Is this exam completely free?

Examcademy offers a free preview for every exam, covering around 20% of the total questions. Full access is available with a paid upgrade.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! Examcademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our mock exams are built and reviewed with the help of AI and community contributions, staying aligned with real-world exam objectives.

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!

300-715Free trial

By cisco

Verified

25Q per page

Question 26

What are two components of the posture requirement when configuring Cisco ISE posture? (Choose two.)

A: Client Provisioning portal
B: remediation actions
C: updates
D: access policy
E: conditions

—

Question 27

Which term refers to an endpoint agent that tries to join an 802.1X-enabled network?

A: EAP server
B: authenticator
C: supplicant
D: client

—

Question 28

Which port does Cisco ISE use for native supplicant provisioning of a Windows laptop?

A: TCP 8905
B: TCP 8909
C: TCP 443
D: UDP 1812

—

Question 29

What must match between Cisco ISE and the network access device to successfully authenticate endpoints?

A: shared secret
B: profile
C: certificate
D: SNMP version

—

Question 30

What is the deployment mode when two Cisco ISE nodes are configured in an environment?

A: standalone
B: distributed
C: standard
D: active

—

Question 31

When planning for the deployment of Cisco ISE, an organization's security policy dictates that they must use network access authentication via RADIUS. It also states that the deployment needs to provide an adequate amount of security and visibility for the hosts on the network.
Why should the engineer configure MAB in this situation?

A: The Cisco switches only support MAB.
B: MAB provides the strongest form of authentication available.
C: MAB provides user authentication.
D: The devices in the network do not have a supplicant.

—

Question 32

An organization is implementing Cisco ISE posture services and must ensure that a host-based firewall is in place on every Windows and Mac computer that attempts to access the network. They have multiple vendors' firewall applications for their devices, so the engineers creating the policies are unable to use a specific application check in order to validate the posture for this.
What should be done to enable this type of posture check?

A: Enable the default application condition to identify the applications installed and validate the firewall app.
B: Enable the default firewall condition to check for any vendor firewall application.
C: Use a compound condition to look for the Windows or Mac native firewall applications.
D: Use the file registry condition to ensure that the firewall is installed and running appropriately.

—

Question 33

An administrator is configuring posture with Cisco ISE and wants to check that specific services are present on the workstations that are attempting to access the network.
What must be configured to accomplish this goal?

A: Create a compound posture condition using a OPSWAT API version.
B: Create an application posture condition using a OPSWAT API version.
C: Create a registry posture condition using a non-OPSWAT API version.
D: Create a service posture condition using a non-OPSWAT API version.

—

Question 34

A network administrator must use Cisco ISE to check whether endpoints have the correct version of antivirus installed.
Which action must be taken to allow this capability?

A: Create a Cisco AnyConnect Network Visibility Module configuration profile to send the antivirus information of the endpoints to Cisco ISE.
B: Configure Cisco ISE to push the HostScan package to the endpoints to check for the antivirus version.
C: Configure a native supplicant profile to be used for checking the antivirus version.
D: Create a Cisco AnyConnect configuration within Cisco ISE for the Compliance Module and associated configuration files.

—

Question 35

MacOS users are complaining about having to read through wordy instructions when remediating their workstations to gain access to the network.
Which alternate method should be used to tell users how to remediate?

A: file distribution
B: executable
C: message text
D: URL link

—

Question 36

An engineer tests Cisco ISE posture services on the network and must configure the compliance module to automatically download and install on endpoints.
Which action accomplishes this task for VPN users?

A: Push the compliance module from Cisco FTD prior to attempting posture.
B: Use a compound posture condition to check for the compliance module and download, if needed.
C: Configure the compliance module to be downloaded from within the posture policy.
D: Create a Cisco AnyConnect configuration and Client Provisioning policy within Cisco ISE.

—

Question 37

A network administrator is configuring client provisioning resource policies for client machines and must ensure that an agent pop-up is presented to the client when attempting to connect to the network.
Which configuration item needs to be added to allow for this?

A: a temporal agent that gets installed onto the system
B: a remote posture agent proxying the network connection
C: the client provisioning URL in the authorization policy
D: an API connection back to the client

—

Question 38

An employee must access the internet through the corporate network from a new mobile device that does not support native supplicant provisioning provided by
Cisco ISE.
Which portal must the employee use to provision to the device?

A: My Devices
B: BYOD
C: Personal Device
D: Client Provisioning

—

Question 39

Which two task types are included in the Cisco ISE common tasks support for TACACS+ profiles? (Choose two.)

A: ASA
B: Firepower
C: Shell
D: WLC
E: IOS

—

Question 40

An engineer is testing Cisco ISE policies in a lab environment with no support for a deployment server. In order to push supplicant profiles to the workstations for testing, firewall ports will need to be opened.
From which Cisco ISE persona should this traffic be originating?

A: administration
B: authentication
C: policy service
D: monitoring

—

Question 41

What are two benefits of TACACS+ versus RADIUS for device administration? (Choose two.)

A: TACACS+ has command authorization, and RADIUS does not.
B: TACACS+ uses UDP, and RADIUS uses TCP.
C: TACACS+ supports 802.1X, and RADIUS supports MAB.
D: TACACS+ provides the service type, and RADIUS does not.
E: TACACS+ encrypts the whole payload, and RADIUS encrypts only the password.

—

Question 42

Which two features must be used on Cisco ISE to enable the TACACS+ feature? (Choose two.)

A: Command Sets
B: Server Sequence
C: Device Administration License
D: External TACACS Servers
E: Device Admin Service

—

Question 43

Which are two characteristics of TACACS+? (Choose two.)

A: It separates authorization and authentication functions.
B: It combines authorization and authentication functions.
C: It uses UDP port 49.
D: It encrypts the password only.
E: It uses TCP port 49.

—

Question 44

A user reports that the RADIUS accounting packets are not being seen on the Cisco ISE server.
Which command is the user missing in the switch's configuration?

A: aaa accounting resource default start-stop group radius
B: radius-server vsa send accounting
C: aaa accounting network default start-stop group radius
D: aaa accounting exec default start-stop group radius

—

Question 45

Which two responses from the RADIUS server to NAS are valid during the authentication process? (Choose two.)

A: access-challenge
B: access-accept
C: access-request
D: access-reserved
E: access-response

—

Question 46

What is a characteristic of the UDP protocol?

A: UDP can detect when a server is down.
B: UDP can detect when a server is slow.
C: UDP offers best-effort delivery.
D: UDP offers information about a non-existent server.

—

Question 47

Refer to the exhibit.

A network engineer is configuring the switch to accept downloadable ACLs from a Cisco ISE server.
Which two commands should be run to complete the configuration? (Choose two.)

A: radius-server attribute 8 include-in-access-req
B: ip device tracking
C: dot1x system-auth-control
D: radius server vsa send authentication
E: aaa authorization auth-proxy default group radius

—

Question 48

DRAG DROP -
Drag and drop the description from the left onto the protocol on the right that is used to carry out system authentication, authorization, and accounting.
Select and Place:

—

Question 49

An administrator is configuring Cisco ISE to authenticate users logging into network devices using TACACS+. The administrator is not seeing any of the authentication in the TACACS+ live logs.
Which action ensures the users are able to log into the network devices?

A: Enable the device administration service in the PSN persona.
B: Enable the device administration service in the Administration persona.
C: Enable the session services in the Administration persona.
D: Enable the service sessions in the PSN persona.

—

Question 50

Refer to the exhibit. An engineer is creating a new TACACS+ command set and cannot use any show commands after logging into the device with this command set authorization.
Which configuration is causing this issue?

A: The command set is allowing all commands that are not in the command list.
B: The wildcard command listed is in the wrong format.
C: The command set is working like an ACL and denying every command.
D: Question marks are not allowed as wildcards for command sets.

—

Page 2 of 14 • Questions 26-50 of 329

←

1 2 3 4 5

→

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!