300-715試験無料問題集（347題）「Cisco Implementing and Configuring Cisco Identity Services Engine 認定」

出題：1

A network security engineer needs to configure 802.1X port authentication to allow a single host to be authenticated for data and another single host to be authenticated for voice. Which command should the engineer run on the interface to accomplish this goal?

A. authentication host-mode single-host

B. authentication host-mode multi-auth

C. authentication host-mode multi-host

D. authentication host-mode multi-domain

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：2

A new Cisco ISE infrastructure is being built to provide network access control. If Cisco Discovery Protocol is used, what information is being gathered in relation to profiling with Cisco ISE?

A. RADIUS session attributes

B. device ID

C. IdentityGroup

D. DHCP session attributes

正解：B 解答を投票する

出題：3

Which port does Cisco ISE use for native supplicant provisioning of a Windows laptop?

A. CUDP 1812

B. TCP 8905

C. TCP 443

D. TCP 8909

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：4

Users in an organization report issues about having to remember multiple usernames and passwords. The network administrator wants the existing Cisco ISE deployment to utilize an external identity source to alleviate this issue.
Which two requirements must be met to implement this change? (Choose two.)

A. Establish access to one Global Catalog server.

B. Provide domain administrator access to Active Directory.

C. Configure a secure LDAP connection.

D. Ensure that the NAT address is properly configured

E. Enable IPC access over port 80.

正解：A,B 解答を投票する

出題：5

What is a characteristic of the UDP protocol?

A. UDP offers information about a non-existent server

B. UDP offers best-effort delivery

C. UDP can detect when a server is slow

D. UDP can detect when a server is down.

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：6

An engineer is using the low-impact mode for a phased deployment of Cisco ISE and is trying to connect to the network prior to authentication. Which access will be denied in this?

A. EAP

B. DHCP

C. DNS

D. HTTP

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：7

An administrator is adding a switch to a network that is running Cisco ISE and is only for IP Phones.
The phones do not have the ability to authenticate via 802.1X.
Which command is needed on each switch port for authentication?

A. enable bypass-MAC

B. dot1x system-auth-control

C. mab

D. enable network-authentication

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：8

A network engineer is attempting to terminate and reinitialize wireless user sessions individually by using the Live Sessions tab in Cisco ISE. Cisco ISE and the Cisco WLC are separated by a firewall. Which port must be allowed on the firewall so that the network engineer can perform this function from Cisco ISE?

A. UDP port 5246

B. TCP port 3791

C. UDP port 1700

D. TCP port 8443

正解：C 解答を投票する

出題：9

Which two features should be used on Cisco ISE to enable the TACACS+ feature? (Choose two )

A. Device Administration License

B. Server Sequence

C. External TACACS Servers

D. Command Sets

E. Device Admin Service

正解：A,E 解答を投票する

出題：10

Which two responses from the RADIUS server to NAS are valid during the authentication process? (Choose two )

A. access-challenge

B. access-response

C. access-request

D. access-reserved

E. access-accept

正解：A,E 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：11

A network engineer must create a guest portal for wireless guests on Cisco ISE. The guest users must not be able to create accounts; however, the portal should require a username and password to connect. Which portal type must be created in Cisco ISE to meet the requirements?

A. Self Registered Guest Access

B. Hotspot Guest Access

C. Sponsored Guest Access

D. Custom Guest Portal

正解：C 解答を投票する

出題：12

An administrator is configuring a new profiling policy within Cisco ISE. The organization has several endpoints that are the same device type and all have the same Block ID in their MAC address. The profiler does not currently have a profiling policy created to categorize these endpoints, therefore a custom profiling policy must be created.
Which condition must the administrator use in order to properly profile an ACME Al Connector endpoint for network access with MAC address <MAC ADDRESS>?

A. Radius Called Station-ID STARTSWITH <MACADDRESS>

B. CDP_cdpCacheDevicelD_CONTAINS_<MACADDRESS>

C. MAC_MACAddress_CONTAINS_<MACADDRESS>

D. MAC_OUI_STARTSWITH_<MACADDRESS>

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：13

An engineer configured posture assessment for their network access control with the goal of using an agent that supports using service conditions for the assessment. The agent should run as a background process to avoid user interruption, but the user can see it when it is run. What is the problem?

A. The posture module was deployed using the headend instead of installing it with SCCM.

B. The selected posture agent does not support the engineer's goal.

C. The proper permissions were not given to the temporal agent to conduct the assessment.

D. The user required remediation so the agent appeared in the notifications.

正解：B 解答を投票する

出題：14

What is a function of client provisioning?

A. Client provisioning ensures an application process is running on the endpoint.

B. Client provisioning ensures that endpoints receive the appropriate posture agents.

C. Client provisioning checks the existence, date, and versions of the file on a client.

D. Client provisioning checks a dictionary attribute with a value.

正解：B 解答を投票する

出題：15

An engineer is enabling a newly configured wireless SSID for tablets and needs visibility into which other types of devices are connecting to it.
What must be done on the Cisco WLC to provide this information to Cisco ISE?

A. enable Fast Transition

B. enable IP Device Tracking

C. enable MAC filtering

D. enable mDNS snooping

正解：C 解答を投票する

出題：16

An organization wants to split their Cisco ISE deployment to separate the device administration functionalities from the mam deployment. For this to work, the administrator must deregister any nodes that will become a part of the new deployment, but the button for this option is grayed out.
Which configuration is causing this behavior?

A. All of the nodes are actively being synched.

B. All of the nodes participate in the PAN auto failover.

C. One of the nodes is an active PSN.

D. One of the nodes is the Primary PAN

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：17

An administrator is configuring the Native Supplicant Profile to be used with the Cisco ISE posture agents and needs to test the connection using wired devices to determine which profile settings are available. Which two configuration settings should be used to accomplish this task?
(Choose two.)

A. allowed protocol

B. authentication mode

C. proxy host/IP

D. security

E. certificate template

正解：A,E 解答を投票する

出題：18

Drag and Drop Question
Drag the descriptions on the left onto the components of 802.1X on the right.

正解：

Explanation:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_8021x/configuration/xe-3se/3850/sec- user-8021x-xe-3se-3850-book/config-ieee-802x-pba.html

300-715試験無料問題集「Cisco Implementing and Configuring Cisco Identity Services Engine 認定」