023-08-07.247q.vcex

Vendor: Cisco
Exam Code: 300-715
Exam Name: Implementing and Configuring Cisco Identity Services Engine
Date: Aug 07, 2023
File Size: 2 MB
Downloads: 3

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Demo Questions

Question 1
Which interface-level command is needed to turn on 802 1X authentication?
  1. Dot1x pae authenticator
  2. dot1x system-auth-control
  3. authentication host-mode single-host
  4. aaa server radius dynamic-author
Correct answer: A
Explanation:
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/31sg/configuration/guide/conf/dot1x.html
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/31sg/configuration/guide/conf/dot1x.html
Question 2
Which two features must be used on Cisco ISE to enable the TACACS feature? (Choose two)
  1. Device Administration License
  2. Server Sequence
  3. Command Sets
  4. Enable Device Admin Service
  5. External TACACS Servers
Correct answer: AD
Question 3
Which port does Cisco ISE use for native supplicant provisioning of a Windows laptop?
  1. TCP 8909
  2. TCP 8905
  3. CUDP 1812
  4. TCP 443
Correct answer: B
Explanation:
https://community.cisco.com/t5/network-access-control/port-8905-and-or-8909/td-p/3499402
https://community.cisco.com/t5/network-access-control/port-8905-and-or-8909/td-p/3499402
Question 4
Which permission is common to the Active Directory Join and Leave operations?
  1. Create a Cisco ISE machine account in the domain if the machine account does not already exist
  2. Remove the Cisco ISE machine account from the domain.
  3. Set attributes on the Cisco ISE machine account
  4. Search Active Directory to see if a Cisco ISE machine account already exists.
Correct answer: D
Explanation:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-0/ise_active_directory_integration/ b_ISE_AD_integration_2x.html
https://www.cisco.com/c/en/us/td/docs/security/ise/2-0/ise_active_directory_integration/ b_ISE_AD_integration_2x.html
Question 5
What are two benefits of TACACS+ versus RADIUS for device administration? (Choose two )
  1. TACACS+ supports 802.1X, and RADIUS supports MAB
  2. TACACS+ uses UDP, and RADIUS uses TCP
  3. TACACS+ has command authorization, and RADIUS does not.
  4. TACACS+ provides the service type, and RADIUS does not
  5. TACACS+ encrypts the whole payload, and RADIUS encrypts only the password.
Correct answer: CE
Question 6
Which use case validates a change of authorization?
  1. An authenticated, wired EAP-capable endpoint is discovered
  2. An endpoint profiling policy is changed for authorization policy.
  3. An endpoint that is disconnected from the network is discovered
  4. Endpoints are created through device registration for the guests
Correct answer: B
Explanation:
https://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_prof_pol.html
https://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_prof_pol.html
Question 7
Which term refers to an endpoint agent that tries to join an 802 1X-enabled network?
  1. EAP server
  2. supplicant
  3. client
  4. authenticator
Correct answer: B
Explanation:
https://www.oreilly.com/library/view/cisco-ise-for/9780133103632/ch16.html#:~:text=What%20is%20a%20supplicant%3F,networks%2C%20both%20wired%20and%20wireless.&text=The%20802.1X%20transactions%20are,Identity%20Services%20Engine%20(ISE).
https://www.oreilly.com/library/view/cisco-ise-for/9780133103632/ch16.html#:~:text=What%20is%20a%20supplicant%3F,networks%2C%20both%20wired%20and%20wireless.&text=The%20802.1X%20transactions%20are,Identity%20Services%20Engine%20(ISE).
Question 8
Which personas can a Cisco ISE node assume?
  1. policy service, gatekeeping, and monitoring
  2. administration, policy service, and monitoring
  3. administration, policy service, gatekeeping
  4. administration, monitoring, and gatekeeping
Correct answer: B
Explanation:
https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_dis_deploy.htmlThe persona or personas of a node determine the services provided by a node. An ISE node can assume any or all of the following personas: Administration, Policy Service, and Monitoring. The menu options that are available through the administrative user interface are dependent on the role and personas that an ISE node assumes. See Cisco ISE Nodes and Available Menu Options for more information.
https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_dis_deploy.html
The persona or personas of a node determine the services provided by a node. An ISE node can assume any or all of the following personas: Administration, Policy Service, and Monitoring. The menu options that are available through the administrative user interface are dependent on the role and personas that an ISE node assumes. See Cisco ISE Nodes and Available Menu Options for more information.
Question 9
Which default endpoint identity group does an endpoint that does not match any profile in Cisco ISE become a member of?
  1. Endpoint
  2. unknown
  3. blacklist
  4. white list
  5. profiled
Correct answer: B
Explanation:
If you do not have a matching profiling policy, you can assign an unknown profiling policy. The endpoint is therefore profiled as Unknown. The endpoint that does not match any profile is grouped within the Unknown identity group. The endpoint profiled to the Unknown profile requires that you create a profile with an attribute or a set of attributes collected for that endpoint. https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_man_identities.html
If you do not have a matching profiling policy, you can assign an unknown profiling policy. The endpoint is therefore profiled as Unknown. The endpoint that does not match any profile is grouped within the Unknown identity group. The endpoint profiled to the Unknown profile requires that you create a profile with an attribute or a set of attributes collected for that endpoint. 
https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_man_identities.html
Question 10
A network administrator has just added a front desk receptionist account to the Cisco ISE Guest Service sponsor group. Using the Cisco ISE Guest Sponsor Portal, which guest services can the receptionist provide?
  1. Keep track of guest user activities
  2. Configure authorization settings for guest users
  3. Create and manage guest user accounts
  4. Authenticate guest users to Cisco ISE
Correct answer: C
Question 11
Which interface-level command is needed to turn on 802 1X authentication?
  1. Dot1x pae authenticator
  2. dot1x system-auth-control
  3. authentication host-mode single-host
  4. aaa server radius dynamic-author
Correct answer: A
Explanation:
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/31sg/configuration/guide/conf/dot1x.html
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/31sg/configuration/guide/conf/dot1x.html
Question 12
Which two features must be used on Cisco ISE to enable the TACACS feature? (Choose two)
  1. Device Administration License
  2. Server Sequence
  3. Command Sets
  4. Enable Device Admin Service
  5. External TACACS Servers
Correct answer: AD
Question 13
Which port does Cisco ISE use for native supplicant provisioning of a Windows laptop?
  1. TCP 8909
  2. TCP 8905
  3. CUDP 1812
  4. TCP 443
Correct answer: B
Explanation:
https://community.cisco.com/t5/network-access-control/port-8905-and-or-8909/td-p/3499402
https://community.cisco.com/t5/network-access-control/port-8905-and-or-8909/td-p/3499402
Question 14
Which permission is common to the Active Directory Join and Leave operations?
  1. Create a Cisco ISE machine account in the domain if the machine account does not already exist
  2. Remove the Cisco ISE machine account from the domain.
  3. Set attributes on the Cisco ISE machine account
  4. Search Active Directory to see if a Cisco ISE machine account already exists.
Correct answer: D
Explanation:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-0/ise_active_directory_integration/ b_ISE_AD_integration_2x.html
https://www.cisco.com/c/en/us/td/docs/security/ise/2-0/ise_active_directory_integration/ b_ISE_AD_integration_2x.html
Question 15
What are two benefits of TACACS+ versus RADIUS for device administration? (Choose two )
  1. TACACS+ supports 802.1X, and RADIUS supports MAB
  2. TACACS+ uses UDP, and RADIUS uses TCP
  3. TACACS+ has command authorization, and RADIUS does not.
  4. TACACS+ provides the service type, and RADIUS does not
  5. TACACS+ encrypts the whole payload, and RADIUS encrypts only the password.
Correct answer: CE
Question 16
Which use case validates a change of authorization?
  1. An authenticated, wired EAP-capable endpoint is discovered
  2. An endpoint profiling policy is changed for authorization policy.
  3. An endpoint that is disconnected from the network is discovered
  4. Endpoints are created through device registration for the guests
Correct answer: B
Explanation:
https://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_prof_pol.html
https://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_prof_pol.html
Question 17
Which term refers to an endpoint agent that tries to join an 802 1X-enabled network?
  1. EAP server
  2. supplicant
  3. client
  4. authenticator
Correct answer: B
Explanation:
https://www.oreilly.com/library/view/cisco-ise-for/9780133103632/ch16.html#:~:text=What%20is%20a%20supplicant%3F,networks%2C%20both%20wired%20and%20wireless.&text=The%20802.1X%20transactions%20are,Identity%20Services%20Engine%20(ISE).
https://www.oreilly.com/library/view/cisco-ise-for/9780133103632/ch16.html#:~:text=What%20is%20a%20supplicant%3F,networks%2C%20both%20wired%20and%20wireless.&text=The%20802.1X%20transactions%20are,Identity%20Services%20Engine%20(ISE).
Question 18
Which personas can a Cisco ISE node assume?
  1. policy service, gatekeeping, and monitoring
  2. administration, policy service, and monitoring
  3. administration, policy service, gatekeeping
  4. administration, monitoring, and gatekeeping
Correct answer: B
Explanation:
https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_dis_deploy.htmlThe persona or personas of a node determine the services provided by a node. An ISE node can assume any or all of the following personas: Administration, Policy Service, and Monitoring. The menu options that are available through the administrative user interface are dependent on the role and personas that an ISE node assumes. See Cisco ISE Nodes and Available Menu Options for more information.
https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_dis_deploy.html
The persona or personas of a node determine the services provided by a node. An ISE node can assume any or all of the following personas: Administration, Policy Service, and Monitoring. The menu options that are available through the administrative user interface are dependent on the role and personas that an ISE node assumes. See Cisco ISE Nodes and Available Menu Options for more information.
Question 19
Which default endpoint identity group does an endpoint that does not match any profile in Cisco ISE become a member of?
  1. Endpoint
  2. unknown
  3. blacklist
  4. white list
  5. profiled
Correct answer: B
Explanation:
If you do not have a matching profiling policy, you can assign an unknown profiling policy. The endpoint is therefore profiled as Unknown. The endpoint that does not match any profile is grouped within the Unknown identity group. The endpoint profiled to the Unknown profile requires that you create a profile with an attribute or a set of attributes collected for that endpoint. https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_man_identities.html
If you do not have a matching profiling policy, you can assign an unknown profiling policy. The endpoint is therefore profiled as Unknown. The endpoint that does not match any profile is grouped within the Unknown identity group. The endpoint profiled to the Unknown profile requires that you create a profile with an attribute or a set of attributes collected for that endpoint. 
https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_man_identities.html
Question 20
A network administrator has just added a front desk receptionist account to the Cisco ISE Guest Service sponsor group. Using the Cisco ISE Guest Sponsor Portal, which guest services can the receptionist provide?
  1. Keep track of guest user activities
  2. Configure authorization settings for guest users
  3. Create and manage guest user accounts
  4. Authenticate guest users to Cisco ISE
Correct answer: C
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!