April/2021 Latest Braindump2go 300-715 Exam Dumps with PDF and VCE Free Updated Today! Following are some new 300-715 Real Exam Questions!

QUESTION 104
An engineer is configuring Cisco ISE and needs to dynamically identify the network endpoints and ensure that endpoint access is protected. Which service should be used to accomplish this task?

A. Profiling
B. Guest access
C. Client provisioning
D. Posture

Answer: A

QUESTION 105
What should be considered when configuring certificates for BYOD?

A. An endpoint certificate is mandatory for the Cisco ISE BYOD
B. An Android endpoint uses EST whereas other operation systems use SCEP for enrollment
C. The CN field is populated with the endpoint host name.
D. The SAN field is populated with the end user name

Answer: A

QUESTION 106
A policy is being created in order to provide device administration access to the switches on a network. There is a requirement to ensure that if the session is not actively being used, after 10 minutes, it will be disconnected. Which task must be configured in order to meet this requirement?

A. session timeout
B. idle time
C. monitor
D. set attribute as

Answer: B

QUESTION 107
An administrator is attempting to replace the built-in self-signed certificates on a Cisco ISE appliance. The CA is requesting some information about the appliance in order to sign the new certificate. What must be done in order to provide the CA this information?

A. Install the Root CA and intermediate CA.
B. Generate the CSR.
C. Download the intermediate server certificate.
D. Download the CA server certificate.

Answer: A

QUESTION 108
An organization is hosting a conference and must make guest accounts for several of the speakers attending. The conference ended two days early but the guest accounts are still being used to access the network. What must be configured to correct this?

A. Create an authorization rule denying sponsored guest access.
B. Navigate to the Guest Portal and delete the guest accounts.
C. Create an authorization rule denying guest access.
D. Navigate to the Sponsor Portal and suspend the guest accounts.

Answer: C

QUESTION 109
An administrator is configuring posture with Cisco ISE and wants to check that specific services are present on the workstations that are attempting to access the network. What must be configured to accomplish this goal?

A. Create a registry posture condition using a non-OPSWAT API version.
B. Create an application posture condition using a OPSWAT API version.
C. Create a compound posture condition using a OPSWAT API version.
D. Create a service posture condition using a non-OPSWAT API version.

Answer: A

QUESTION 110
An engineer is configuring 802.1X and wants it to be transparent from the users’ point of view. The implementation should provide open authentication on the switch ports while providing strong levels of security for non-authenticated devices. Which deployment mode should be used to achieve this?

A. closed
B. low-impact
C. open
D. high-impact

Answer: C

QUESTION 111
What is the deployment mode when two Cisco ISE nodes are configured in an environment?

A. distributed
B. active
C. standalone
D. standard

Answer: C

QUESTION 112
Which two roles are taken on by the administration person within a Cisco ISE distributed environment? (Choose two.)

A. backup
B. secondary
C. standby
D. primary
E. active

Answer: BD

QUESTION 113
A company is attempting to improve their BYOD policies and restrict access based on certain criteria. The company’s subnets are organized by building.
Which attribute should be used in order to gain access based on location?

A. static group assignment
B. IP address
C. device registration status
D. MAC address

Answer: C

QUESTION 114
An engineer is migrating users from MAB to 802.1X on the network. This must be done during normal business hours with minimal impact to users. Which CoA method should be used?

A. Port Bounce
B. Port Shutdown
C. Session Termination
D. Session Reauthentication

Answer: D

QUESTION 115
What must be configured on the WLC to configure Central Web Authentication using Cisco ISE and a WLC?

A. Set the NAC State option to SNMP NAC.
B. Set the NAC State option to RADIUS NAC.
C. Use the radius-server vsa send authentication command.
D. Use the ip access-group webauth in command.

Answer: C

QUESTION 116
Refer to the exhibit. An organization recently implemented network device administration using Cisco ISE. Upon testing the ability to access all of the required devices, a user in the Cisco ISE group IT Admins is attempting to login to a device in their organization’s finance department but is unable to. What is the problem?

A. The IT training rule is taking precedence over the IT Admins rule.
B. The authorization conditions wrongly allow IT Admins group no access to finance devices.
C. The finance location is not a condition in the policy set.
D. The authorization policy doesn’t correctly grant them access to the finance devices.

Answer: C

QUESTION 117
When creating a policy within Cisco ISE for network access control, the administrator wants to allow different access restrictions based upon the wireless SSID to which the device is connecting. Which policy condition must be used in order to accomplish this?

A. Network Access NetworkDeviceName CONTAINS <SSID Name>
B. DEVICE Device Type CONTAINS <SSID Name>
C. Radius Called-Station-ID CONTAINS <SSID Name>
D. Airespace Airespace-Wlan-ld CONTAINS <SSID Name>

Answer: A

QUESTION 118
There is a need within an organization for a new policy to be created in Cisco ISE. It must validate that a specific anti-virus application is not only installed, but running on a machine before it is allowed access to the network. Which posture condition should the administrator configure in order for this policy to work?

A. file
B. registry
C. application
D. service

Answer: C

QUESTION 119
An organization wants to improve their BYOD processes to have Cisco ISE issue certificates to the BYOD endpoints. Currently, they have an active certificate authority and do not want to replace it with Cisco ISE. What must be configured within Cisco ISE to accomplish this goal?

A. Create a certificate signing request and have the root certificate authority sign it.
B. Add the root certificate authority to the trust store and enable it for authentication.
C. Create an SCEP profile to link Cisco ISE with the root certificate authority.
D. Add an OCSP profile and configure the root certificate authority as secondary.

Answer: C

QUESTION 120
An administrator is adding network devices for a new medical building into Cisco ISE. These devices must be in a network device group that is identifying them as “Medical Switch” so that the policies can be made separately for the endpoints connecting through them. Which configuration item must be changed in the network device within Cisco ISE to accomplish this goal?

A. Change the device type to Medical Switch.
B. Change the device profile to Medical Switch.
C. Change the model name to Medical Switch.
D. Change the device location to Medical Switch.

Answer: A

QUESTION 121
An engineer is designing a new distributed deployment for Cisco ISE in the network and is considering failover options for the admin nodes. There is a need to ensure that an admin node is available for configuration of policies at all times. What is the requirement to enable this feature?

A. one primary admin and one secondary admin node in the deployment
B. one policy services node and one secondary admin node
C. one policy services node and one monitoring and troubleshooting node
D. one primary admin node and one monitoring and troubleshooting node

Answer: A

QUESTION 122
A company manager is hosting a conference. Conference participants must connect to an open guest SSID and only use a preassigned code that they enter into the guest portal prior to gaining access to the network. How should the manager configure Cisco ISE to accomplish this goal?

A. Create entries in the guest identity group for all participants.
B. Create an access code to be entered in the AUP page.
C. Create logins for each participant to give them sponsored access.
D. Create a registration code to be entered on the portal splash page.

Answer: B

QUESTION 123
A network security engineer needs to configure 802.1X port authentication to allow a single host to be authenticated for data and another single host to be authenticated for voice. Which command should the engineer run on the interface to accomplish this goal?

A. authentication host-mode single-host
B. authentication host-mode multi-auth
C. authentication host-mode multi-host
D. authentication host-mode multi-domain

Answer: B

QUESTION 124
When setting up profiling in an environment using Cisco ISE for network access control, an organization must use non-proprietary protocols for collecting the information at layer 2. Which two probes will provide this information without forwarding SPAN packets to Cisco ISE? {Choose two.)

A. DHCP SPAN probe
B. SNMP query probe
C. NetFlow probe
D. RADIUS probe
E. DNS probe

Answer: AE

QUESTION 125
What is a function of client provisioning?

A. Client provisioning ensures that endpoints receive the appropriate posture agents.
B. Client provisioning checks a dictionary attribute with a value.
C. Client provisioning ensures an application process is running on the endpoint.
D. Client provisioning checks the existence, date, and versions of the file on a client.

Answer: C

---

Resources From:

1.2021 Latest Braindump2go 300-715 Exam Dumps (PDF & VCE) Free Share:
https://www.braindump2go.com/300-715.html

2.2021 Latest Braindump2go 300-715 PDF and 300-715 VCE Dumps Free Share:
https://drive.google.com/drive/folders/1-jcJT1SxbH3DDB-cgSq_cPEhlxMEfvFK?usp=sharing

3.2021 Free Braindump2go300-715 Exam Questions Download:
https://www.braindump2go.com/free-online-pdf/300-715-PDF-Dumps(104-125).pdf
https://www.braindump2go.com/free-online-pdf/300-715-VCE-Dumps(104-125).pdf

Free Resources from Braindump2go,We Devoted to Helping You 100% Pass All Exams!