Implementing and Configuring Cisco Identity Services Engine (300-715 SISE) v1.0 (300-715)

Page:    1 / 13   
Total 194 questions

An organization has a fully distributed Cisco ISE deployment. When implementing probes, an administrator must scan for unknown endpoints to learn the IP-to-
MAC address bindings. The scan is complete on one PSN, but the information is not available on the others.
What must be done to make the information available?

  • A. Cisco ISE must be configured to learn the IP-MAC binding of unknown endpoints via RADIUS authentication, not via scanning.
  • B. Cisco ISE must learn the IP-MAC binding of unknown endpoints via DHCP profiling, not via scanning.
  • C. Scanning must be initiated from the MnT node to centrally gather the information.
  • D. Scanning must be initiated from the PSN that last authenticated the endpoint.


Answer : B

Reference:
https://community.cisco.com/t5/security-documents/ise-profiling-design-guide/ta-p/3739456

An administrator is configuring a switch port for use with 802.1X.
What must be done so that the port will allow voice and multiple data endpoints?

  • A. Connect a hub to the switch port to allow multiple devices access after authentication.
  • B. Configure the port with the authentication host-mode multi-auth command.
  • C. Connect the data devices to the port, then attach the phone behind them.
  • D. Use the command authentication host-mode multi-domain on the port.


Answer : B

Reference:
https://networklessons.com/cisco/ccie-routing-switching-written/mac-authentication-bypass-mab

An administrator is troubleshooting an endpoint that is supposed to bypass 802.1X and use MAB. The endpoint is bypassing 802.1X and successfully getting network access using MAB, however the endpoint cannot communicate because it cannot obtain an IP address.
What is the problem?

  • A. The endpoint is using the wrong protocol to authenticate with Cisco ISE.
  • B. The 802.1X timeout period is too long.
  • C. The DHCP probe for Cisco ISE is not working as expected.
  • D. An ACL on the port is blocking HTTP traffic.


Answer : B

A Cisco ISE administrator must restrict specific endpoints from accessing the network while in closed mode. The requirement is to have Cisco ISE centrally store the endpoints to restrict access from.
What must be done to accomplish this task?

  • A. Create a profiling policy for each endpoint with the cdpCacheDeviceId attribute.
  • B. Create a logical profile for each device's profile policy and block that via authorization policies.
  • C. Add each MAC address manually to a blocklist identity group and create a policy denying access.
  • D. Add each IP address to a policy denying access.


Answer : B

An engineer is using profiling to determine what access an endpoint must receive. After configuring both Cisco ISE and the network devices for 802.1X and profiling, the endpoints do not profile prior to authentication.
What are two reasons this is happening? (Choose two.)

  • A. Closed mode is restricting the collection of the attributes prior to authentication.
  • B. The HTTP probe is malfunctioning due to closed mode being enabled.
  • C. The SNMP probe is not enabled.
  • D. NetFlow is not enable on the switch, so the attributes will not be collected.
  • E. The switch is collecting the attributes via RADIUS but the probes are not sending them.


Answer : CE

Which two external identity stores support EAP-TLS and PEAP-TLS? (Choose two.)

  • A. RSA SecurID
  • B. RADIUS Token
  • C. Active Directory
  • D. Internal Database
  • E. LDAP


Answer : CE

Reference:
https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/214975-configure-eap-tls-authentication-with-is.html

An engineer deploys Cisco ISE and must configure Active Directory to then use information from Active Directory in an authorization policy.
Which two components must be configured, in addition to Active Directory groups, to achieve this goal? (Choose two.)

  • A. Identity Source Sequences
  • B. LDAP External Identity Sources
  • C. Active Directory External Identity Sources
  • D. Library Condition for Identity Group: User Identity Group
  • E. Library Condition for External Identity: External Groups


Answer : AC

Which deployment mode allows for one or more policy service nodes to be used for session failover?

  • A. centralized
  • B. secondary
  • C. standalone
  • D. distributed


Answer : D

A network administrator has just added a front desk receptionist account to the Cisco ISE Guest Service sponsor group.
Using the Cisco ISE Guest Sponsor Portal, which guest services can the receptionist provide?

  • A. Keep track of guest user activities.
  • B. Create and manage guest user accounts.
  • C. Configure authorization settings for guest users.
  • D. Authenticate guest users to Cisco ISE.


Answer : B

What is needed to configure wireless guest access on the network?

  • A. endpoint already profiled in ISE
  • B. WEBAUTH ACL for redirection
  • C. Captive Portal Bypass turned on
  • D. valid user account in Active Directory


Answer : C

Which two methods should a sponsor select to create bulk guest accounts from the sponsor portal? (Choose two.)

  • A. Known
  • B. Monthly
  • C. Daily
  • D. Imported
  • E. Random


Answer : AE

Reference:
https://www.cisco.com/c/en/us/td/docs/security/ise/1-3/sponsor_guide/b_spons_SponsorPortalUserGuide_13/ b_spons_SponsorPortalUserGuide_13_chapter_01.html

What is a valid guest portal type?

  • A. Sponsor
  • B. Sponsored-Guest
  • C. Captive-Guest
  • D. My Devices


Answer : B

Reference:
https://www.cisco.com/c/en/us/td/docs/security/ise/1-3/admin_guide/b_ise_admin_guide_13/b_ise_admin_guide_sample_chapter_01111.html

What is the purpose of the ip http server command on a switch?

  • A. It enables the https server for users for web authentication.
  • B. It enables dot1x authentication on the switch.
  • C. It enables MAB authentication on the switch.
  • D. It enables the switch to redirect users for web authentication.


Answer : C

Which advanced option within a WLAN must be enabled to trigger Central Web Authentication for Wireless users on AireOS controller?

  • A. DHCP server
  • B. override Interface ACL
  • C. static IP tunneling
  • D. AAA override


Answer : D

Reference:
https://www.cisco.com/c/en/us/td/docs/wireless/controller/7-4/configuration/guides/consolidated/b_cg74_CONSOLIDATED/ b_cg74_CONSOLIDATED_chapter_010110111.html

Which configuration is required in the Cisco ISE authentication policy to allow Central Web Authentication?

  • A. MAB and if user not found, continue
  • B. MAB and if authentication failed, continue
  • C. Dot1x and if authentication failed, continue
  • D. Dot1x and if user not found, continue


Answer : A

Page:    1 / 13   
Total 194 questions