DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Updated Cisco 300-715 SISE Exam Dumps for Effective Exam Preparation

Real Cisco 300-715 SISE exam questions are essential for success in the Cisco Data Center certification journey. Our comprehensive collection includes practice tests, a practice exam, and meticulously crafted exam questions and answers. These resources are designed to enhance your exam preparation by providing in-depth study material and valuable insights into test questions. With our exam resources, you'll gain the confidence to tackle the real exam and successfully pass with flying colors. Each question is curated to mirror the complexity and format of the actual Cisco 300-715 SISE exam, ensuring that you're fully prepared for any challenge that may arise. Whether you're reviewing concepts or testing your knowledge, our exam questions will guide you towards exam success. Prepare effectively, study diligently, and utilize our Cisco 300-715 SISE exam questions to maximize your chances of achieving Cisco Data Center certification. Unlock your potential and excel in your certification journey with our trusted exam resources.
Take other online exams

Question #1
An organization is adding new profiling probes to the system to improve profiling on Oseo ISE The probes must support a common network management protocol to receive information about the endpoints and the ports to which they are connected What must be configured on the network device to accomplish this goal?
A. RP
B. NMP
C. CCP
D. CMP
View answer
Correct Answer: B
Question #2
What is needed to configure wireless guest access on the network?
A. ndpoint already profiled in ISE
B. EBAUTH ACL for redirection
C. alid user account in Active Directory
D. aptive Portal Bypass turned on
View answer
Correct Answer: D
Question #3
A user reports that the RADIUS accounting packets are not being seen on the Cisco ISE server.Which command is the user missing in the switch's configuration?
A. adius-server vsa send accounting
B. aa accounting network default start-stop group radius
C. aa accounting resource default start-stop group radius
D. aa accounting exec default start-stop group radios
View answer
Correct Answer: A
Question #4
If a user reports a device lost or stolen, which portal should be used to prevent the device from accessing the network while still providing information about why the device is blocked?
A. lient Provisioning
B. uest
C. YOD
D. lacklist
View answer
Correct Answer: D
Question #5
What must be configured on the WLC to configure Central Web Authentication using Cisco ISE and a WLC?
A. et the NAC State option to SNMP NAC
B. et the NAC State option to RADIUS NAC
C. se the radius-server vsa send authentication command
D. se the ip access-group webauth in command
View answer
Correct Answer: B
Question #6
DRAG DROP (Drag and Drop is not supported)An organization wants to implement 802.1X and is debating whether to use PEAP-MSCHAPv2 or PEAP-EAP-TLS for authentication. Drag the characteristics on the left to the corresponding protocol on the right.
A. he company's subnets are organized by building
B. tatic group assignment
C. P address
D. evice registration status
E. AC address
View answer
Correct Answer: A
Question #7
Which two features are available when the primary admin node is down and the secondary admin node has not been promoted? (Choose two.)
A. isco Secure Services Client and Cisco Access Control Server
B. isco AnyConnect NAM and Cisco Identity Service Engine
C. isco AnyConnect NAM and Cisco Access Control Server
D. indows Native Supplicant and Cisco Identity Service Engine
View answer
Correct Answer: BD
Question #8
What occurs when a Cisco ISE distributed deployment has two nodes and the secondary node is deregistered?
A. CP 8909
B. CP 8905
C. DP 1812
D. CP 443
View answer
Correct Answer: D
Question #9
The security team identified a rogue endpoint with MAC address 00.46.91.02.28.4A attached to the network. Which action must security engineer take within Cisco ISE to effectivelyrestrict network access for this endpoint?
A. onfigure access control list on network switches to block traffic
B. reate authentication policy to force reauthentication
C. dd MAC address to the endpoint quarantine list
D. mplement authentication policy to deny access
View answer
Correct Answer: C
Question #10
An organization is hosting a conference and must make guest accounts for several of the speakers attending. The conference ended two days early but the guest accounts are still being used to access the network.What must be configured to correct this?
A. reate an authorization rule denying sponsored guest access
B. avigate to the Guest Portal and delete the guest accounts
C. reate an authorization rule denying guest access
D. avigate to the Sponsor Portal and suspend the guest accounts
View answer
Correct Answer: D
Question #11
An administrator connects an HP printer to a dot1x enable port, but the printer in not accessible Which feature must the administrator enable to access the printer?
A. ort Bounce
B. eauth
C. oCoA
D. isconnect
View answer
Correct Answer: A
Question #12
Which supplicant(s) and server(s) are capable of supporting EAP-CHAINING?
A. isco AnyConnect NAM and Cisco Identity Service Engine
B. isco AnyConnect NAM and Cisco Access Control Server
C. isco Secure Services Client and Cisco Access Control Server
D. indows Native Supplicant and Cisco Identity Service Engine
View answer
Correct Answer: A
Question #13
A network administrator has just added a front desk receptionist account to the Cisco ISE Guest Service sponsor group.Using the Cisco ISE Guest Sponsor Portal, which guest services can the receptionist provide?
A. Keep track of guest user activities
B. Create and manage guest user accounts
C. Configure authorization settings for guest users
D. Authenticate guest users to Cisco ISE
View answer
Correct Answer: B
Question #14
08. With what types of authentication types can MS-CHAPv2 be used when the identity store has an LDAP connection to Active Directory?
A. broadcaststormwouldbecreatedastheendpointdevicewaspluggedintotheinterface
B. non-802
C. rogueusercouldunplugthenon-802
D. ebootingthedevicewouldcausetheswitchporttogointoanerrordisablestate
View answer
Correct Answer: C
Question #15
Which two features should be used on Cisco ISE to enable the TACACS+ feature? (Choose two )
A. GT
B. ACL
C. LAN
D. BAC
View answer
Correct Answer: BC
Question #16
What is an advantage of using EAP-TLS over EAP-MS-CHAPv2 for client authentication?
A. AP-TLS uses a username and password for authentication to enhance security, while EAP-MS- CHAPv2 does not
B. AP-TLS secures the exchange of credentials, while EAP-MS-CHAPv2 does not
C. AP-TLS uses a device certificate for authentication to enhance security, while EAP-MS-CHAPv2 does not
D. AP-TLS uses multiple forms of authentication, while EAP-MS-CHAPv2 only uses one
View answer
Correct Answer: C
Question #17
A network engineer is configuring a network device that needs to filter traffic based on security group tags using a security policy on a routed into this task?
A. ts authorization list
B. ts role-based enforcement
C. ts cache enable
D. ts role-based policy priority-static
View answer
Correct Answer: B
Question #18
An engineer is configuring static SGT classification. Which configuration should be used when authentication is disabled and third-party switches are in use?
A. LAN to SGT mapping
B. P Address to SGT mapping
C. 3IF to SGT mapping
D. ubnet to SGT mapping
View answer
Correct Answer: B
Question #19
An engineer is configuring a virtual Cisco ISE deployment and needs each persona to be on a different node.Which persona should be configured with the largest amount of storage in this environment?
A. olicy Services
B. rimary Administration
C. onitoring and Troubleshooting
D. latform Exchange Grid
View answer
Correct Answer: C
Question #20
An administrator is adding network devices for a new medical building into Cisco ISE. These devices must be in a network device group that is identifying them as "Medical Switch" so that the policies can be made separately for the endpoints connecting through them.Which configuration item must be changed in the network device within Cisco ISE to accomplish this goal?
A. hange the device type to Medical Switch
B. hange the device profile to Medical Switch
C. hange the model name to Medical Switch
D. hange the device location to Medical Switch
View answer
Correct Answer: A
Question #21
A company manager is hosting a conference. Conference participants must connect to an open guest SSID and only use a preassigned code that they enter into the guest portal prior to gaining access to the network. How should the manager configure Cisco ISE to accomplish this goal?
A. reate entries in the guest identity group for all participants
B. reate an access code to be entered in the AUP page
C. reate logins for each participant to give them sponsored access
D. reate a registration code to be entered on the portal splash page
View answer
Correct Answer: B
Question #22
What should be considered when configuring certificates for BYOD?
A. he SAN field is populated with the end user name
B. he CN field is populated with the endpoint host name
C. n endpoint certificate is mandatory for the Cisco ISE BYOD
D. n Android endpoint uses EST, whereas other operating systems use SCEP for enrollment
View answer
Correct Answer: C
Question #23
An engineer is configuring 802.1X and wants it to be transparent from the users' point of view. The implementation should provide open authentication on the switch ports while providing strong levels of security for non-authenticated devices.Which deployment mode should be used to achieve this?
A. losed
B. ow-impact
C. pen
D. igh-impact
View answer
Correct Answer: B
Question #24
Which two features must be used on Cisco ISE to enable the TACACS. feature? (Choose two)
A. isco App Store
B. icrosoft App Store
C. isco ISE directly
D. ative OTA functionality
View answer
Correct Answer: AD
Question #25
02. When an endpoint is quarantined with Adaptive Network Control (ANC), what happens to the endpoint?
A. serdatabase
B. ndpointdatabase
C. ystemdatabase
D. dmindatabase
View answer
Correct Answer: AB
Question #26
What is needed to configure wireless guest access on the network?
A. endpoint already profiled in ISE
B. WEBAUTH ACL for redirection
C. Captive Portal Bypass turned on
D. valid user account in Active Directory
View answer
Correct Answer: C
Question #27
When setting up profiling in an environment using Cisco ISE for network access control, an organization must use non-proprietary protocols for collecting the information at layer 2.Which two probes will provide this information without forwarding SPAN packets to Cisco ISE? {Choose two.)
A. lient provisioning ensures that endpoints receive the appropriate posture agents
B. lient provisioning checks a dictionary attribute with a value
C. lient provisioning ensures an application process is running on the endpoint
D. lient provisioning checks the existence, date, and versions of the file on a client
View answer
Correct Answer: BD
Question #28
An organization wants to improve their BYOD processes to have Cisco ISE issue certificates to the BYOD endpoints. Currently, they have an active certificate authority and do not want to replace it with Cisco ISE. What must be configured within Cisco ISE to accomplish this goal?
A. reate a certificate signing request and have the root certificate authority sign it
B. dd the root certificate authority to the trust store and enable it for authentication
C. reate an SCEP profile to link Cisco ISE with the root certificate authority
D. dd an OCSP profile and configure the root certificate authority as secondary
View answer
Correct Answer: C
Question #29
A network administrator is configuring a secondary cisco ISE node from the backup configuration of the primary cisco ISE node to create a high availability pair The Cisco ISE CA certificates and keys must be manually backed up from the primary Cisco ISE and copied into the secondary Cisco ISE Which command most be issued for this to work?
A. opy certificate Ise
B. pplication configure Ise
C. ertificate configure Ise
D. mport certificate Ise
View answer
Correct Answer: B
Question #30
Which personas can a Cisco ISE node assume'?
A. olicy service, gatekeeping, and monitoring
B. dministration, policy service, and monitoring
C. dministration, policy service, gatekeeping
D. dministration, monitoring, and gatekeeping
View answer
Correct Answer: B
Question #31
What occurs when a Cisco ISE distributed deployment has two nodes and the secondary node is deregistered?
A. he secondary node restarts
B. he primary node restarts
C. oth nodes restart
D. he primary node becomes standalone
View answer
Correct Answer: C
Question #32
Which configuration is required in the Cisco ISE authentication policy to allow Central Web Authentication?
A. MAB and if user not found, continue
B. MAB and if authentication failed, continue
C. Dot1x and if authentication failed, continue
D. Dot1x and if user not found, continue
View answer
Correct Answer: A
Question #33
Which configuration is required in the Cisco ISE authentication policy to allow Central Web Authentication?
A. AB and if user not found, continue
B. AB and if authentication failed, continue
C. ot1x and if user not found, continue
D. ot1x and if authentication failed, continue
View answer
Correct Answer: A
Question #34
An administrator for a small network is configuring Cisco ISE to provide dynamic network access to users. Management needs Cisco ISE to not automatically trigger a CoA whenever a profile change is detected. Instead, the administrator needs to verify the new profile and manually trigger a Co
A. hat must be configuring in the profiler to accomplish this goal?
B. ort Bounce
C. o CoA
D. ession Query
E. eauth
View answer
Correct Answer: B
Question #35
Which deployment mode allows for one or more policy service nodes to be used for session failover?
A. centralized
B. secondary
C. standalone
D. distributed
View answer
Correct Answer: D
Question #36
A Cisco ISE server sends a CoA to a NAD after a user logs in successfully using CWA Which action does the CoA perform?
A. t terminates the client session
B. t applies the downloadable ACL provided in the CoA
C. t applies new permissions provided in the CoA to the client session
D. t triggers the NAD to reauthenticate the client
View answer
Correct Answer: B
Question #37
What is the deployment mode when two Cisco ISE nodes are configured in an environment?
A. istributed
B. ctive
C. tandalone
D. tandard
View answer
Correct Answer: A
Question #38
An administrator is configuring new probes to use with Cisco ISE and wants to use metadata to help profile the endpoints. The metadata must contain traffic information relating to the endpoints instead of industry-standard protocol information Which probe should be enabled to meet these requirements?
A. etFlow probe
B. NS probe
C. HCP probe
D. NMP query probe
View answer
Correct Answer: C
Question #39
A network engineer is configuring Cisco TrustSec and needs to ensure that the Security Group Tag is being transmitted between two devices Where in the Layer 2 frame should this be verified?
A. MD filed
B. 02
C. ayload
D. 02
View answer
Correct Answer: A
Question #40
Refer to the exhibitRefer to the exhibit. In which scenario does this switch configuration apply?
A. hen allowing a hub with multiple clients connected
B. hen passing IP phone authentication
C. hen allowing multiple IP phones to be connected
D. hen preventing users with hypervisor
View answer
Correct Answer: A
Question #41
A network engineer is configuring guest access and notices that when a guest user registers a second device for access, the first device loses access What must be done to ensure that both devices for a particular user are able to access the guest network simultaneously?
A. onfigure the sponsor group to increase the number of logins
B. se a custom portal to increase the number of logins
C. odify the guest type to increase the number of maximum devices
D. reate an Adaptive Network Control policy to increase the number of devices
View answer
Correct Answer: C
Question #42
When creating a policy within Cisco ISE for network access control, the administrator wants to allow different access restrictions based upon the wireless SSID to which the device is connecting.Which policy condition must be used in order to accomplish this?
A. etwork Access NetworkDeviceName CONTAINS
B. EVICE Device Type CONTAINS
C. adius Called-Station-ID CONTAINS
D. irespace Airespace-Wlan-ld CONTAINS
View answer
Correct Answer: C
Question #43
An enterprise uses a separate PSN for each of its four remote sites. Recently, a user reported receiving an "EAP-TLS authentication failed" message when moving between remote sites. Which configuration must be applied on Cisco ISE?
A. se a third-party certificate on the network device
B. dd the device to all PSN nodes in the deployment
C. enew the expired certificate on one of the PSN
D. onfigure an authorization profile for the end users
View answer
Correct Answer: B
Question #44
06. How is an identity store sequence processed?
A. heendpointisblockedfromaccessingthenetwork,basedonMACaddre
B. heendpointisgivenInternet-onlyaccessuntilitisunquarantined
C. othinghappenswithoutacorrespondingsecuritypolicy
D. heendpointisblockedfromaccessingthenetwork,basedonIPaddre
View answer
Correct Answer: C
Question #45
Which Cisco ISE service allows an engineer to check the compliance of endpoints before connecting to the network?
A. ersonas
B. ualys
C. expose
D. osture
View answer
Correct Answer: D
Question #46
An organization has a fully distributed Cisco ISE deployment. When implementing probes, an administrator must scan for unknown endpoints to learn the IP-to-MAC address bindings. The scan is complete on one PSN, but the information is not available on the others.What must be done to make the information available?
A. Cisco ISE must be configured to learn the IP-MAC binding of unknown endpoints via RADIUS authentication, not via scanning
B. Cisco ISE must learn the IP-MAC binding of unknown endpoints via DHCP profiling, not via scanning
C. Scanning must be initiated from the MnT node to centrally gather the information
D. Scanning must be initiated from the PSN that last authenticated the endpoint
View answer
Correct Answer: B
Question #47
An engineer is configuring web authentication and needs to allow specific protocols to permit DNS traffic.Which type of access list should be used for this configuration?
A. eflexive ACL
B. xtended ACL
C. tandard ACL
D. umbered ACL
View answer
Correct Answer: B
Question #48
Which interface-level command is needed to turn on 802 1X authentication?
A. ofl1x pae authenticator
B. ot1x system-auth-control
C. uthentication host-mode single-host
D. aa server radius dynamic-author
View answer
Correct Answer: A
Question #49
Refer to the exhibit.An organization recently implemented network device administration using Cisco ISE. Upon testing the ability to access all of the required devices, a user in the Cisco ISE group IT Admins is attempting to login to a device in their organization's finance department but is unable to.What is the problem?
A. he IT training rule is taking precedence over the IT Admins rule
B. he authorization conditions wrongly allow IT Admins group no access to finance devices
C. he finance location is not a condition in the policy set
D. he authorization policy doesn't correctly grant them access to the finance devices
View answer
Correct Answer: D
Question #50
Which two events trigger a CoA for an endpoint when CoA is enabled globally for ReAuth? (Choose two.)
A. CP port 3080 must be opened between Cisco ISE and the feed server
B. isco ISE has a base license
C. isco ISE has access to an internal server to download feed update
D. isco ISE has Internet access to download feed update
View answer
Correct Answer: CD
Question #51
An administrator is configuring TACACS+ on a Cisco switch but cannot authenticate users with Cisco ISE. The configuration contains the correct key of Cisc039712287. but the switch is not receiving a response from the Cisco ISE instance What must be done to validate the AAA configuration and identify the problem with the TACACS+ servers?
A. heck for server reachability using the test aaa group tacacs+ admin legacy command
B. est the user account on the server using the test aaa group radius server CUCS user admin pass legacy command
C. alidate that the key value is correct using the test aaa authentication admin legacy command
D. onfirm the authorization policies are correct using the test aaa authorization admin drop legacy command
View answer
Correct Answer: A
Question #52
In which two ways can users and endpoints be classified for TrustSec?(Choose Two.)
A. IB
B. GT
C. MAB
D. ID
View answer
Correct Answer: AE
Question #53
An administrator is configuring posture with Cisco ISE and wants to check that specific services are present on the workstations that are attempting to access the network.What must be configured to accomplish this goal?
A. reate a registry posture condition using a non-OPSWAT API version
B. reate an application posture condition using a OPSWAT API version
C. reate a compound posture condition using a OPSWAT API version
D. reate a service posture condition using a non-OPSWAT API version
View answer
Correct Answer: D
Question #54
An administrator needs to connect ISE to Active Directory as an external authentication source and allow the proper ports through the firewall.Which two ports should be opened to accomplish this task? (Choose two)
A. TTP
B. NS
C. AP
D. HCP
View answer
Correct Answer: BE
Question #55
07. In the ISE command-line interface, what command can be entered to show the running application processes?
A. reateaCiscoISEmachineaccountinthedomainifthemachineaccountdoesnotalreadyexi
B. emovetheCiscoISEmachineaccountfromthedomain
C. etattributesontheCiscoISEmachineaccou
D. earchActiveDirectorytoseeifaCiscoISEmachineaccountalreadyexists
View answer
Correct Answer: D
Question #56
A network administrator changed a Cisco ISE deployment from pilot to production and noticed that the JVM memory utilization increased significantly. The administrator suspects this is due to replication between the nodes What must be configured to minimize performance degradation?
A. eview the profiling policies for any misconfiguration
B. nable the endpoint attribute filter
C. hange the reauthenticate interval
D. nsure that Cisco ISE is updated with the latest profiler feed update
View answer
Correct Answer: B
Question #57
What is a characteristic of the UDP protocol?
A. DP can detect when a server is down
B. DP offers best-effort delivery
C. DP can detect when a server is slow
D. DP offers information about a non-existent server
View answer
Correct Answer: B
Question #58
A customer wants to set up the Sponsor portal and delegate the authentication flow to a third party for added security while using Kerberos Which database should be used to accomplish this goal?
A. SA Token Server
B. ctive Directory
C. ocal Database
D. DAP
View answer
Correct Answer: B
Question #59
Which personas can a Cisco ISE node assume?
A. olicy service, gatekeeping, and monitoring
B. dministration, monitoring, and gatekeeping
C. dministration, policy service, and monitoring
D. dministration, policy service, gatekeeping
View answer
Correct Answer: C
Question #60
Which term refers to an endpoint agent that tries to join an 802 1X-enabled network?
A. AP server
B. upplicant
C. lient
D. uthenticator
View answer
Correct Answer: B
Question #61
An organization wants to split their Cisco ISE deployment to separate the device administration functionalities from the mam deployment. For this to work, the administrator must deregister any nodes that will become a part of the new deployment, but the button for this option is grayed out Which configuration is causing this behavior?
A. ne of the nodes is an active PSN
B. ne of the nodes is the Primary PAN
C. ll of the nodes participate in the PAN auto failover
D. ll of the nodes are actively being synched
View answer
Correct Answer: B
Question #62
What is a method for transporting security group tags throughout the network?
A. HCP
B. D
C. TTP
D. MAP
View answer
Correct Answer: B
Question #63
Which advanced option within a WLAN must be enabled to trigger Central Web Authentication for Wireless users on AireOS controller?
A. HCP server
B. tatic IP tunneling
C. verride Interface ACL
D. AA override
View answer
Correct Answer: D
Question #64
An administrator is configuring a switch port for use with 802.1X.What must be done so that the port will allow voice and multiple data endpoints?
A. Connect a hub to the switch port to allow multiple devices access after authentication
B. Configure the port with the authentication host-mode multi-auth command
C. Connect the data devices to the port, then attach the phone behind them
D. Use the command authentication host-mode multi-domain on the port
View answer
Correct Answer: B
Question #65
An administrator is adding a switch to a network that is running Cisco ISE and is only for IP Phones The phones do not have the ability to authenticate via 802 1X Which command is needed on each switch port for authentication?
A. ot1x system-auth-control
B. nable bypass-mac
C. nable network-authentication
D. ab
View answer
Correct Answer: D
Question #66
What is a valid guest portal type?
A. Sponsor
B. Sponsored-Guest
C. Captive-Guest
D. My Devices
View answer
Correct Answer: B
Question #67
Which advanced option within a WLAN must be enabled to trigger Central Web Authentication for Wireless users on AireOS controller?
A. DHCP server
B. override Interface ACL
C. static IP tunneling
D. AAA override
View answer
Correct Answer: D
Question #68
An engineer is working with a distributed deployment of Cisco ISE and needs to configure various network probes to collect a set of attributes from the used to accomplish this task?
A. olicy service
B. onitoring
C. xGrid
D. rimary policy administrator
View answer
Correct Answer: B
Question #69
Refer to the exhibit:Which command is typed within the CU of a switch to view the troubleshooting output?
A. how authentication sessions mac 000e
B. how authentication registrations
C. how authentication interface gigabitethemet2/0/36
D. how authentication sessions method
View answer
Correct Answer: A
Question #70
What allows an endpoint to obtain a digital certificate from Cisco ISE during a BYOD flow?
A. he primary node restarts
B. he secondary node restarts
C. he primary node becomes standalone
D. oth nodes restart
View answer
Correct Answer: D
Question #71
An administrator is attempting to replace the built-in self-signed certificates on a Cisco ISE appliance. The CA is requesting some information about the appliance in order to sign the new certificate.What must be done in order to provide the CA this information?
A. nstall the Root CA and intermediate C
B. enerate the CSR
C. ownload the intermediate server certificate
D. ownload the CA server certificate
View answer
Correct Answer: B

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: