Is the 300-715 practice exam free?

Yes. ExamCademy offers all 375 300-715 practice questions for free with a registered account. No payment needed. Optional supporter features add AI explanations and spaced repetition study tools.

How accurate are the 300-715 practice questions?

All 300-715 questions are community-created and reviewed by moderators to align with Cisco's published exam objectives. The community continuously reports and fixes issues to keep content accurate and up to date.

How should I study for the 300-715 exam?

Start by browsing practice questions to identify weak areas. Use spaced repetition (Learn Mode) to focus study time on topics you struggle with. Combine practice questions with official Cisco documentation and hands-on experience for best results.

300-715 Practice Exam — Free 375+ Questions

375Practice Questions

3Study Modes

FreeTo Get Started

Topic:Sort:

Question 1

Architecture and Deployment

Question 2

Network Access Device Administration

Question 3

Architecture and Deployment

Question 4

Network Access Device Administration

Question 5

BYOD

Question 6

Endpoint Compliance

Question 7

Endpoint Compliance

Question 8

Architecture and Deployment

Question 9

Profiler

Question 10

Profiler

Question 11

Network Access Device Administration

Question 12

Profiler

Question 13

Web Auth and Guest Services

Question 14

Architecture and Deployment

Question 15

Network Access Device Administration

Question 16

BYOD

Question 17

Network Access Device Administration

Question 18

Web Auth and Guest Services

Question 19

Web Auth and Guest Services

Question 20

Policy Enforcement

Question 21

Network Access Device Administration

Question 22

Network Access Device Administration

Question 23

Network Access Device Administration

Question 24

Policy Enforcement

Question 25

Network Access Device Administration

Page 1 of 15 • Questions 1-25 of 375

1 2 3 4 5

→

Know a question that should be here? Contribute to this exam

Which two statements regarding Zero Touch Provisioning (ZTP) on Cisco ISE are correct? (Choose two.)

A All passwords must be encrypted in the configuration file
B ZTP cannot be used if ICMP is blocked
C ZTP is only supported on VMWare
D ZTP is only supported on virtual appliances
E Linux is required to create the configuration image

Which CLI command must be configured on the switchport to immediately run the MAB process if a non-802 1X capable endpoint connects to the port?

A authentication order mab dot1x
B dot1x pae authenticator
C authentication fallback
D access-session port-control auto

The 300 GB OVA templates for VMs are sufficient for which two dedicated Cisco ISE node types? (Choose two.)

A Administration
B Log Collector
C pxGrid
D Policy Service
E Monitoring

A network engineer has recently configured a remote branch router to authenticate to a centralized Cisco ISE server behind the corporate firewall using TACACS+. After making this configuration change, the engineer opened another SSH session to the router in order to verity that login attempts are now being sent to Cisco ISE, however that login attempt was unsuccessful. There are no connection attempts showing in the TACACS live log in Cisco ISE and the firewall administrator has verified that they see syslog and SNMP traffic destinated for the IP address of Cisco ISE, but no TACACS+ traffic. Which misconfiguration is the cause of the failed login?

A The router is missing a route to the Cisco ISE server.
B The tacacs source-interface command on the router references the wrong interface.
C No hosts have been defined under the aaa server group on the router.
D The shared secret entered on the router for the Cisco ISE server is incorrect.

Which two tasks must be completed when configuring the Cisco ISE BYOD Portal? (Choose two.)

A Enable policy services.
B Create endpoint identity groups.
C Customize device portal.
D Provision external identity sources.
E Deploy client provisioning portal.

An administrator is configuring posture assessment in Cisco ISE for the first time. Which two components must be uploaded to Cisco ISE to use Secure Client for the agent configuration in a client provisioning policy? (Choose two.)

A SecureClientProtie.xsd file
B Secure Client compliance module
C Secure Client agent image
D SecureClientProfie.xml file
E Secure Client network visibility module

An engineer configured posture assessment for their network access control with the goal of using an agent that supports using service conditions for the assessment. The agent should run as a background process to avoid user interruption, but the user can see it when it is run. What is the problem?

A The selected posture agent does not support the engineer's goal.
B The posture module was deployed using the headend instead of installing it with SCCM.
C The proper permissions were not given to the temporal agent to conduct the assessment.
D The user required remediation so the agent appeared in the notifications.

An engineer is deploying Cisco ISE to use 802.1X authentication for controlling access to the company's wired network. The request from company management is to minimize the impact on users during the rollout of 802.1X on the company switches. Which mode must be used first in a phased 802.1X deployment to fulfill this request?

A Monitor
B Open
C Low-impact
D Closed

An engineer must configure an HTTP probe on a Cisco ISE virtual appliance running on VMWare using a dedicated interface for profiling. The interface is assigned to the VM Network port group. The engineer is logged into the hypervisor with a user account that only provides access to the Cisco ISE VM and the network settings for the VM. Which security setting must be changed for this interface to accept SPAN traffic?

A Set Promiscuous mode to inherit from vSwitch in the Port Group properties.
B Set Promiscuous mode to inherit from Port Group in the vSwitch properties.
C Set Promiscuous mode to Accept in the Port Group properties.
D Set Promiscuous mode to Accept in the vSwitch properties.

An administrator is configuring MAB and needs to create profiling policies to support devices that do not match the built-in profiles. Which two steps must the administrator take in order to use these new profiles in authorization policies? (Choose two.)

A Edit the authorization policy to give the profiles as a result of the authentication and authorization results
B Use the profiling policies as the matching conditions in each authorization policy
C Modify the endpoint identity group to feed the profiling policies into and match the parent group in the policy
D Configure the profiling policy to make a matching identity group and use the group in the authorization policy
E Feed the profiling policies into a logical profile and use the logical profile in the authorization policy

A network engineer responsible for the switching environment must provision a new switch to properly propagate security group tags within the TrustSec inline method. Which CLI command must the network engineer enter on the switch to globally enable the tagging of SGTs?

A cts sxp enable
B cts manual
C cts role-based sgt-map
D cts role-based enforcement

An administrator is configuring endpoint profiling and needs to enable CoA for devices that change profiles. Which two actions must be taken to accomplish this goal? (Choose two.)

A Ensure that the firewall is not blocking port 1700
B Define "reauth" in the default CoA action to be used
C Use an API to detect when profile changes occur and send instructions to ISE to provide a CoA
D Modify the RADIUS endpoint attribute filters to send CoA actions as the profiles change
E Enable the CoA policy and create rules for each type

A Cisco ISE administrator is setting up Central Web Authentication to be used for user endpoint authentication. The client cannot reach the guest portal to log in and gain access, but DNS is functioning properly and the guest portal is enabled. What else must be configured to gain access?

A Allow port TCP/8443 on the firewall.
B Configure HTTP to HTTPS redirection.
C Configure the guest portal to listen on TCP/8443.
D Allow redirection from any client IP range.

An administrator is configuring an AD domain to be used with authentication for endpoints and users within Cisco ISE. Which two steps are required to configure this to be used as an external identity store? (Choose two.)

A Add an Authentication Joint Point.
B Configure Authentication Domains.
C Configure Active Directory Schema.
D Configure Active Directory Domains.
E Add an Active Directory Join Point.

A network engineer is attempting to terminate and reinitialize wireless user sessions individually by using the Live Sessions tab in Cisco ISE. Cisco ISE and the Cisco WLC are separated by a firewall. Which port must be allowed on the firewall so that the network engineer can perform this function from Cisco ISE?

A TCP port 8443
B UDP port 5246
C UDP port 1700
D TCP port 3791

A network engineer is configuring a new certificate template on the internal CA within Cisco ISE to provision certificates to BYOD devices that must be enrolled in the network. What must be configured in the SAN field of the certificate to identify the devices after enrollment?

A MAC address
B email address
C user principal name
D common name

An engineer is configuring a new Cisco ISE node. The Device Admin service must run on this node to handle authentication requests for network device access via TACACS+. Which persona must be enabled on this node to perform this function?

A pxGrid
B Administration
C Policy Service
D Monitoring

An engineer has been tasked with using Cisco ISE to restrict network access at the switchport level using 802.1X authentication. Users who fail 802.1X authentication should e redirected via web redirection and have their access restricted via an ACL. What must be configured in Cisco ISE to accomplish this task?

A an authorization profile
B an authorization rule
C an authentication policy
D an authentication profile

An engineer needs to create a Self-Registered Guest Portal in Cisco ISE in which guest users receive their passwords via SMS. Which two settings must be configured to accomplish this task? (Choose two.)

A Choose the SMS provider previously configured as a SMS gateway under the Registration Form Settings.
B Select SMS for the Send Credential upon notification setting under Registration Form Settings.
C Choose the SMS provider previously configured as a SMS gateway under Device Registration Settings.
D Select Allow employees to use personal devices and SMS for notifications under BYOD.
E Select SMS for the Send Credential upon notification setting under the Login Page Settings.

A client connects to a network and the authenticator device learns the MAC address 04:49:23:86:34:AB of this client. After the MAC address is learned, the 802.1 x authentication process begins on this port. Which ISE deployment mode restricts all traffic initially, applies a rule for access control if 802.1x authentication is successful, and can be configured to grant only limited access if 802.1 x authentication is unsuccessful?

A open mode
B monitor mode
C closed mode
D low-impact mode

Which two statements are correct regarding the differences between RADIUS and TACACS+? (Choose two.)

A RADIUS encrypts the entire packet, whereas TACACS+ only encrypts the password field.
B RADIUS primary use is for network access, whereas TACACS+ primary use is for device administration.
C RADIUS combines the authentication and authorization functions, whereas TACACS+ separates them.
D RADIUS uses TCP as the transmission protocol, whereas TACACS+ uses both UDP and TCP protocols.
E RADIUS supports full command logging, whereas TACACS+ does not provide any command logging.

What is the difference between how RADIUS and TACACS+ handle encryption?

A RADIUS encrypts only the username and password fields, whereas TACACS+ encrypts the entire packet.
B RADIUS only encrypts the password field, whereas TACACS+ encrypts the entire packet.
C RADIUS encrypts the entire packet, whereas TACACS+ encrypts only the username and password fields.
D RADIUS encrypts the entire packet, whereas TACACS+ only encrypts the password field.

The security engineer for a company has recently deployed Cisco ISE to perform centralized authentication of all network device logins using TACACSs+ against the local AD domain. Some of the other network engineers are having a hard time remembering to enter their AD account password instead of the local admin password that they have used for years. The security engineer wants to change the password prompt to “Use Local AD Password:” as a way of providing a hint to the network engineers when logging in. Under which page in Cisco ISE would this change be made?

A Work Centers> Device Administration Ext Id Sources>Advanced Settings
B The password prompt cannot be changed on a Cisco IOS device
C Work Centers> Device Administration> Network Resources> Network Devices
D Work Centers> Device Administration> Settings> Connection Settings

An organization has a SGACL locally configured on a switch port, but when a user in the Executives group connects to the network, they receive a different level of network access than expected. When Cisco ISE pushes SGACLs to the switch after the authorization phase, how does the switch decide which access to grant the user?

A Dynamically downloaded policies override local policies in all cases.
B Local policies override dynamically downloaded policies in all cases.
C The policies are merged, but local policies receive priority.
D The policies are merged, but dynamically downloaded policies receive priority.

An administrator must enable scanning for specific endpoints when they attempt to access the network. The scanning must be triggered as a result of successful authentication. Which action accomplishes this task?

A Modify the authorization policy to send init_endpoint_scan as a result to the authenticator.
B Create an authorization profile with scanning enabled and add it to the authorization policy that the endpoints will hit.
C Add an entry in the authentication conditions to allow only scanned endpoints access, then redirect everything else to the portal to initiate the scan.
D Configure the endpoint scanning probe to profile the endpoint correctly and assign it a risk score.

300-715Preview

About the 300-715 Exam

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Question 16

Question 17

Question 18

Question 19

Question 20

Question 21

Question 22

Question 23

Question 24

Question 25

300-715Preview

About the 300-715 Exam

Mode Selection

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Question 16

Question 17

Question 18

Question 19

Question 20

Question 21

Question 22

Question 23

Question 24

Question 25