[Dec 05, 2023] 300-715 Exam Brain Dumps - Study Notes and Theory [Q118-Q142]

[Dec 05, 2023] 300-715 Exam Brain Dumps - Study Notes and Theory

Pass Cisco 300-715 Test Practice Test Questions Exam Dumps

NEW QUESTION # 118
An administrator is adding a switch to a network that is running Cisco ISE and is only for IP Phones. The phones do not have the ability to auto switch port for authentication?

• A. enable bypass-MAC
• B. dot1x system-auth-control
• C. mab
• D. enable network-authentication

Answer: B

NEW QUESTION # 119
An organization wants to implement 802.1X and is debating whether to use PEAP-MSCHAPv2 or PEAP-EAP-TLS for authentication. Drag the characteristics on the left to the corresponding protocol on the right.

Answer:

Explanation:

NEW QUESTION # 120
An engineer is configuring a dedicated SSID for onboarding devices. Which SSID type accomplishes this configuration?

• A. guest
• B. hidden
• C. broadcast
• D. dual

Answer: A

NEW QUESTION # 121
What is an advantage of using EAP-TLS over EAP-MS-CHAPv2 for client authentication?

• A. EAP-TLS uses multiple forms of authentication, while EAP-MS-CHAPv2 only uses one.
• B. EAP-TLS secures the exchange of credentials, while EAP-MS-CHAPv2 does not.
• C. EAP-TLS uses a username and password for authentication to enhance security, while EAP-MS-CHAPv2 does not.
• D. EAP-TLS uses a device certificate for authentication to enhance security, while EAP-MS-CHAPv2 does not.

Answer: A

NEW QUESTION # 122
Which two methods should a sponsor select to create bulk guest accounts from the sponsor portal? (Choose two.)

• A. Random
• B. Daily
• C. Monthly
• D. Known
• E. Imported

Answer: A,D

Explanation:
Section: Web Auth and Guest Services
Explanation/Reference: https://www.cisco.com/c/en/us/td/docs/security/ise/1-3/sponsor_guide/ b_spons_SponsorPortalUserGuide_13/b_spons_SponsorPortalUserGuide_13_chapter_01.html

NEW QUESTION # 123
What is a difference between TACACS+ and RADIUS in regards to encryption?

• A. TACACS+ encrypts the password, whereas RADIUS sends the entire packet in clear text.
• B. TACACS+ encrypts only the password, whereas RADIUS encrypts the username and password.
• C. TACACS+ encrypts the username and password, whereas RADIUS encrypts only the password.
• D. TACACS+ encrypts the entire packet, whereas RADIUS encrypts only the password.

Answer: D

NEW QUESTION # 124
Which two probes must be enabled for the ARP cache to function in the Cisco ISE profile service so that a user can reliably bind the IP address and MAC addresses of endpoints? (Choose two.)

• A. SNMP
• B. HTTP
• C. RADIUS
• D. DHCP
• E. NetFlow

Answer: C,D

Explanation:
Cisco ISE implements an ARP cache in the profiling service, so that you can reliably map the IP addresses and the MAC addresses of endpoints. For the ARP cache to function, you must enable either the DHCP probe or the RADIUS probe. The DHCP and RADIUS probes carry the IP addresses and the MAC addresses of endpoints in the payload data. The dhcp-requested address attribute in the DHCP probe and the Framed-IP-address attribute in the RADIUS probe carry the IP addresses of endpoints, along with their MAC addresses, which can be mapped and stored in the ARP cache.
https://www.cisco.com/c/en/us/td/docs/security/ise/2-
1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_010100.html

NEW QUESTION # 125
Drag the Cisco ISE node types from the left onto the appropriate purposes on the right.

Answer:

Explanation:

Explanation

Monitoring = provides advanced monitoring and troubleshooting tools that you can use to effectively manage your network and resources Policy Service = provides network access, posture, guest access, client provisioning, and profiling services.
This persona evaluates the policies and makes all the decisions.
Administration = manages all system-related configuration and configurations that relate to functionality such as authentication, authorization, auditing, and so on pxGrid = shares context-sensitive information from Cisco ISE to subscribers
https://www.cisco.com/c/en/us/td/docs/security/ise/1-4/admin_guide/b_ise_admin_guide_14/b_ise_admin_guide

NEW QUESTION # 126
Drag and drop the description from the left onto the protocol on the right that is used to carry out system authentication, authentication, and accounting.

Answer:

Explanation:

Explanation

https://www.mbne.net/tech-notes/aaa-tacacs-radius

NEW QUESTION # 127
Which advanced option within a WLAN must be enabled to trigger Central Web Authentication for Wireless users on AireOS controller?

• A. static IP tunneling
• B. AAA override
• C. DHCP server
• D. override Interface ACL

Answer: B

Explanation:
Section: Web Auth and Guest Services
Explanation/Reference: https://www.cisco.com/c/en/us/td/docs/wireless/controller/7-4/configuration/guides/consolidated/ b_cg74_CONSOLIDATED/b_cg74_CONSOLIDATED_chapter_010110111.html

NEW QUESTION # 128
If there is a firewall between Cisco ISE and an Active Directory external identity store, which port does not need to be open?

• A. TCP 88
• B. TCP 445
• C. UDP123
• D. UDP/TCP 389
• E. TCP 21

Answer: E

NEW QUESTION # 129
An organization has a fully distributed Cisco ISE deployment When implementing probes, an administrator must scan for unknown endpoints to learn the IP-to-MAC address bindings. The scan is complete on one FPSN. but the information is not available on the others. What must be done to make the information available?

• A. Cisco ISE must learn the IP-MAC binding of unknown endpoints via DHCP profiling, not via scanning
• B. Cisco ISE must be configured to learn the IP-MAC binding of unknown endpoints via RADIUS authentication, not via scanning
• C. Scanning must be initiated from the PSN that last authenticated the endpoint
• D. Scanning must be initiated from the MnT node to centrally gather the information

Answer: A

NEW QUESTION # 130
A network administrator is configuring a secondary cisco ISE node from the backup configuration of the primary cisco ISE node to create a high availability pair The Cisco ISE CA certificates and keys must be manually backed up from the primary Cisco ISE and copied into the secondary Cisco ISE Which command most be issued for this to work?

• A. copy certificate Ise
• B. certificate configure Ise
• C. Import certificate Ise
• D. application configure Ise

Answer: A

NEW QUESTION # 131
An organization wants to implement 802.1X and is debating whether to use PEAP-MSCHAPv2 or PEAP-EAP-TLS for authentication. Drag the characteristics on the left to the corresponding protocol on the right.

Answer:

Explanation:

NEW QUESTION # 132
What must be configured on the WLC to configure Central Web Authentication using Cisco ISE and a WLC?

• A. Set the NAC State option to SNMP NAC.
• B. Use the radius-server vsa send authentication command.
• C. Set the NAC State option to RADIUS NAC.
• D. Use the ip access-group webauth in command.

Answer: B

NEW QUESTION # 133
Select and Place

Answer:

Explanation:

NEW QUESTION # 134
Which protocol must be allowed for a BYOD device to access the BYOD portal?

• A. SMTP
• B. HTTPS
• C. HTTP
• D. SSH

Answer: D

NEW QUESTION # 135
Which portal is used to customize the settings for a user to log in and download the compliance module?

• A. Client Profiling
• B. Client Endpoint
• C. Client Guest
• D. Client Provisioning

Answer: D

Explanation:
Section: Endpoint Compliance

NEW QUESTION # 136
Which two features are available when the primary admin node is down and the secondary admin node has not been promoted? ()

• A. hotspot
• B. guest AUP
• C. BYOD
• D. posture
• E. new AD user 802 1X authentication

Answer: A,B

NEW QUESTION # 137
A policy is being created in order to provide device administration access to the switches on a network. There is a requirement to ensure that if the session is not actively being used, after 10 minutes, it will be disconnected. Which task must be configured in order to meet this requirement?

• A. idle time
• B. session timeout
• C. set attribute as
• D. monitor

Answer: B

Explanation:
Explanation
https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ISE_admin_guide_24/m_admin_acc

NEW QUESTION # 138
Which two components are required for creating a Native Supplicant Profile within a BYOD flow?
(Choose two )

• A. Windows Settings
• B. Redirect ACL Operating System
• C. Connection Type
• D. iOS Settings

Answer: A,D

NEW QUESTION # 139
An administrator is adding a switch to a network that is running Cisco ISE and is only for IP Phones The phones do not have the ability to authenticate via 802 1X Which command is needed on each switch port for authentication?

• A. enable bypass-mac
• B. dot1x system-auth-control
• C. enable network-authentication
• D. mab

Answer: D

Explanation:
https://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_aaa/configuration/15-2mt/sec-config-mab.html

NEW QUESTION # 140
A network engineer must enforce access control using special tags, without re-engineering the network design.
Which feature should be configured to achieve this in a scalable manner?

• A. RBAC
• B. VLAN
• C. dACL
• D. SGT

Answer: D

NEW QUESTION # 141
Which two values are compared by the binary comparison (unction in authentication that is based on Active Directory?

• A. user-presented certificate and a certificate stored in Active Directory
• B. subject alternative name and the common name
• C. user-presented password hash and a hash stored in Active Directory
• D. MS-CHAPv2 provided machine credentials and credentials stored in Active Directory

Answer: B

Explanation:
Basic certificate checking does not require an identity source. If you want binary comparison checking for the certificates, you must select an identity source. If you select Active Directory as an identity source, subject and common name and subject alternative name (all values) can be used to look up a user. https://www.cisco.com/c/en/us/td/docs/security/ise/1-3/admin_guide/b_ise_admin_guide_13/ b_ise_admin_guide_sample_chapter_01110.html

NEW QUESTION # 142
......

Verified 300-715 dumps Q&As - 300-715 dumps with Correct Answers: https://itcertspass.itcertmagic.com/Cisco/real-300-715-exam-prep-dumps.html