300-715Preview

Which CLI command must be configured on the switchport to immediately run the MAB process if a non-802 1X capable endpoint connects to the port?

The 300 GB OVA templates for VMs are sufficient for which two dedicated Cisco ISE node types? (Choose two.)

A network engineer has recently configured a remote branch router to authenticate to a centralized Cisco ISE server behind the corporate firewall using TACACS+. After making this configuration change, the engineer opened another SSH session to the router in order to verity that login attempts are now being sent to Cisco ISE, however that login attempt was unsuccessful. There are no connection attempts showing in the TACACS live log in Cisco ISE and the firewall administrator has verified that they see syslog and SNMP traffic destinated for the IP address of Cisco ISE, but no TACACS+ traffic. Which misconfiguration is the cause of the failed login?

Which two tasks must be completed when configuring the Cisco ISE BYOD Portal? (Choose two.)

An administrator is configuring posture assessment in Cisco ISE for the first time. Which two components must be uploaded to Cisco ISE to use Secure Client for the agent configuration in a client provisioning policy? (Choose two.)

An engineer configured posture assessment for their network access control with the goal of using an agent that supports using service conditions for the assessment. The agent should run as a background process to avoid user interruption, but the user can see it when it is run. What is the problem?

An engineer is deploying Cisco ISE to use 802.1X authentication for controlling access to the company's wired network. The request from company management is to minimize the impact on users during the rollout of 802.1X on the company switches. Which mode must be used first in a phased 802.1X deployment to fulfill this request?

An engineer must configure an HTTP probe on a Cisco ISE virtual appliance running on VMWare using a dedicated interface for profiling. The interface is assigned to the VM Network port group. The engineer is logged into the hypervisor with a user account that only provides access to the Cisco ISE VM and the network settings for the VM. Which security setting must be changed for this interface to accept SPAN traffic?

An administrator is configuring MAB and needs to create profiling policies to support devices that do not match the built-in profiles. Which two steps must the administrator take in order to use these new profiles in authorization policies? (Choose two.)

A network engineer responsible for the switching environment must provision a new switch to properly propagate security group tags within the TrustSec inline method. Which CLI command must the network engineer enter on the switch to globally enable the tagging of SGTs?

An administrator is configuring endpoint profiling and needs to enable CoA for devices that change profiles. Which two actions must be taken to accomplish this goal? (Choose two.)

A Cisco ISE administrator is setting up Central Web Authentication to be used for user endpoint authentication. The client cannot reach the guest portal to log in and gain access, but DNS is functioning properly and the guest portal is enabled. What else must be configured to gain access?

An administrator is configuring an AD domain to be used with authentication for endpoints and users within Cisco ISE. Which two steps are required to configure this to be used as an external identity store? (Choose two.)

A network engineer is attempting to terminate and reinitialize wireless user sessions individually by using the Live Sessions tab in Cisco ISE. Cisco ISE and the Cisco WLC are separated by a firewall. Which port must be allowed on the firewall so that the network engineer can perform this function from Cisco ISE?

A network engineer is configuring a new certificate template on the internal CA within Cisco ISE to provision certificates to BYOD devices that must be enrolled in the network. What must be configured in the SAN field of the certificate to identify the devices after enrollment?

An engineer is configuring a new Cisco ISE node. The Device Admin service must run on this node to handle authentication requests for network device access via TACACS+. Which persona must be enabled on this node to perform this function?

An engineer has been tasked with using Cisco ISE to restrict network access at the switchport level using 802.1X authentication. Users who fail 802.1X authentication should e redirected via web redirection and have their access restricted via an ACL. What must be configured in Cisco ISE to accomplish this task?

An engineer needs to create a Self-Registered Guest Portal in Cisco ISE in which guest users receive their passwords via SMS. Which two settings must be configured to accomplish this task? (Choose two.)

A client connects to a network and the authenticator device learns the MAC address 04:49:23:86:34:AB of this client. After the MAC address is learned, the 802.1 x authentication process begins on this port. Which ISE deployment mode restricts all traffic initially, applies a rule for access control if 802.1x authentication is successful, and can be configured to grant only limited access if 802.1 x authentication is unsuccessful?

Which two statements are correct regarding the differences between RADIUS and TACACS+? (Choose two.)

What is the difference between how RADIUS and TACACS+ handle encryption?

The security engineer for a company has recently deployed Cisco ISE to perform centralized authentication of all network device logins using TACACSs+ against the local AD domain. Some of the other network engineers are having a hard time remembering to enter their AD account password instead of the local admin password that they have used for years. The security engineer wants to change the password prompt to “Use Local AD Password:” as a way of providing a hint to the network engineers when logging in. Under which page in Cisco ISE would this change be made?

An organization has a SGACL locally configured on a switch port, but when a user in the Executives group connects to the network, they receive a different level of network access than expected. When Cisco ISE pushes SGACLs to the switch after the authorization phase, how does the switch decide which access to grant the user?

An administrator must enable scanning for specific endpoints when they attempt to access the network. The scanning must be triggered as a result of successful authentication. Which action accomplishes this task?