Cisco 300-715 SISE Exam Practice Test Instant Access

Question 1

An administrator replaced a PSN in the distributed Cisco ISE environment. When endpoints authenticate to it, the devices are not getting the right profiles or attributes and as a result, are not hitting the correct policies. This was working correctly on the previous PSN. Which action must be taken to ensure the endpoints get identified?

AVerify that the MnT node is tracking the session.

BVerify the shared secret used between the switch and the PSN.

CVerify that the profiling service is running on the new PSN.

DVerify that the authentication request the PSN is receiving is not malformed.

Answer : C

Question 2

An engineer needs to configure a Cisco ISE server to issue a CoA for endpoints already authenticated to access the network. The CoA option must be enforced on a session, even if there are multiple active sessions on a port. What must be configured to accomplish this task?

Athe Reauth CoA option in the Cisco ISE system profiling settings enabled

Ban endpoint profiling policy with the No CoA option enabled

Can endpoint profiling policy with the Port Bounce CoA option enabled

Dthe Port Bounce CoA option in the Cisco ISE system profiling settings enabled

Answer : A

Question 3

An engineer needs to configure Cisco ISE Profiling Services to authorize network access for IP speakers that require access to the intercom system. This traffic needs to be identified if the ToS bit is set to 5 and the destination IP address is the intercom system. What must be configured to accomplish this goal?

ANMAP

BNETFLOW

CpxGrid

DRADIUS

Answer : B

Question 4

An administrator made changes in Cisco ISE and needs to apply new permissions for endpoints that have already been authenticated by sending a CoA packet to the network devices. Which IOS command must be configured on the devices to accomplish this goal?

Aaaa server radius dynamic-author

Bauthentication command bounce-port

Cauthentication command disable-port

Daaa nas port extended

Answer : A

Question 5

Which two actions must be verified to confirm that the internet is accessible via guest access when configuring a guest portal? (Choose two.)

AThe guest device successfully associates with the correct SSID.

BThe guest user gets redirected to the authentication page when opening a browser.

CThe guest device has internal network access on the WLAN.

DThe guest device can connect to network file shares.

ECisco ISE sends a CoA upon successful guest authentication.

Answer : B, E

Question 6

A security administrator is using Cisco ISE to create a BYOD onboarding solution for all employees who use personal devices on the corporate network. The administrator generates a Certificate Signing Request and signs the request using an external Certificate Authority server. Which certificate usage option must be selected when importing the certificate into ISE?

ARADIUS

BDLTS

CPortal

DAdmin

Answer : C

Question 7

A user changes the status of a device to stolen in the My Devices Portal of Cisco ISE. The device was originally onboarded in the BYOD wireless Portal without a certificate. The device is found later, but the user cannot re-onboard the device because Cisco ISE assigned the device to the Blocklist endpoint identity group. What must the user do in the My Devices Portal to resolve this issue?

AManually remove the device from the Blocklist endpoint identity group.

BChange the device state from Stolen to Not Registered.

CChange the BYOD registration attribute of the device to None.

DDelete the device, and then re-add the device.