300-715試験無料問題集（347題）「Cisco Implementing and Configuring Cisco Identity Services Engine 認定」

出題：1

A network administrator is currently using Cisco ISE to authenticate devices and users via
802.1X. There is now a need to also authorize devices and users using EAP-TLS.
Which two additional components must be configured in Cisco ISE to accomplish this? (Choose two.)

A. Serial Number attribute that maps to a CA Server

B. Common Name attribute that maps to an identity store

C. EAP Authorization Profile

D. Certificate Authentication Profile

E. Network Device Group

正解：C,D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：2

Which two default endpoint identity groups does Cisco ISE create? (Choose two )

正解：C,E 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：3

Which two ports must be open between Cisco ISE and the client when you configure posture on Cisco ISE? (Choose two).

正解：B,D 解答を投票する

出題：4

An enterprise uses a separate PSN for each of its four remote sites. Recently, a user reported receiving an "EAP-TLS authentication failed" message when moving between remote sites.
Which configuration must be applied on Cisco ISE?

A. Use a third-party certificate on the network device.

B. Renew the expired certificate on one of the PSN.

C. Configure an authorization profile for the end users.

D. Add the device to all PSN nodes in the deployment.

正解：D 解答を投票する

出題：5

What is a characteristic of the UDP protocol?

A. UDP offers information about a non-existent server

B. UDP offers best-effort delivery

C. UDP can detect when a server is slow

D. UDP can detect when a server is down.

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：6

An organization has a SGACL locally configured on a switch port, but when a user in the Executives group connects to the network, they receive a different level of network access than expected. When Cisco ISE pushes SGACLs to the switch after the authorization phase, how does the switch decide which access to grant the user?

A. The policies are merged, but local policies receive priority.

B. Dynamically downloaded policies override local policies in all cases.

C. Local policies override dynamically downloaded policies in all cases.

D. The policies are merged, but dynamically downloaded policies receive priority.

正解：D 解答を投票する

出題：7

An administrator is configuring posture assessment in Cisco ISE for the first time. Which two components must be uploaded to Cisco ISE to use Anyconnect for the agent configuration in a client provisioning policy? (Choose two.)

A. AnyConnectProfile.xml file

B. Anyconnect compliance module

C. AnyConnectProfile.xsd file

D. Anyconnect agent image

E. Anyconnect network visibility module

正解：B,D 解答を投票する

出題：8

An engineer is configuring web authentication and needs to allow specific protocols to permit DNS traffic. Which type of access list should be used for this configuration?

A. standard ACL

B. extended ACL

C. reflexive ACL

D. numbered ACL

正解：B 解答を投票する

出題：9

Which two default guest portals are available with Cisco ISE? (Choose two.)

正解：C,D 解答を投票する

出題：10

What is a difference between RADIUS and TACACS+?

A. RADIUS offers multiprotocol support, and TACACS+ supports only IP traffic.

B. RADIUS supports command accounting, and TACACS+ does not.

C. RADIUS combines authentication and authorization functions, and TACACS+ separates them.

D. RADIUS uses connection-oriented transport, and TACACS+ uses best-effort delivery.

正解：C 解答を投票する

出題：11

What are two benefits of TACACS+ versus RADIUS for device administration? (Choose two )

A. TACACS+ has command authorization, and RADIUS does not.

B. TACACS+ provides the service type, and RADIUS does not

C. TACACS+ encrypts the whole payload, and RADIUS encrypts only the password.

D. TACACS+ uses UDP, and RADIUS uses TCP

E. TACACS+ supports 802.1X, and RADIUS supports MAB

正解：A,C 解答を投票する

出題：12

An engineer is working with a distributed deployment of Cisco ISE and needs to configure various network probes to collect a set of attributes from the used to accomplish this task?

A. primary policy administrator

B. pxGrid

C. policy service

D. monitoring

正解：A 解答を投票する

出題：13

The default Cisco ISE node configuration has which role or roles enabled by default?

A. Policy Service Monitoring, and Administration

B. Inline Posture only

C. Administration only

D. Administration and Pokey Service

正解：A 解答を投票する

出題：14

Which interface-level command is needed to turn on 802.1X authentication?

A. dot1x pae authenticator

B. authentication host-mode single-host

C. aaa server radius dynamic-author

D. dot1x system-auth-control

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：15

Which permission is common to the Active Directory Join and Leave operations?

A. Search Active Directory to see if a Cisco ISE machine account already ex.sts.

B. Set attributes on the Cisco ISE machine account

C. Remove the Cisco ISE machine account from the domain.

D. Create a Cisco ISE machine account in the domain if the machine account does not already exist

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：16

An organization is adding nodes to their Cisco ISE deployment and has two nodes designated as primary and secondary PAN and MnT nodes. The organization also has four PSNs. An administrator is adding two more PSNs to this deployment but is having problems adding one of them. What is the problem?

A. The new nodes must be set to primary prior to being added to the deployment

B. Only five PSNs are allowed to be in the Cisco ISE cube if configured this way.

C. One of the new nodes must be designated as a pxGrid node

D. The current PAN is only able to track a max of four nodes

正解：B 解答を投票する

出題：17

A company manager is hosting a conference. Conference participants must connect to an open guest SSID and only use a preassigned code that they enter into the guest portal prior to gaining access to the network. How should the manager configure Cisco ISE to accomplish this goal?

A. Create logins for each participant to give them sponsored access.

B. Create entries in the guest identity group for all participants.

C. Create an access code to be entered in the AUP page.

D. Create a registration code to be entered on the portal splash page.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：18

A user changes the status of a device to stolen in the My Devices Portal of Cisco ISE. The device was originally onboarded in the BYOD wireless Portal without a certificate. The device is found later, but the user cannot re-onboard the device because Cisco ISE assigned the device to the Blocklist endpoint identity group. What must the user do in the My Devices Portal to resolve this issue?

A. Delete the device, and then re-add the device.

B. Manually remove the device from the Blocklist endpoint identity group.

C. Change the device state from Stolen to Not Registered.

D. Change the BYOD registration attribute of the device to None.

正解：C 解答を投票する

300-715試験無料問題集「Cisco Implementing and Configuring Cisco Identity Services Engine 認定」