300-715Free trialFree trial

By cisco
Aug, 2025

Verified

25Q per page

Question 1

Which personas can a Cisco ISE node assume?

  • A: policy service, gatekeeping, and monitoring
  • B: administration, monitoring, and gatekeeping
  • C: administration, policy service, and monitoring
  • D: administration, policy service, gatekeeping

Question 2

A network engineer must enforce access control using special tags, without re-engineering the network design.
Which feature should be configured to achieve this in a scalable manner?

  • A: RBAC
  • B: dACL
  • C: SGT
  • D: VLAN

Question 3

An engineer is configuring Cisco ISE and needs to dynamically identify the network endpoints and ensure that endpoint access is protected.
Which service should be used to accomplish this task?

  • A: guest access
  • B: profiling
  • C: posture
  • D: client provisioning

Question 4

A Cisco ISE server sends a CoA to a NAD after a user logs in successfully using CWA.
Which action does the CoA perform?

  • A: It terminates the client session.
  • B: It applies the downloadable ACL provided in the CoA.
  • C: It triggers the NAD to reauthenticate the client.
  • D: It applies new permissions provided in the CoA to the client session.

Question 5

A new employee just connected their workstation to a Cisco IP phone. The network administrator wants to ensure that the Cisco IP phone remains online when the user disconnects their workstation from the corporate network.
Which CoA configuration meets this requirement?

  • A: Reauth
  • B: Disconnect
  • C: No CoA
  • D: Port Bounce

Question 6

An organization is adding new profiling probes to the system to improve profiling on Cisco ISE. The probes must support a common network management protocol to receive information about the endpoints and the ports to which they are connected.
What must be configured on the network device to accomplish this goal?

  • A: ICMP
  • B: WCCP
  • C: ARP
  • D: SNMP

Question 7

An administrator is trying to collect metadata information about the traffic going across the network to gain added visibility into the hosts. This information will be used to create profiling policies for devices using Cisco ISE so that network access policies can be used.
What must be done to accomplish this task?

  • A: Configure the DHCP probe within Cisco ISE.
  • B: Configure NetFlow to be sent to the Cisco ISE appliance.
  • C: Configure the RADIUS profiling probe within Cisco ISE.
  • D: Configure SNMP to be used with the Cisco ISE appliance.

Question 8

There are several devices on a network that are considered critical and need to be placed into the ISE database and a policy used for them. The organization does not want to use profiling.
What must be done to accomplish this goal?

  • A: Enter the MAC address in the correct Endpoint Identity Group.
  • B: Enter the IP address in the correct Endpoint Identity Group.
  • C: Enter the IP address in the correct Logical Profile.
  • D: Enter the MAC address in the correct Logical Profile.

Question 9

An administrator is configuring a new profiling policy within Cisco ISE. The organization has several endpoints that are the same device type, and all have the same Block ID in their MAC address. The profiler does not currently have a profiling policy created to categorize these endpoints, therefore a custom profiling policy must be created.
Which condition must the administrator use in order to properly profile an ACME AI Connector endpoint for network access with MAC address 01:41:14:65:50:AB?

  • A: CDP_cdpCacheDeviceID_CONTAINS_<MAC ADDRESS>
  • B: MAC_MACAddress_CONTAINS_<MAC ADDRESS>
  • C: Radius_Called_Station-ID_STARTSWITH_<MAC ADDRESS>
  • D: MAC_OUI_STARTSWITH_<MAC ADDRESS>

Question 10

Users in an organization report issues about having to remember multiple usernames and passwords. The network administrator wants the existing Cisco ISE deployment to utilize an external identity source to alleviate this issue.
Which two requirements must be met to implement this change? (Choose two.)

  • A: Establish access to one Global Catalog server
  • B: Ensure that the NAT address is properly configured
  • C: Provide domain administrator access to Active Directory
  • D: Configure a secure LDAP connection
  • E: Enable IPC access over port 80

Question 11

What should be considered when configuring certificates for BYOD?

  • A: The SAN field is populated with the end user name.
  • B: The CN field is populated with the endpoint host name.
  • C: An endpoint certificate is mandatory for the Cisco ISE BYOD.
  • D: An Android endpoint uses EST, whereas other operating systems use SCEP for enrollment.

Question 12

A network engineer is configuring a network device that needs to filter traffic based on security group tags using a security policy on a routed interface.
Which command should be used to accomplish this task?

  • A: cts role-based policy priority-static
  • B: cts cache enable
  • C: cts authorization list
  • D: cts role-based enforcement

Question 13

During BYOD flow, where does a Microsoft Windows PC download the Network Setup Assistant?

  • A: Microsoft App Store
  • B: Cisco App Store
  • C: Cisco ISE directly
  • D: Native OTA functionality

Question 14

What allows an endpoint to obtain a digital certificate from Cisco ISE during a BYOD flow?

  • A: Application Visibility and Control
  • B: Supplicant Provisioning Wizard
  • C: My Devices Portal
  • D: Network Access Control

Question 15

Which two components are required for creating a Native Supplicant Profile within a BYOD flow? (Choose two.)

  • A: Redirect ACL
  • B: Connection Type
  • C: Operating System
  • D: Windows Settings
  • E: iOS Settings

Question 16

If a user reports a device lost or stolen, which portal should be used to prevent the device from accessing the network while still providing information about why the device is blocked?

  • A: Client Provisioning
  • B: BYOD
  • C: Guest
  • D: Block list

Question 17

An engineer is configuring a dedicated SSID for onboarding devices.
Which SSID type accomplishes this configuration?

  • A: hidden
  • B: guest
  • C: dual
  • D: broadcast

Question 18

An engineer is designing a BYOD environment utilizing Cisco ISE for devices that do not support native supplicants.
Which portal must the security engineer configure to accomplish this task?

  • A: BYOD
  • B: Client Provisioning
  • C: My Devices
  • D: MDM

Question 19

An employee logs on to the My Devices portal and marks a currently on-boarded device as Lost.
Which two actions occur within Cisco ISE as a result of this action? (Choose two.)

  • A: BYOD Registration status is updated to No.
  • B: BYOD Registration status is updated to Unknown.
  • C: The device access has been denied.
  • D: Certificates provisioned to the device are not revoked.
  • E: The device status is updated to Stolen.

Question 20

A network administrator is configuring a secondary Cisco ISE node from the backup configuration of the primary Cisco ISE node to create a high availability pair.
The Cisco ISE CA certificates and keys must be manually backed up from the primary Cisco ISE and copied into the secondary Cisco ISE.
Which command must be issued for this to work?

  • A: copy certificate ise
  • B: certificate configure ise
  • C: import certificate ise
  • D: application configure ise

Question 21

A network engineer has been tasked with enabling a switch to support standard web authentication for Cisco ISE. This must include the ability to provision for URL redirection on authentication.
Which two commands must be entered to meet this requirement? (Choose two.)

  • A: ip http secure-server
  • B: ip http authentication
  • C: ip http server
  • D: ip http redirection
  • E: ip http secure-authentication

Question 22

In a Cisco ISE split deployment model, which load is split between the nodes?

  • A: log collection
  • B: device admission
  • C: AAA
  • D: network admission

Question 23

A network administrator notices that after a company-wide shut down, many users cannot connect their laptops to the corporate SSID.
What must be done to permit access in a timely manner?

  • A: Connect this system as a guest user and then redirect the web auth protocol to log in to the network.
  • B: Allow authentication for expired certificates within the EAP-TLS section under the allowed protocols.
  • C: Add a certificate issue from the CA server, revoke the expired certificate, and add the new certificate in system.
  • D: Authenticate the user's system to the secondary Cisco ISE node and move this user to the primary with the renewed certificate.

Question 24

Which two endpoint compliance statuses are possible? (Choose two.)

  • A: compliant
  • B: valid
  • C: unknown
  • D: known
  • E: invalid

Question 25

Which two ports must be open between Cisco ISE and the client when you configure posture on Cisco ISE? (Choose two.)

  • A: TCP 80
  • B: TCP 8905
  • C: TCP 8443
  • D: TCP 8906
  • E: TCP 443
Page 1 of 14 • Questions 1-25 of 329
12345

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!