Is this exam completely free?

Examcademy offers a free preview for every exam, covering around 20% of the total questions. Full access is available with a paid upgrade.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! Examcademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our mock exams are built and reviewed with the help of AI and community contributions, staying aligned with real-world exam objectives.

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!

300-715Free trial

By cisco

Verified

25Q per page

Question 51

What does a fully distributed Cisco ISE deployment include?

A: PAN and MnT on the same node while PSNs are on their own dedicated nodes.
B: All Cisco ISE personas are sharing the same node.
C: All Cisco ISE personas on their own dedicated nodes.
D: PAN and PSN on the same node while MnTs are on their own dedicated nodes.

—

Question 52

An administrator is migrating device administration access to Cisco ISE from the legacy TACACS+ solution that used only privilege 1 and 15 access levels. The organization requires more granular controls of the privileges and wants to customize access levels 2-5 to correspond with different roles and access needs.
Besides defining a new shell profile in Cisco ISE, what must be done to accomplish this configuration?

A: Enable the privilege levels in Cisco ISE.
B: Enable the privilege levels in the IOS devices.
C: Define the command privileges for levels 2-5 in Cisco ISE.
D: Define the command privileges for levels 2-5 in the IOS devices.

—

Question 53

An administrator is configuring RADIUS on a Cisco switch with a key set to Cisc407294634 but is receiving the error Authentication failed: 22040 Wrong password or invalid shared secret.
What must be done to address this issue?

A: Add the network device as a NAD inside Cisco ISE using the existing key.
B: Configure the key on the Cisco ISE instead of the Cisco switch.
C: Validate that the key is correct on both the Cisco switch as well as Cisco ISE.
D: Use a key that is between eight and ten characters.

—

Question 54

An administrator needs to give the same level of access to the network devices when users are logging into them using TACACS+. However, the administrator must restrict certain commands based on one of three user roles that require different commands.
How is this accomplished without creating too many objects using Cisco ISE?

A: Create one shell profile and one command set.
B: Create multiple shell profiles and one command set.
C: Create multiple shell profiles and multiple command sets.
D: Create one shell profile and multiple command sets.

—

Question 55

An engineer builds a five-node distributed Cisco ISE deployment. The first two deployed nodes are responsible for the primary and secondary administration and monitoring personas.
Which persona configuration is necessary to have the remaining three Cisco ISE nodes serve as dedicated nodes in the Cisco ISE cube that is responsible only for handling the RADIUS and TACACS+ authentication requests, identity lookups, and policy evaluation?
A.

—

Question 56

What are two differences between the RADIUS and TACACS+ protocols? (Choose two.)

A: RADIUS offers multiprotocol support, whereas TACACS+ does not.
B: RADIUS is a Cisco proprietary protocol, whereas TACACS+ is an open standard protocol.
C: RADIUS enables encryption of all the packets, whereas with TACACS+, only the password is encrypted.
D: RADIUS combines authentication and authorization, whereas TACACS+ does not.
E: TACACS+ uses TCP port 49, whereas RADIUS uses UDP ports 1812 and 1813.

—

Question 57

An administrator adds a new network device to the Cisco ISE configuration to authenticate endpoints to the network. The RADIUS test fails after the administrator configures all of the settings in Cisco ISE and adds the proper configurations to the switch.
What is the issue?

A: The endpoint profile is showing as ''unknown"
B: The endpoint does not have the appropriate credentials for network access
C: The certificate on the switch is self-signed, not a CA-provided certificate
D: The shared secret is incorrect on the switch or on Cisco ISE

—

Question 58

An administrator enables the profiling service for Cisco ISE to use for authorization policies while in closed mode. When the endpoints connect, they receive limited access so that the profiling probes can gather information and Cisco ISE can assign the correct profiles. They are using the default values within Cisco ISE, but the devices do not change their access due to the new profile. What is the problem?

A: The default profiler configuration is set to No CoA for the reauthentication setting.
B: In closed mode, profiling does not work unless CDP is enabled.
C: The profiler feed is not downloading new information, so the profiler is inactive.
D: The profiling probes are not able to collect enough information to change the device profile.

—

Question 59

An engineer is configuring 802.1X and is testing out their policy sets. After authentication, some endpoints are given an access-reject message but are still allowed onto the network. What is causing this issue to occur?

A: The authorization results for the endpoints include the Trusted security group tag.
B: The authorization results for the endpoints include a dACL allowing access.
C: The switch port is configured with authentication event server dead action authorize vlan.
D: The switch port is configured with authentication open.

—

Question 60

An organization is adding nodes to their Cisco ISE deployment and has two nodes designated as primary and secondary PAN and MnT nodes. The organization also has four PSNs. An administrator is adding two more PSNs to this deployment but is having problems adding one of them. What is the problem?

A: Only five PSNs are allowed to be in the Cisco ISE cube if configured this way.
B: One of the new nodes must be designated as a pxGrid node.
C: The new nodes must be set to primary prior to being added to the deployment.
D: The current PAN is only able to track a max of four nodes.

—

Question 61

Which two Cisco ISE deployment models require two nodes configured with dedicated PAN and MnT personas? (Choose two.)

A: seven PSN nodes with one PxGrid node
B: two PSN nodes with one PxGrid node
C: five PSN nodes with one PxGrid node
D: six PSN nodes:
E: three PSN nodes

—

Question 62

An engineer is configuring 802.1X and wants it to be transparent from the users' point of view. The implementation should provide open authentication on the switch ports while providing strong levels of security for non-authenticated devices.
Which deployment mode should be used to achieve this?

A: closed
B: high-impact
C: low-impact
D: open

—

Question 63

An organization wants to enable web-based guest access for both employees and visitors. The goal is to use a single portal for both user types. Which two authentication methods should be used to meet this requirement? (Choose two.)

A: LDAP
B: MAC-based
C: Certificate-based
D: LOCAL
E: 802.1X

—

Question 64

A network administrator is currently using Cisco ISE to authenticate devices and users via 802.1X. There is now a need to also authorize devices and users using
EAP-TLS. Which two additional components must be configured in Cisco ISE to accomplish this? (Choose two.)

A: Certificate Authentication Profile
B: EAP Authorization Profile
C: Network Device Group
D: Common Name attribute that maps to an identity store
E: Serial Number attribute that maps to a CA Server

—

Question 65

Refer to the exhibit. An engineer is configuring the remote access VPN to use Cisco ISE for AAA and needs to conduct posture checks on the connecting endpoints. After the endpoint connects, it receives its initial authorization result and continues onto the compliance scan. What must be done for this AAA configuration to allow compliant access to the network?

A: Ensure that authorization only mode is not enabled.
B: Enable dynamic authorization within the AAA server group.
C: Fix the CoA port number.
D: Configure the posture authorization so it defaults to unknown status

—

Question 66

Refer to the exhibit. An engineer is configuring Cisco ISE for guest services. They would like to have any unregistered guests redirected to the guest portal for authentication, then have a CoA provide them with full access to the network that is segmented via firewalls. Why is the given configuration failing to accomplish this goal?

A: The Guest Portal and Guest Access policy lines are in the wrong order.
B: The PermitAccess result is not set to restricted access in its policy line.
C: The Network_Access_Authentication_Passed condition will not work with guest services for portal access.
D: The Guest_Flow condition is not in the line that gives access to the guest portal.

—

That’s the end of your free questions

You’ve reached the preview limit for 300-715

Consider upgrading to gain full access!

Page 3 of 14 • Questions 51-75 of 329

←

1 2 3 4 5

→

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!