• Home
  • Articles
  • Certification Topics of 300-715 Exam PDF Recently Updated Questions [Q125-Q148]

Certification Topics of 300-715 Exam PDF Recently Updated Questions [Q125-Q148]

Share

Certification Topics of 300-715 Exam PDF Recently Updated Questions

300-715 Exam Prep Guide: Prep guide for the 300-715 Exam

NEW QUESTION # 125
Drag and Drop Question
An organization wants to implement 802.1X and is debating whether to use PEAP-MSCHAPv2 or PEAP-EAP-TLS for authentication. Drag the characteristics on the left to the corresponding protocol on the right.

Answer:

Explanation:


NEW QUESTION # 126
By default, which traffic does an 802.IX-enabled switch allow before authentication?

  • A. all traffic
  • B. traffic permitted in the port dACL on Cisco ISE
  • C. no traffic
  • D. traffic permitted in the default ACL on the switch

Answer: D


NEW QUESTION # 127
Which statement is not correct about the Cisco ISE Monitoring node?

  • A. The local collector buffers transport the collected data to designated Cisco ISE Monitoring nodes as syslog; once Monitoring nodes are globally defined via Administration, ISE nodes automatically send logs to one or both of the configured Monitoring nodes.
  • B. The local collector agent process runs only the Inline Posture node.
  • C. The local collector agent collects logs locally from itself and from any NAD that is configured to send logs to the Policy Service node.
  • D. Cisco ISE supports distributed log collection across all nodes to optimize local data collection, aggregation, and centralized correlation and storage.

Answer: B


NEW QUESTION # 128
Users in an organization report issues about having to remember multiple usernames and passwords. The network administrator wants the existing Cisco ISE deployment to utilize an external identity source to alleviate this issue. Which two requirements must be met to implement this change? (Choose two.)

  • A. Establish access to one Global Catalog server.
  • B. Ensure that the NAT address is properly configured
  • C. Provide domain administrator access to Active Directory.
  • D. Enable IPC access over port 80.
  • E. Configure a secure LDAP connection.

Answer: A,C


NEW QUESTION # 129
What is the purpose of the ip http server command on a switch?

  • A. It enables the switch to redirect users for web authentication.
  • B. It enables the https server for users for web authentication
  • C. It enables dot1x authentication on the switch.
  • D. It enables MAB authentication on the switch

Answer: A


NEW QUESTION # 130
Which personas can a Cisco ISE node assume?

  • A. administration, policy service, and monitoring
  • B. administration, policy service, gatekeeping
  • C. policy service, gatekeeping, and monitonng
  • D. administration, monitoring, and gatekeeping

Answer: A

Explanation:
https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_dis_deploy.html The persona or personas of a node determine the services provided by a node. An ISE node can assume any or all of the following personas: Administration, Policy Service, and Monitoring. The menu options that are available through the administrative user interface are dependent on the role and personas that an ISE node assumes. See Cisco ISE Nodes and Available Menu Options for more information.


NEW QUESTION # 131
An engineer is working on a switch and must tag packets with SGT values such that it learns via SXP. Which command must be entered to meet this requirement?

  • A. ip source guard
  • B. ip dhcp snooping
  • C. ip arp inspection
  • D. ip device tracking maximum

Answer: D

Explanation:
The ip device tracking maximum command is used to configure the maximum number of IP-to-SGT bindings that can be learned via SXP on a switch1. This command also enables the switch to tag packets with SGT values based on the bindings learned from SXP peers. The other commands are not related to SGT tagging or SXP learning.


NEW QUESTION # 132
A network engineer must configure a centralized Cisco ISE solution for wireless guest access with users in different time zones. The guest account activation time must be independent of the user time zone, and the guest account must be enabled automatically when the user self- registers on the guest portal. Which option in the time profile settings must be selected to meet the requirement?

  • A. Set the Maximum Account Duration to 1 Day.
  • B. Select FromCreation from the Account Type dropdown.
  • C. Set the Duration field to 24:00:00.
  • D. Select FromFirstLogin from the Account Type dropdown.

Answer: D


NEW QUESTION # 133
Refer to the exhibit.

A network engineers configuring the switch to accept downloadable ACLs from a Cisco ISC server Which two commands should be run to complete the configuration? (Choose two)

  • A. dot1x system-auth-control
  • B. radius-server attribute 8 include-in-access-req
  • C. radius server vsa sand authentication
  • D. aaa authorization auth-proxy default group radius
  • E. ip device tracking

Answer: C,E


NEW QUESTION # 134
An engineer is configuring static SGT classification. Which configuration should be used when authentication is disabled and third-party switches are in use?

  • A. L3IF to SGT mapping
  • B. VLAN to SGT mapping
  • C. Subnet to SGT mapping
  • D. IP Address to SGT mapping

Answer: D

Explanation:
The method of sending out IP to SGT mappings from ISE is particularly useful if the access switch does not support TrustSec.
https://community.cisco.com/t5/security-knowledge-base/segmentation-strategy/ta-p/3757424


NEW QUESTION # 135
What is a characteristic of the UDP protocol?

  • A. UDP can detect when a server is slow
  • B. UDP can detect when a server is down.
  • C. UDP offers information about a non-existent server
  • D. UDP offers best-effort delivery

Answer: D

Explanation:
Reference:
https://www.cisco.com/c/en/us/support/docs/security-vpn/remote-authentication-dial-user-service-radius/13838-10.html


NEW QUESTION # 136
A network engineer is configuring a network device that needs to filter traffic based on security group tags using a security policy on a routed into this task?

  • A. cts role-based policy priority-static
  • B. cts cache enable
  • C. cts authorization list
  • D. cts role-based enforcement

Answer: D


NEW QUESTION # 137
What occurs when a Cisco ISE distributed deployment has two nodes and the secondary node is deregistered?

  • A. The secondary node restarts.
  • B. The primary node restarts
  • C. Both nodes restart.
  • D. The primary node becomes standalone

Answer: C

Explanation:
https://www.cisco.com/c/en/us/td/docs/security/ise/1-1-1/installation_guide/ise_install_guide/ise_deploy.html if your deployment has two nodes and you deregister the secondary node, both nodes in this primary-secondary pair are restarted. (The former primary and secondary nodes become standalone.)


NEW QUESTION # 138
How is policy services node redundancy achieved in a deployment?

  • A. by utilizing RADIUS server list on the NAD
  • B. by creating a node group
  • C. by deploying both primary and secondary node
  • D. by enabling VIP

Answer: C

Explanation:
Explanation
https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/Workflow/b_deployment_2_4.html


NEW QUESTION # 139
When configuring Active Directory groups, what does the Cisco ISE use to resolve ambiguous group names?

  • A. OMAB
  • B. MIB
  • C. SID
  • D. TGT

Answer: C


NEW QUESTION # 140
Which Cisco ISE service allows an engineer to check the compliance of endpoints before connecting to the network?

  • A. personas
  • B. posture
  • C. qualys
  • D. nexpose

Answer: B

Explanation:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_010110.html Posture is a service in Cisco Identity Services Engine (Cisco ISE) that allows you to check the state, also known as posture, of all the endpoints that are connecting to a network for compliance with corporate security policies. This allows you to control clients to access protected areas of a network.


NEW QUESTION # 141
An engineer needs to export a file in CSV format, encrypted with the password C1$c0438563935, and contains users currently configured in Cisco ISE. Drag and drop the steps from the left into the sequence on the right to complete this task.

Answer:

Explanation:


NEW QUESTION # 142
Which RADIUS attribute is used to dynamically assign the Inactivity active timer for MAB users from the Cisco ISE node?

  • A. idle timeout
  • B. radius-server timeout
  • C. session timeout
  • D. termination-action

Answer: A

Explanation:
When the inactivity timer is enabled, the switch monitors the activity from authenticated endpoints. When the inactivity timer expires, the switch removes the authenticated session. The inactivity timer for MAB can be statically configured on the switch port, or it can be dynamically assigned using the RADIUS Idle-Timeout attribute


NEW QUESTION # 143
What is a function of client provisioning?

  • A. Client provisioning checks the existence, date, and versions of the file on a client.
  • B. Client provisioning ensures an application process is running on the endpoint.
  • C. Client provisioning ensures that endpoints receive the appropriate posture agents.
  • D. Client provisioning checks a dictionary attribute with a value.

Answer: C

Explanation:
https://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_client_prov.html#:~:text=After%20Cisco%20ISE%20classifies%20a,packages%20and%20profiles%2C%20if%20necessary.


NEW QUESTION # 144
Which two actions occur when a Cisco ISE server device administrator logs in to a device? (Choose two)

  • A. The Cisco ISE server queries the internal identity store
  • B. The device queries the external identity store
  • C. The Cisco ISE server queries the external identity store.
  • D. The device queries the internal identity store
  • E. The device queries the Cisco ISE authorization server

Answer: C,E


NEW QUESTION # 145
Which two responses from the RADIUS server to NAS are valid during the authentication process? (Choose two )

  • A. access-challenge
  • B. access-request
  • C. access-response
  • D. access-reserved
  • E. access-accept

Answer: A,D


NEW QUESTION # 146
Refer to the exhibit:

Which command is typed within the CU of a switch to view the troubleshooting output?

  • A. show authentication sessions method
  • B. show authentication sessions mac 000e.84af.59af details
  • C. show authentication registrations
  • D. show authentication interface gigabitethemet2/0/36

Answer: D


NEW QUESTION # 147
An engineer needs to configure a compliance policy on Cisco ISE to ensure that the latest encryption software is running on the C drive of all endpoints. Drag and drop the configuration steps from the left into the sequence on the right to accomplish this task.

Answer:

Explanation:


NEW QUESTION # 148
......

2024 New Preparation Guide of Cisco 300-715 Exam: https://www.pass4sures.top/CCNPSecurity/300-715-testking-braindumps.html

300-715 Practice Exam - 347 Unique Questions: https://drive.google.com/open?id=1zrA0aES4Bng_EAuKxUJ1P7HkIGqI_7r-

Related Articles

more
Cisco 300-715 Certification Practice Exam