300-715試験無料問題集（347題）「Cisco Implementing and Configuring Cisco Identity Services Engine 認定」

出題：1

Which statement is true?

A. A Cisco ISE Advanced license can be installed on top of a Base and/or Wireless license.

B. A Cisco ISE Wireless license can be installed on top of a Base and/or Advanced license.

C. A Cisco ISE Advanced license is perpetual in nature.

D. A Cisco ISE Advanced license can be used without any Base licenses.

正解：A 解答を投票する

出題：2

An administrator for a small network is configuring Cisco ISE to provide dynamic network access to users.
Management needs Cisco ISE to not automatically trigger a CoA whenever a profile change is detected.
Instead, the administrator needs to verify the new profile and manually trigger a CoA.
What must be configuring in the profiler to accomplish this goal?

A. Session Query

B. Reauth

C. No CoA

D. Port Bounce

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：3

An administrator is configuring sponsored guest access using Cisco ISE Access must be restricted to the sponsor portal to ensure that only necessary employees can issue sponsored accounts and employees must be classified to do so. What must be done to accomplish this task?

A. Create an authorization rule using the Guest Flow condition to authorize the administrators

B. Modify the sponsor groups assigned to reflect the desired user groups

C. Configure an identity-based access list in Cisco ISE to restrict the users allowed to login

D. Edit the sponsor portal to only accept members from the selected groups

正解：B 解答を投票する

出題：4

An engineer is adding a new network device to be used with 802.1X authentication. After configuring the device, the engineer notices that no endpoints that connect to the switch are able to authenticate. What is the problem?

A. The switch's supplicant is unable to establish a connection to Cisco ISE.

B. The command dot1x system-auth-control is not configured on the switch.

C. The endpoint firewalls are blocking the EAPoL traffic.

D. The command dot1x critical vlan 40 is not configured on the switch ports.

正解：B 解答を投票する

出題：5

Which two tasks must be completed when configuring the Cisco ISE BYOD Portal? (Choose two.)

A. Customize device portal.

B. Deploy client provisioning portal.

C. Provision external identity sources.

D. Create endpoint identity groups.

E. Enable policy services.

正解：A,C 解答を投票する

出題：6

An engineer needs to configure Cisco ISE Profiling Services to authorize network access for IP speakers that require access to the intercom system. This traffic needs to be identified if the ToS bit is set to 5 and the destination IP address is the intercom system. What must be configured to accomplish this goal?

A. RADIUS

B. pxGrid

C. NETFLOW

D. NMAP

正解：C 解答を投票する

出題：7

What is a function of client provisioning?

A. Client provisioning ensures an application process is running on the endpoint.

B. Client provisioning ensures that endpoints receive the appropriate posture agents.

C. Client provisioning checks the existence, date, and versions of the file on a client.

D. Client provisioning checks a dictionary attribute with a value.

正解：B 解答を投票する

出題：8

Which configuration is required in the Cisco ISE authentication policy to allow Central Web Authentication?

A. MAB and if authentication failed, continue

B. Dot1x and if authentication failed, continue

C. MAB and if user not found, continue

D. Dot1x and if user not found, continue

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：9

Which compliance status is set when a matching posture policy has been defined for that endpoint, but all the mandatory requirements during posture assessment are not met?

A. non-compliant

B. unknown

C. unauthorized

D. untrusted

正解：A 解答を投票する

出題：10

The security team wants to secure the wired network. A legacy printer on the network with the MAC address 00:43:08:50:64:60 does not support 802.1X. Which setting must be enabled in the Allowed Authentication Protocols list in your Authentication Policy for Cisco ISE to support MAB for this MAC address?

A. MS-CHAPv2

B. EAP-TLS

C. Process Host Lookup

D. PAP

正解：C 解答を投票する

出題：11

When configuring an authorization policy, an administrator cannot see specific Active Directory groups present in their domain to be used as a policy condition.
However, other groups that are in the same domain are seen. What is causing this issue?

A. The groups are not added to Cisco ISE under the AD join point

B. Cisco ISE only sees the built-in groups, not user created ones

C. Cisco ISE's connection to the AD join point is failing

D. The groups are present but need to be manually typed as conditions

正解：A 解答を投票する

出題：12

What are two components of the posture requirement when configuring Cisco ISE posture?
(Choose two )

A. Client Provisioning portal

B. access policy

C. conditions

D. updates

E. remediation actions

正解：C,E 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：13

An engineer is unable to use SSH to connect to a switch after adding the required CLI commands to the device to enable TACACS+. The device administration license has been added to Cisco ISE, and the required policies have been created.
Which action is needed to enable access to the switch?

A. The RSA keypair used for SSH must be regenerated after enabling TACACS+.

B. The ip ssh source-interface command needs to be set on the switch

C. The switch needs to be added as a network device in Cisco ISE and set to use TACACS+.

D. 802.1X authentication needs to be configured on the switch.

正解：C 解答を投票する

出題：14

A network engineer must enable a profiling probe. The profiling must take details through the Active Directory. Where in the Cisco ISE interface would the engineer enable the probe?

A. Policy > Deployment > System > Profiling

B. Policy > Policy Elements > Profiling

C. Administration > Deployment > System > Profiling

D. Administration > System > Deployment > Profiling

正解：D 解答を投票する

出題：15

Which two actions must be verified to confirm that the internet is accessible via guest access when configuring a guest portal? (Choose two.)

A. The guest device can connect to network file shares.

B. The guest device has internal network access on the WLAN.

C. The guest device successfully associates with the correct SSID.

D. Cisco ISE sends a CoA upon successful guest authentication.

E. The guest user gets redirected to the authentication page when opening a browser.

正解：D,E 解答を投票する

出題：16

An engineer needs to create a Self-Registered Guest Portal in Cisco ISE in which guest users receive their passwords via SMS. Which two settings must be configured to accomplish this task?
(Choose two.)

A. Choose the SMS provider previously configured as a SMS gateway under the Registration Form Settings.

B. Select SMS for the Send Credential upon notification setting under Registration Form Settings.

C. Choose the SMS provider previously configured as a SMS gateway under Device Registration Settings.

D. Select Allow employees to use personal devices and SMS for notifications under BYOD.

E. Select SMS for the Send Credential upon notification setting under the Login Page Settings.

正解：A,E 解答を投票する

出題：17

An engineer is implementing network access control using Cisco ISE and needs to separate the traffic based on the network device ID and use the IOS device sensor capability.
Which probe must be used to accomplish this task?

A. HTTP probe

B. RADIUS probe

C. network scan probe

D. NetFlow probe

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

300-715試験無料問題集「Cisco Implementing and Configuring Cisco Identity Services Engine 認定」