300-715 Dumps 300-715 Braindumps 300-715 Real Questions 300-715 Practice Test 300-715 Actual Questions Cisco 300-715 Implementing and Configuring Cisco Identity Services Engine https://killexams.com/pass4sure/exam-detail/300-715 Question: 143 What is the purpose of the ip http server command on a switch? A . It enables the https server for users for web authentication B . It enables MAB authentication on the switch C . It enables the switch to redirect users for web authentication. D . It enables dot1x authentication on the switch. Answer: C Question: 144 What service can be enabled on the Cisco ISE node to identity the types of devices connecting to a network? A . MAB B . profiling C . posture D . central web authentication Answer: B Question: 145 In which two ways can users and endpoints be classified for TrustSec? (Choose two) A . VLAN B . SXP C . dynamic D . QoS E . SGACL Answer: AE Question: 146 If a user reports a device lost or stolen, which portal should be used to prevent the device from accessing the network while still providing information about why the device is blocked? A . Client Provisioning B . Guest C . BYOD D . Blacklist Answer: D Explanation: https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Borderless_Networks/Unified_Access/ BY OD_Design_Guide/Managing_Lost_or_Stolen_Device.html#90273 The Blacklist identity group is system generated and maintained by ISE to prevent access to lost or stolen devices. In this design guide, two authorization profiles are used to enforce the permissions for wireless and wired devices within the Blacklist: Blackhole WiFi Access Blackhole Wired Access Question: 147 Which Cisco ISE component intercepts HTTP and HTTPS requests and redirects them to the Guest User Portal? A . network access device B . Policy Service node C . Monitoring node D . Administration node Answer: A Question: 148 Which two features must be used on Cisco ISE to enable the TACACS. feature? (Choose two) A . Device Administration License B . Server Sequence C . Command Sets D . Device Admin Service E . External TACACS Servers Answer: E Question: 149 What gives Cisco ISE an option to scan endpoints for vulnerabilities? A . authorization policy B . authentication policy C . authentication profile D . authorization profile Answer: D Question: 150 Which supplicant(s) and server(s) are capable of supporting EAR-CHAINING? A . Cisco AnyConnect NAM and Cisco Identity Service Engine B . Cisco AnyConnect NAM and Cisco Access Control Server C . Cisco Secure Services Client and Cisco Access Control Server D . Windows Native Supplicant and Cisco Identity Service Engine Answer: A Question: 151 When configuring Active Directory groups, what does the Cisco ISE use to resolve ambiguous group names? A . MIB B . TGT C . OMAB D . SID Answer: D Question: 152 What are two components of the posture requirement when configuring Cisco ISE posture? (Choose two) A . updates B . remediation actions C . Client Provisioning portal D . conditions E . access policy Answer: BD Question: 153 Which interface-level command is needed to turn on 802 1X authentication? A . Dofl1x pae authenticator B . dot1x system-auth-control C . authentication host-mode single-host D . aaa server radius dynamic-author Answer: A Question: 154 Which two values are compared by the binary comparison function in authentication that is based on Active Directory? (Choose Two) A . subject alternative name and the common name B . MS-CHAFV2 provided machine credentials and credentials stored in Active Directory C . user-presented password hash and a hash stored in Active Directory D . user-presented certificate and a certificate stored in Active Directory Answer: AB Explanation: Basic certificate checking does not require an identity source. If you want binary comparison checking for the certificates, you must select an identity source. If you select Active Directory as an identity source, subject and common name and subject alternative name (all values) can be used to look up a user. https://www.cisco.com/c/en/us/td/docs/security/ise/1- 3/admin_guide/b_ise_admin_guide_13/b_ise_admin_guide_sample_chapter_01110.html Question: 155 During BYOD flow, from where does a Microsoft Windows PC download the Network Setup Assistant? A . Cisco App Store B . Microsoft App Store C . Cisco ISE directly D . Native OTA functionality Answer: A Question: 156 What does the dot1x system-auth-control command do? A . causes a network access switch not to track 802.1x sessions B . globally enables 802.1x C . enables 802.1x on a network access device interface D . causes a network access switch to track 802.1x sessions Answer: B Explanation: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/XE3-8-0E/15- 24E/configuration/guide/xe-380-configuration/dot1x.html Question: 157 What are two benefits of TACACS+ versus RADIUS for device administration? (Choose two) A . TACACS+ supports 802.1X, and RADIUS supports MAB B . TACACS+ uses UDP, and RADIUS uses TCP C . TACACS+ has command authorization, and RADIUS does not. D . TACACS+ provides the service type, and RADIUS does not E . TACACS+ encrypts the whole payload, and RADIUS encrypts only the password. Answer: CE Question: 158 Which two fields are available when creating an endpoint on the context visibility page of Cisco IS? (Choose two) A . Policy Assignment B . Endpoint Family C . Identity Group Assignment D . Security Group Tag E . IP Address

Answer: AC