300-715 Online Practice Questions and Answers

Which interface-level command is needed to turn on 802.1X authentication?

A. dot1x pae authenticator

B. dot1x system-auth-control

C. authentication host-mode single-host

D. aaa server radius dynamic-author

Which two endpoint compliance statuses are possible? (Choose two.)

A. unknown

B. known

C. invalid

D. compliant

E. valid

An engineer is configuring cisco ISE and need to dynamically identify the network endpoints and ensure that endpoint access is protected. Which service should be used to accomplish this task?

A. Guest access

B. Profiling

C. Posture

D. Client provisioning

A network security engineer needs to configure 802.1X port authentication to allow a single host to be authenticated for data and another single host to be authenticated for voice. Which command should the engineer run on the interface to accomplish this goal?

A. authentication host-mode single-host

B. authentication host-mode multi-auth

C. authentication host-mode multi-host

D. authentication host-mode multi-domain

An employee logs on to the My Devices portal and marks a currently on-boarded device as `Lost'.

A. Certificates provisioned to the device are not revoked

B. BYOD Registration status is updated to No

C. The device access has been denied

D. BYOD Registration status is updated to Unknown.

E. The device status is updated to Stolen

An engineer tests Cisco ISE posture services on the network and must configure the compliance module to automatically download and install on endpoints. Which action accomplishes this task for VPN users?

A. Push the compliance module from Cisco FTD prior to attempting posture.

B. Use a compound posture condition to check for the compliance module and download, if needed.

C. Configure the compliance module to be downloaded from within the posture policy.

D. Create a Cisco AnyConnect configuration and Client Provisioning policy within Cisco ISE.

An engineer is configuring ISE for network device administration and has devices that support both protocols.

What are two benefits of choosing TACACS+ over RADUs for these devices? (Choose two.)

A. TACACS+ is FIPS compliant while RADIUS is not

B. TACACS+ is designed for network access control while RADIUS is designed for role-based access.

C. TACACS+ uses secure EAP-TLS while RADIUS does not.

D. TACACS+ provides the ability to authorize specific commands while RADIUS does not

E. TACACS+ encrypts the entire payload being sent while RADIUS only encrypts the password.

What is a difference between TACACS+ and RADIUS in regards to encryption?

A. TACACS+ encrypts only the password, whereas RADIUS encrypts the username and password.

B. TACACS+ encrypts the username and password, whereas RADIUS encrypts only the password.

C. TACACS+ encrypts the password, whereas RADIUS sends the entire packet in clear text.

D. TACACS+ encrypts the entire packet, whereas RADIUS encrypts only the password.

A Cisco ISE administrator is setting up Central Web Authentication to be used for user endpoint authentication. The client cannot reach the guest portal to log in and gain access, but DNS is functioning properly and the guest portal is enabled. What else must be configured to gain access?

A. Allow port TCP/8443 on the firewall.

B. Configure HTTP to HTTPS redirection.

C. Configure the guest portal to listen on TCP/8443.

D. Allow redirection from any client IP range.

What is configured to enforce the blocklist permissions and deny access to clients in the blocklist to protect against a lost or stolen device obtaining access to the network?

A. My Devices portal

B. blocklist portal

C. Authentication rule

D. Authorization rule