300-715試験無料問題集（377題）「Cisco Implementing and Configuring Cisco Identity Services Engine 認定」

出題：1

Which CLI command must be configured on the switchport to immediately run the MAB process if a non-802 1X capable endpoint connects to the port?

A. dot1x pae authenticator

B. access-session port-control auto

C. authentication order mab dot1x

D. authentication fallback

正解：C 解答を投票する

出題：2

An organization has a fully distributed Cisco ISE deployment. When implementing probes, an administrator must scan for unknown endpoints to learn the IP-to-MAC address bindings. The scan is complete on one FPSN, but the information is not available on the others.
What must be done to make the information available?

A. Cisco ISE must learn the IP-MAC binding of unknown endpoints via DHCP profiling, not via scanning

B. Scanning must be initiated from the PSN that last authenticated the endpoint

C. Cisco ISE must be configured to learn the IP-MAC binding of unknown endpoints via RADIUS authentication, not via scanning

D. Scanning must be initiated from the MnT node to centrally gather the information

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：3

An endpoint with the MAC address 04:85:70:26:64:AB attempts to connect to the network. The security administrator wants to ensure that before authentication, only limited access is provided for services including DHCP and DNS Full network access is only granted upon successful
802.1X authentication. Which ISE deployment mode should the administrator configure to meet the requirements?

A. closed mode

B. monitor mode

C. open mode

D. low-impact mode

正解：D 解答を投票する

出題：4

A Cisco device has a port configured in multi-authentication mode and is accepting connections only from hosts assigned the SGT of SGT_0422048549. The VLAN trunk link supports a maximum of 8 VLANS. What is the reason for these restrictions?

A. The device is performing inline tagging without acting as a SXP speaker

B. The device is performing mime tagging while acting as a SXP speaker

C. The IP subnet addresses are statically mapped to an SGT

D. The IP subnet addresses are dynamically mapped to an SGT.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：5

What is a method for transporting security group tags throughout the network?

A. by embedding the security group tag in the 802.1Q header

B. by enabling 802.1AE on every network device

C. by embedding the security group tag in the IP header

D. by the Security Group Tag Exchange Protocol

正解：D 解答を投票する

出題：6

What is the Cisco ISE default admin login name and password?

A. admin/cisco

B. ISEAdmin/admin

C. admin/admin

D. admin/no default password--the admin password is configured at setup

正解：D 解答を投票する

出題：7

An administrator is attempting to join a new node to the primary Cisco ISE node, but receives the error message "Node is Unreachable". What is causing this error?

A. The second node is in standalone mode.

B. The second node is a PAN node.

C. No admin privileges are available on the second node.

D. No administrative certificate is available for the second node.

正解：D 解答を投票する

出題：8

An engineer must configure a posture policy with Cisco Temporal Agent workflow. Which two configurations must the engineer apply to meet the requirement? (Choose two.)

A. Create the posture condition.

B. Configure the Secure Client Posture module.

C. Configure the client provisioning policy.

D. Configure client provisioning resources.

E. Create the posture requirements.

正解：A,E 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：9

A Cisco ISE administrator needs to ensure that guest endpoint registrations are only valid for 1 day. When testing the guest policy flow, the administrator sees that the Cisco ISE does not delete the endpoint in the Guest Endpoints identity store after one day and allows access to the guest network after that period. Which configuration is causing this problem?

A. The RADIUS policy set for guest access is set to allow repeated authentication of the same device.

B. The Endpoint Purge Policy is set to 30 days for guest devices.

C. The length of access is set to 7 days in the Guest Portal Settings.

D. The Guest Account Purge Policy is set to 15 days.

正解：B 解答を投票する

出題：10

An engineer must organize endpoints in a Cisco ISE identity management store to improve the operational management of IP phone endpoints. The endpoints must meet these requirements:
- classify endpoints for finance, sales, and marketing departments
- tag each endpoint as profiled
Which action organizes the endpoints?

A. Add a tag for the endpoints of each department and use the identity group filter.

B. Create an endpoint identity group for each department with the IP phone parent group.

C. Add a tag for the endpoints of each department and add an endpoint to profiled group.

D. Create an endpoint identity group for each department with the profiled parent group.

正解：D 解答を投票する

出題：11

Users in an organization report issues about having to remember multiple usernames and passwords. The network administrator wants the existing Cisco ISE deployment to utilize an external identity source to alleviate this issue.
Which two requirements must be met to implement this change? (Choose two.)

A. Establish access to one Global Catalog server.

B. Provide domain administrator access to Active Directory.

C. Configure a secure LDAP connection.

D. Ensure that the NAT address is properly configured

E. Enable IPC access over port 80.

正解：A,B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：12

A Cisco ISE administrator needs to ensure that guest endpoint registrations are only valid for one day. When testing the guest policy flow, the administrator sees that the Cisco ISE does not delete the endpoint in the Guest Endpoints identity store after one day and allows access to the guest network after that period. Which configuration is causing this problem?

A. The Guest Account Purge Policy is set to 15 days

B. The Endpoint Purge Policy is set to 30 days for guest devices

C. The length of access is set to 7 days in the Guest Portal Settings

D. The RADIUS policy set for guest access is set to allow repeated authentication of the same device

正解：B 解答を投票する

出題：13

An engineer is implementing Cisco ISE and needs to configure 802.1X. The port settings are configured for port-based authentication.
Which command should be used to complete this configuration?

A. dot1x pae authenticator

B. dot1x system-auth-control

C. aaa authentication dot1x default group radius

D. authentication port-control auto

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：14

An administrator is trying to collect metadata information about the traffic going across the network to gam added visibility into the hosts. This Information will be used to create profiling policies for devices us mg Cisco ISE so that network access policies can be used.
What must be done to accomplish this task?

A. Configure the RADIUS profiling probe within Cisco ISE

B. Configure the DHCP probe within Cisco ISE

C. Configure SNMP to be used with the Cisco ISE appliance

D. Configure NetFlow to be sent to me Cisco ISE appliance.

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：15

An engineer is configuring a new Cisco ISE node. The Device Admin service must run on this node to handle authentication requests for network device access via TACACS+. Which persona must be enabled on this node to perform this function?

A. pxGrid

B. Monitoring

C. Administration

D. Policy Service

正解：D 解答を投票する

出題：16

Which use case validates a change of authorization?

A. An authenticated, wired EAP-capable endpoint is discovered

B. Endpoints are created through device registration for the guests

C. An endpoint profiling policy is changed for authorization policy.

D. An endpoint that is disconnected from the network is discovered

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：17

Which types of design are required in the Cisco ISE ATP program?

A. preliminary and final

B. top down and bottom up

C. schematic and detailed

D. high-level and low-level designs

正解：D 解答を投票する

300-715試験無料問題集「Cisco Implementing and Configuring Cisco Identity Services Engine 認定」