[March-2022]Exam Pass 100%!Braindump2go 300-715 PDF Dumps 300-715 200Q Instant Download[Q177-Q198]
March/2022 Latest Braindump2go 300-715 Exam Dumps with PDF and VCE Free Updated Today! Following are some new 300-715 Real Exam Questions!
QUESTION 177
An administrator is configuring a new profiling policy within Cisco ISE. The organization has several endpoints that are the same device type and all have the same Block ID in their MAC address. The profiler does not currently have a profiling policy created to categorize these endpoints, therefore a custom profiling policy must be created.
Which condition must the administrator use in order to properly profile an ACME Al Connector endpoint for network access with MAC address <MAC ADDRESS>?
A. MAC_OUI_STARTSWITH_<MACADDRESS>
B. CDP_cdpCacheDevicelD_CONTAINS_<MACADDRESS>
C. MAC_MACAddress_CONTAINS_<MACADDRESS>
D. Radius Called Station-ID STARTSWITH <MACADDRESS>
Answer: D
QUESTION 178
A network administrator is configuring client provisioning resource policies for client machines and must ensure that an agent pop-up is presented to the client when attempting to connect to the network.
Which configuration item needs to be added to allow for this?
A. the client provisioning URL in the authorization policy
B. a temporal agent that gets installed onto the system
C. a remote posture agent proxying the network connection
D. an API connection back to the client
Answer: C
QUESTION 179
A network administrator must configure Cisco SE Personas in the company to share session information via syslog.
Which Cisco ISE personas must be added to syslog receivers to accomplish this goal?
A. pxGrid
B. admin
C. policy services
D. monitor
Answer: D
QUESTION 180
A network administrator notices that after a company-wide shut down, many users cannot connect their laptops to the corporate SSID.
What must be done to permit access in a timely manner?
A. Authenticate the user’s system to the secondary Cisco ISE node and move this user to the primary with the renewed certificate.
B. Connect this system as a guest user and then redirect the web auth protocol to log in to the network.
C. Add a certificate issue from the CA server, revoke the expired certificate, and add the new certificate in system.
D. Allow authentication for expired certificates within the EAP-TLS section under the allowed protocols.
Answer: A
QUESTION 181
What is the maximum number of PSN nodes supported in a medium-sized deployment?
A. three
B. five
C. two
D. eight
Answer: B
QUESTION 182
An engineer tests Cisco ISE posture services on the network and must configure the compliance module to automatically download and install on endpoints.
Which action accomplishes this task for VPN users?
A. Create a Cisco AnyConnect configuration and Client Provisioning policy within Cisco ISE.
B. Configure the compliance module to be downloaded from within the posture policy.
C. Push the compliance module from Cisco FTD prior to attempting posture.
D. Use a compound posture condition to check for the compliance module and download if needed.
Answer: A
QUESTION 183
Users in an organization report issues about having to remember multiple usernames and passwords. The network administrator wants the existing Cisco ISE deployment to utilize an external identity source to alleviate this issue.
Which two requirements must be met to implement this change? (Choose two.)
A. Enable IPC access over port 80.
B. Ensure that the NAT address is properly configured
C. Establish access to one Global Catalog server.
D. Provide domain administrator access to Active Directory.
E. Configure a secure LDAP connection.
Answer: CD
QUESTION 184
Which two external identity stores support EAP-TLS and PEAP-TLS? (Choose two.)
A. Active Directory
B. RADIUS Token
C. Internal Database
D. RSA SecurlD
E. LDAP
Answer: AE
QUESTION 185
What is a function of client provisioning?
A. It ensures an application process is running on the endpoint.
B. It checks a dictionary’ attribute with a value.
C. It ensures that endpoints receive the appropriate posture agents
D. It checks the existence date and versions of the file on a client.
Answer: C
QUESTION 186
An administrator is troubleshooting an endpoint that is supposed to bypass 802.1X and use MAB. The endpoint is bypassing 802.1X and successfully getting network access using MAB. However the endpoint cannot communicate because it cannot obtain an IP address. What is the problem?
A. The DHCP probe for Cisco ISE is not working as expected.
B. The 802.1 X timeout period is too long.
C. The endpoint is using the wrong protocol to authenticate with Cisco ISE.
D. An AC I on the port is blocking HTTP traffic
Answer: B
QUESTION 187
A Cisco ISE administrator must restrict specific endpoints from accessing the network while in closed mode. The requirement is to have Cisco ISE centrally store the endpoints to restrict access from.
What must be done to accomplish this task?
A. Add each MAC address manually to a blocklist identity group and create a policy denying access
B. Create a logical profile for each device’s profile policy and block that via authorization policies.
C. Create a profiling policy for each endpoint with the cdpCacheDeviceld attribute.
D. Add each IP address to a policy denying access.
Answer: B
QUESTION 188
An engineer deploys Cisco ISE and must configure Active Directory to then use information from Active Directory in an authorization policy.
Which two components must be configured, in addition to Active Directory groups, to achieve this goal? (Choose two )
A. Active Directory External Identity Sources
B. Library Condition for External Identity. External Groups
C. Identity Source Sequences
D. LDAP External Identity Sources
E. Library Condition for Identity Group: User Identity Group
Answer: AB
QUESTION 189
An engineer is working with a distributed deployment of Cisco ISE and needs to configure various network probes to collect a set of attributes from the endpoints on the network.
Which node should be used to accomplish this task?
A. PSN
B. primary PAN
C. pxGrid
D. MnT
Answer: A
QUESTION 190
An engineer is configuring TACACS+ within Cisco ISE for use with a non-Cisco network device. They need to send special attributes in the Access-Accept response to ensure that the users are given the appropriate access. What must be configured to accomplish this?
A. dACLs to enforce the various access policies for the users
B. custom access conditions for defining the different roles
C. shell profiles with custom attributes that define the various roles
D. TACACS+ command sets to provide appropriate access
Answer: C
QUESTION 191
An engineer is configuring Cisco ISE policies to support MAB for devices that do not have 802.1X capabilities. The engineer is configuring new endpoint identity groups as conditions to be used in the AuthZ policies, but noticed that the endpoints are not hitting the correct policies.
What must be done in order to get the devices into the right policies?
A. Manually add the MAC addresses of the devices to endpoint ID groups in the context visibility database.
B. Create an AuthZ policy to identify Unknown devices and provide partial network access prior to profiling.
C. Add an identity policy to dynamically add the IP address of the devices to their endpoint identity groups.
D. Identify the non 802.1x supported device types and create custom profiles for them to profile into.
Answer: A
QUESTION 192
An administrator is configuring a Cisco WLC for web authentication.
Which two client profiling methods are enabled by default if the Apply Cisco ISE Default Settings check box has been selected? (Choose two.)
A. CDP
B. DHCP
C. HTTP
D. SNMP
E. LLDP
Answer: BC
QUESTION 193
An administrator needs to allow guest devices to connect to a private network without requiring usernames and passwords.
Which two features must be configured to allow for this? (Choose two.)
A. hotspot guest portal
B. device registration WebAuth
C. central WebAuth
D. local WebAuth
E. self-registered guest portal
Answer: AB
QUESTION 194
An engineer is enabling a newly configured wireless SSID for tablets and needs visibility into which other types of devices are connecting to it.
What must be done on the Cisco WLC to provide this information to Cisco ISE?
A. enable IP Device Tracking
B. enable MAC filtering
C. enable Fast Transition
D. enable mDNS snooping
Answer: B
QUESTION 195
A network administrator is currently using Cisco ISE to authenticate devices and users via 802.1X. There is now a need to also authorize devices and users using EAP-TLS.
Which two additional components must be configured in Cisco ISE to accomplish this? (Choose two.)
A. Network Device Group
B. Serial Number attribute that maps to a CA Server
C. Common Name attribute that maps to an identity store
D. Certificate Authentication Profile
E. EAP Authorization Profile
Answer: CD
QUESTION 196
An engineer is configuring sponsored guest access and needs to limit each sponsored guest to a maximum of two devices. There are other guest services in production that rely on the default guest types. How should this configuration change be made without disrupting the other guest services currently offering three or more guest devices per user?
A. Create an ISE identity group to add users to and limit the number of logins via the group configuration.
B. Create a new guest type and set the maximum number of devices sponsored guests can register
C. Create an LDAP login for each guest and tag that in the guest portal for authentication.
D. Create a new sponsor group and adjust the settings to limit the devices for each guest.
Answer: B
QUESTION 197
A Cisco ISE administrator needs to ensure that guest endpoint registrations are only valid for 1 day. When testing the guest policy flow, the administrator sees that the Cisco ISE does not delete the endpoint in the Guest Endpoints identity store after one day and allows access to the guest network after that period. Which configuration is causing this problem?
A. The RADIUS policy set for guest access is set to allow repeated authentication of the same device.
B. The length of access is set to 7 days in the Guest Portal Settings.
C. The Endpoint Purge Policy is set to 30 days for guest devices.
D. The Guest Account Purge Policy is set to 15 days.
Answer: C
QUESTION 198
An employee must access the internet through the corporate network from a new mobile device that does not support native supplicant provisioning provided by Cisco ISE.
Which portal must the employee use to provision to the device?
A. BYOD
B. Personal Device
C. My Devices
D. Client Provisioning
Answer: C
Resources From:
1.2022 Latest Braindump2go 300-715 Exam Dumps (PDF & VCE) Free Share:
https://www.braindump2go.com/300-715.html
2.2022 Latest Braindump2go 300-715 PDF and 300-715 VCE Dumps Free Share:
https://drive.google.com/drive/folders/1-jcJT1SxbH3DDB-cgSq_cPEhlxMEfvFK?usp=sharing
3.2021 Free Braindump2go 300-715 Exam Questions Download:
https://www.braindump2go.com/free-online-pdf/300-715-PDF-Dumps(177-198).pdf
Free Resources from Braindump2go,We Devoted to Helping You 100% Pass All Exams!