300-715 Online Practice Questions and Answers

DRAG DROP

Drag the steps to configure a Cisco ISE node as a primary administration node from the left into the correct order on the night.

Select and Place:

What are two components of the posture requirement when configuring Cisco ISE posture? (Choose two)

A. updates

B. remediation actions

C. Client Provisioning portal

D. conditions

E. access policy

Which valid external identity source can be used with Cisco ISE?

A. IPsec vpn authentication

B. smart card

C. local user name and password

D. TACACS+ token

Refer to the exhibit.

A network engineers configuring the switch to accept downloadable ACLs from a Cisco ISC server.

Which two commands should be run to complete the configuration? (Choose two)

A. AAA authorization auth-proxy default group radius

B. radius server vsa sand authentication

C. radius-server attribute 8 include-in-access-req

D. IP device tracking

E. dot1x system-auth-control

An administrator must provide administrative access to the helpdesk users on production Cisco IOS routers. The solution must meet these requirements:

1.

Authenticate the users against Microsoft AD.

2.

Validate IOS commands run by users.

These configurations have been performed:

1.

joined Cisco ISE to AD

2.

retrieved AD groups

3.

added a router to Cisco ISE

4.

enabled Device Admin Service in Cisco ISE

5.

configured an authorization policy

6.

configured the routers for authentication and authorization

Which two components must be configured? (Choose two.)

A. TACACS command sets

B. authentication profile

C. authorization profile

D. TACACS profile

E. access control list to filter the IOS commands

An administrator is configuring posture with Cisco ISE and wants to check that specific services are present on the workstations that are attempting to access the network. What must be configured to accomplish this goal?

A. Create a registry posture condition using a non-OPSWAT API version.

B. Create an application posture condition using a OPSWAT API version.

C. Create a compound posture condition using a OPSWAT API version.

D. Create a service posture condition using a non-OPSWAT API version.

Which two external identity stores support EAP-TLS and PEAP-TLS? (Choose two.)

A. RSA SecurID

B. RADIUS Token

C. Active Directory

D. Internal Database

E. LDAP

A Cisco ISE administrator is setting up Central Web Authentication to be used for user endpoint authentication. The client cannot reach the guest portal to log in and gain access, but DNS is functioning properly and the guest portal is enabled. What else must be configured to gain access?

A. Allow port TCP/8443 on the firewall.

B. Configure HTTP to HTTPS redirection.

C. Configure the guest portal to listen on TCP/8443.

D. Allow redirection from any client IP range.

An engineer must configure guest access on Cisco ISE for company visitors. Which step must be taken on the Cisco ISE PSNs before a guest portal is configured?

A. Install SSL certificates

B. Create a node group

C. Enable profiling services

D. Enable session services

A network engineer must configure a centralized Cisco ISE solution for wireless guest access with users in different time zones. The guest account activation time must be independent of the user time zone, and the guest account must be enabled automatically when the user self-registers on the guest portal. Which option in the time profile settings must be selected to meet the requirement?

A. Select FromFirstLogin from the Account Type dropdown.

B. Select FromCreation from the Account Type dropdown.

C. Set the Maximum Account Duration to 1 Day.

D. Set the Duration field to 24:00:00.