May/2021 Latest Braindump2go 300-715 Exam Dumps with PDF and VCE Free Updated Today! Following are some new 300-715 Real Exam Questions!

QUESTION 146
A network administrator is configuring authorization policies on Cisco ISE.
There is a requirement to use AD group assignments to control access to network resources.
After a recent power failure and Cisco ISE rebooting itself, the AD group assignments no longer work.
What is the cause of this issue?

A. The AD join point is no longer connected.
B. The AD DNS response is slow.
C. The certificate checks are not being conducted.
D. The network devices ports are shut down.

Answer: A
Explanation:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/ise_active_directory_integration/b_ISE_AD_integration_2x.html#ID612

QUESTION 147
A network administrator is setting up wireless guest access and has been unsuccessful in testing client access.
The endpoint is able to connect to the SSID but is unable to grant access to the guest network through the guest portal.
What must be done to identify the problem?

A. Use context visibility to verify posture status.
B. Use the endpoint ID to execute a session trace.
C. Use the identity group to validate the authorization rules.
D. Use traceroute to ensure connectivity.

Answer: B
Explanation:
https://www.cisco.com/c/en/us/td/docs/security/ise/1-3/admin_guide/b_ise_admin_guide_13/b_ise_admin_guide_sample_chapter_011001.html#concept_87916A77E8774545B36D0BB422429596

QUESTION 148
An administrator is configuring new probes to use with Cisco ISE and wants to use metadata to help profile the endpoints.
The metadata must contain traffic information relating to the endpoints instead of industry-standard protocol information.
Which probe should be enabled to meet these requirements?

A. NetFlow probe
B. DNS probe
C. DHCP probe
D. SNMP query probe

Answer: C
Explanation:
http://www.network-node.com/blog/2016/1/2/ise-20-profiling

QUESTION 149
An organization wants to standardize the 802 1X configuration on their switches and remove static ACLs on the switch ports while allowing Cisco ISE to communicate to the switch what access to provide.
What must be configured to accomplish this task?

A. security group tag within the authorization policy
B. extended access-list on the switch for the client
C. port security on the switch based on the client’s information
D. dynamic access list within the authorization profile

Answer: A
Explanation:
https://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_sga_pol.html#

QUESTION 150
A network engineer is configuring guest access and notices that when a guest user registers a second device for access, the first device loses access.
What must be done to ensure that both devices for a particular user are able to access the guest network simultaneously?

A. Configure the sponsor group to increase the number of logins.
B. Use a custom portal to increase the number of logins
C. Modify the guest type to increase the number of maximum devices
D. Create an Adaptive Network Control policy to increase the number of devices

Answer: C
Explanation:
https://content.cisco.com/chapter.sjs?uri=/searchable/chapter/content/en/us/td/docs/security/ise/2-7/admin_guide/b_ise_admin_guide_27/b_ise_admin_guide_27_chapter_01111.html.xml

QUESTION 151
An organization is implementing Cisco ISE posture services and must ensure that a host-based firewall is in place on every Windows and Mac computer that attempts to access the network.
They have multiple vendors’ firewall applications for their devices, so the engineers creating the policies are unable to use a specific application check in order to validate the posture for this.
What should be done to enable this type of posture check?

A. Use the file registry condition to ensure that the firewal is installed and running appropriately.
B. Use a compound condition to look for the Windows or Mac native firewall applications.
C. Enable the default firewall condition to check for any vendor firewall application.
D. Enable the default application condition to identify the applications installed and validade the firewall app.

Answer: C
Explanation:
https://www.youtube.com/watch?v=6Kj8P8Hn7dY&t=109s&ab_channel=CiscoISE-IdentityServicesEngine

QUESTION 152
An administrator is configuring TACACS+ on a Cisco switch but cannot authenticate users with Cisco ISE.
The configuration contains the correct key of Cisc039712287. But the switch is not receiving a response from the Cisco ISE instance.
What must be done to validate the AAA configuration and identify the problem with the TACACS+ servers?

A. Check for server reachability using the test aaa group tacacs+ admin <key> legacy command.
B. Test the user account on the server using the test aaa group radius server CUCS user admin pass <key> legacy command.
C. Validate that the key value is correct using the test aaa authentication admin <key> legacy command.
D. Confirm the authorization policies are correct using the test aaa authorization admin drop legacy command.

Answer: A
Explanation:
https://medium.com/training-course-ccna-security-210-260/ccna-security-part-3-implementing-aaa-in-cisco-ios-4b13ab285f51

QUESTION 153
Refer to the exhibit. In which scenario does this switch configuration apply?

A. when allowing a hub with multiple clients connected
B. when passing IP phone authentication
C. when allowing multiple IP phones to be connected
D. when preventing users with hypervisor

Answer: A

QUESTION 154
When configuring an authorization policy, an administrator cannot see specific Active Directory groups present in their domain to be used as a policy condition.
However, other groups that are in the same domain are seen. What is causing this issue?

A. Cisco ISE only sees the built-in groups, not user created ones
B. The groups are present but need to be manually typed as conditions
C. Cisco ISE’s connection to the AD join point is failing
D. The groups are not added to Cisco ISE under the AD join point

Answer: D

QUESTION 155
A network administrator changed a Cisco ISE deployment from pilot to production and noticed that the JVM memory utilization increased significantly.
The administrator suspects this is due to replication between the nodes.
What must be configured to minimize performance degradation?

A. Review the profiling policies for any misconfiguration
B. Enable the endpoint attribute filter
C. Change the reauthenticate interval.
D. Ensure that Cisco ISE is updated with the latest profiler feed update

Answer: B
Explanation:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/admin_guide/b_ise_admin_guide_23/b_ise_admin_guide_23_chapter_010111.html

QUESTION 156
An engineer is designing a BYOD environment utilizing Cisco ISE for devices that do not support native supplicants. Which portal must the security engineer configure to accomplish this task?

A. MDM
B. Client provisioning
C. My devices
D. BYOD

Answer: C
Explanation:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/admin_guide/b_ise_admin_guide_22/b_ise_admin_guide_22_chapter_01111.html

QUESTION 157
A Cisco ISE administrator needs to ensure that guest endpoint registrations are only valid for one day. When testing the guest policy flow, the administrator sees that the Cisco ISE does not delete the endpoint in the Guest Endpoints identity store after one day and allows access to the guest network after that period. Which configuration is causing this problem?

A. The Endpoint Purge Policy is set to 30 days for guest devices
B. The RADIUS policy set for guest access is set to allow repeated authentication of the same device
C. The length of access is set to 7 days in the Guest Portal Settings
D. The Guest Account Purge Policy is set to 15 days

Answer: A

QUESTION 158
A network engineer is configuring Cisco TrustSec and needs to ensure that the Security Group Tag is being transmitted between two devices.
Where in the Layer 2 frame should this be verified?

A. CMD filed
B. 802.1Q filed
C. Payload
D. 802.1 AE header

Answer: A
Explanation:
https://www.cisco.com/c/dam/global/en_ca/assets/ciscoconnect/2014/pdfs/policy_defined_segmentation_with_trustsec_rob_bleeker.pdf (slide 25)

QUESTION 159
A Cisco ISE server sends a CoA to a NAD after a user logs in successfully using CWA. Which action does the CoA perform?

A. It terminates the client session
B. It applies the downloadable ACL provided in the CoA
C. It applies new permissions provided in the CoA to the client session.
D. It triggers the NAD to reauthenticate the client

Answer: B
Explanation:
https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732-central-web-auth-00.html
https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/113362-config-web-auth-ise-00.html

QUESTION 160
A customer wants to set up the Sponsor portal and delegate the authentication flow to a third party for added security while using Kerberos.
Which database should be used to accomplish this goal?

A. RSA Token Server
B. Active Directory
C. Local Database
D. LDAP

Answer: B
Explanation:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-6/admin_guide/b_ise_admin_guide_26/b_ise_admin_guide_26_chapter_01111.html#concept_srz_ bkb_4db

QUESTION 161
An administrator is configuring a Cisco ISE posture agent in the client provisioning policy and needs to ensure that the posture policies that interact with clients are monitored, and end users are required to comply with network usage rules. Which two resources must be added in Cisco ISE to accomplish this goal? (Choose two)

A. AnyConnect
B. Supplicant
C. Cisco ISE NAC
D. PEAP
E. Posture Agent

Answer: AE
Explanation:
https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect40/administration/guide/b_AnyConnect_Administrator_Guide_4-0/configure-posture.html
https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ISE_admin_guide_24/m_configure_client_provisioning.html#task_D1C2E8ECE1D 54D259C01BCBF0A5822F1

QUESTION 162
Refer to the exhibit. Which switch configuration change will allow only one voice and one data endpoint on each port?

A. Multi-auth to multi-domain
B. Mab to dot1x
C. Auto to manual
D. Multi-auth to single-auth

Answer: A
Explanation:
https://community.cisco.com/t5/network-access-control/cisco-ise-multi-auth-or-multi-host/m-p/3750907

QUESTION 163
An administrator needs to give the same level of access to the network devices when users are logging into them using TACACS+.
However, the administrator must restrict certain commands based on one of three user roles that require different commands.
How is this accomplished without creating too many objects using Cisco ISE?

A. Create one shell profile and multiple command sets.
B. Create multiple shell profiles and multiple command sets.
C. Create one shell profile and one command set.
D. Create multiple shell profiles and one command set

Answer: B
Explanation:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_0100010.html
https://www.youtube.com/watch?v=IlZwB71Szog&ab_channel=JasonMaynard

QUESTION 164
An administrator for a small network is configuring Cisco ISE to provide dynamic network access to users.
Management needs Cisco ISE to not automatically trigger a CoA whenever a profile change is detected.
Instead, the administrator needs to verify the new profile and manually trigger a CoA.
What must be configuring in the profiler to accomplish this goal?

A. Port Bounce
B. No CoA
C. Session Query
D. Reauth

Answer: B
Explanation:
https://ciscocustomer.lookbookhq.com/iseguidedjourney/ISE-profiling-policies

QUESTION 165
Drag and Drop Question
Drag and drop the description from the left onto the protocol on the right that is used to carry out system authentication, authentication, and accounting.

Answer:

---

Resources From:

1.2021 Latest Braindump2go 300-715 Exam Dumps (PDF & VCE) Free Share:
https://www.braindump2go.com/300-715.html

2.2021 Latest Braindump2go 300-715 PDF and 300-715 VCE Dumps Free Share:
https://drive.google.com/drive/folders/1-jcJT1SxbH3DDB-cgSq_cPEhlxMEfvFK?usp=sharing

3.2021 Free Braindump2go 300-715 Exam Questions Download:
https://www.braindump2go.com/free-online-pdf/300-715-PDF-Dumps(146-165).pdf

Free Resources from Braindump2go,We Devoted to Helping You 100% Pass All Exams!