Cisco ISE 300-715 Flashcards Quizlet 80

ISE DUMPS Flashcards | Quizlet https://quizlet.com/517685299/ise-dumps-flash-cards/?funnelUUID=7...
ISE DUMPS Study
Other Computer Skills
ISE DUMPS
8 studiers today 4.0 (2 reviews)
Terms in this set (80)
QUESTION 1 Which two fields AC

are available when creating
an endpoint on the context
visibility page of Cisco ISE?
(Choose two )
A. Policy Assignment
B. Endpoint Family
C. Identity Group Assignment
D. Security Group Tag
E. IP Address
QUESTION 2 When D
configuring Active Directory
groups, what does the Cisco
ISE use to resolve ambiguous
group names?
A. MIB
B. TGT
C. OMAB
D. SID
1 of 40 27/09/2023, 11:34 pm
ISE DUMPS
QUESTION 3 What is the C Study
purpose of the ip http server
command on a switch?
A. It enables the https server
for users for web
authentication
B. It enables MAB
authentication on the switch
C. It enables the switch to
redirect users for web
authentication.
D. It enables dot1x
authentication on the switch
QUESTION 4 What are two BD

requirements of generating a
single signing in Cisco ISE by
using a certificate
provisioning portal, without
generating a certificate
request? (Choose two )
A. Location the CSV file for
the device MAC
B. Select the certificate
template
C. Choose the hashing
method
D. Enter the common name
2 of 40 27/09/2023, 11:34 pm
ISE DUMPS
QUESTION 5 What service B Study
can be enabled on the Cisco
ISE node to identity the types
of devices connecting to a
network?
A. MAB
B. profiling
C. posture
D. central web authentication
QUESTION 6 In which two AC

ways can users and endpoints
be classified for TrustSec?
(Choose two)
A. VLAN
B. SXP
C. dynamic
D. QoS
E. SGACL
QUESTION 7 What does the B

dot1x system-auth-control
command do?
A. causes a network access
switch not to track 802.1x
sessions
B. globally enables 802.1x
C. enables 802.1x on a
network access device
interface
D. causes a network access
switch to track 802.1x sessions
3 of 40 27/09/2023, 11:34 pm
ISE DUMPS
QUESTION 8 Which B Study
command displays all 802
1X/MAB sessions that are
active on the switch ports of a
Cisco Catalyst switch?
A. show authentication
sessions output
B. Show authentication
sessions
C. show authentication
sessions interface Gi 1/0/x
D. show authentication
sessions interface Gi1/0/x
output
QUESTION 9 What gives D

Cisco ISE an option to scan
endpoints for vulnerabilities?
A. authorization policy
B. authentication policy
C. authentication profile
D. authorization profile
4 of 40 27/09/2023, 11:34 pm
ISE DUMPS
QUESTION 10 A network C Study
administrator has just added a
front desk receptionist
account to the Cisco ISE
Guest Service sponsor group.
Using the Cisco ISE Guest
Sponsor Portal, which guest
services can the receptionist
provide?
A. Keep track of guest user
activities
B. Configure authorization
settings for guest users
C. Create and manage guest
user accounts
D. Authenticate guest users to
Cisco ISE
QUESTION 11 Which A
interface-level command is
needed to turn on 802 1X
authentication?
A. Dofl1x pae authenticator
B. dot1x system-auth-control
C. authentication host-mode
single-host
D. aaa server radius dynamic-
author
5 of 40 27/09/2023, 11:34 pm
ISE DUMPS
Question 12 Which permission D Study
is common to the Active
Directory Join and Leave
operations?
A. Create a Cisco ISE machine
account in the domain if the
machine account does not
already exist
B. Remove the Cisco ISE
machine account from the
domain.
C. Set attributes on the Cisco
ISE machine account
D. Search Active Directory to
see if a Cisco ISE machine
account already exists.
QUESTION 13 Which two AD

features must be used on
Cisco ISE to enable the
TACACS. feature? (Choose
two)
A. Device Administration
License
B. Server Sequence
C. Command Sets
D. Device Admin Service
E. External TACACS Servers
6 of 40 27/09/2023, 11:34 pm
ISE DUMPS
QUESTION 14 During BYOD C Study
flow, from where does a
Microsoft Windows PC
download the Network Setup
Assistant?
A. Cisco App Store
B. Microsoft App Store
C. Cisco ISE directly
D. Native OTA functionality
QUESTION 15 Drag and Drop Look at dump

Question Drag the steps to
configure a Cisco ISE node as
a primary administration node
from the left into the correct
order on the night.
QUESTION 16 What are two BD

components of the posture
requirement when configuring
Cisco ISE posture? (Choose
two )
A. updates
B. remediation actions
C. Client Provisioning portal
D. conditions
E. access policy
7 of 40 27/09/2023, 11:34 pm
ISE DUMPS
QUESTION 17 What is a B Study
method for transporting
security group tags
throughout the network?
A. by enabling 802.1AE on
every network device
B. by the Security Group Tag
Exchange Protocol
C. by embedding the security
group tag in the IP header
D. by embedding the security
group tag in the 802.1Q
header
QUESTION 18 Which two AE

ports must be open between
Cisco ISE and the client when
you configure posture on
Cisco ISE? (Choose two).
A. TCP 8443
B. TCP 8906
C. TCP 443
D. DTCP80
E. TCP 8905
QUESTION 19 Which profiling C

probe collects the user-agent
string?
A. DHCP
B. AD
C. HTTP
D. NMAP
8 of 40 27/09/2023, 11:34 pm
ISE DUMPS
QUESTION 20 Which A Study
supplicant(s) and server(s) are
capable of supporting EAP-
CHAINING?
A. Cisco AnyConnect NAM
and Cisco Identity Service
Engine
B. Cisco AnyConnect NAM
and Cisco Access Control
Server
C. Cisco Secure Services
Client and Cisco Access
Control Server
D. Windows Native Supplicant
and Cisco Identity Service
Engine
QUESTION 21 Which two AD

values are compared by the
binary comparison function in
authentication that is based
on Active Directory? (Choose
Two) A. subject alternative
name and the common name
B. MS-CHAFV2 provided
machine credentials and
credentials stored in Active
Directory
C. user-presented password
hash and a hash stored in
Active Directory
D. user-presented certificate
and a certificate stored in
Active Directory
9 of 40 27/09/2023, 11:34 pm
ISE DUMPS
QUESTION 22 Which Cisco A Study
ISE component intercepts
HTTP and HTTPS requests
and redirects them to the
Guest User Portal?
A. network access device
B. Policy Service node
C. Monitoring node
D. Administration node
QUESTION 23 What are two CE

benefits of TACACS+ versus
RADIUS for device
administration? (Choose two )
A. TACACS+ supports 802.1X,
and RADIUS supports MAB
B. TACACS+ uses UDP, and
RADIUS uses TCP
C. TACACS+ has command
authorization, and RADIUS
does not.
D. TACACS+ provides the
service type, and RADIUS
does not E. TACACS+
encrypts the whole payload,
and RADIUS encrypts only
the password
10 of 40 27/09/2023, 11:34 pm
ISE DUMPS
QUESTION 24 Client CDE Study
provisioning resources can be
added into the Cisco ISE
Administration node from
which three of these?
(Choose three.)
A. FTP
B. TFTP
C. www-cisco.com
D. local disk
E. Posture Agent Profile
QUESTION 25 How is policy B or C

services node redundancy
achieved in a deployment?
A. by enabling VIP
B. by utilizing RADIUS server
list on the NAD
C. by creating a node group
D. by deploying both primary
and secondary node
QUESTION 26 If a user D
reports a device lost or
stolen, which portal should be
used to prevent the device
from accessing the network
while still providing
information about why the
device is blocked?
A. Client Provisioning
B. Guest
C. BYOD
D. Blacklist
11 of 40 27/09/2023, 11:34 pm
ISE DUMPS
QUESTION 27 A user reports B Study
that the RADIUS accounting
packets are not being seen on
the Cisco ISE server. Which
command is the user missing
in the switch's configuration?
A. radius-server vsa send
accounting
B. aaa accounting network
default start-stop group
radius
C. aaa accounting resource
radius
D. aaa accounting exec
radios
QUESTION 28 Which two task BE

types are included in the
Cisco ISE common tasks
support for TACACS+
profiles? (Choose two.)
A. Firepower
B. WLC
C. IOS
D. ASA
E. Shell
12 of 40 27/09/2023, 11:34 pm
ISE DUMPS
QUESTION 29 What allows an D Study
endpoint to obtain a digital
certificate from Cisco ISE
during a BYOD flow?
A. Network Access Control
B. My Devices Portal
C. Application Visibility and
Control
D. Supplicant Provisioning
Wizard
QUESTION 30 What occurs C

when a Cisco ISE distributed
deployment has two nodes
and the secondary node is
deregistered?
A. The primary node restarts
B. The secondary node
restarts.
C. The primary node
becomes standalone
D. Both nodes restart
QUESTION 31 Which port B

does Cisco ISE use for native
supplicant provisioning of a
Windows laptop?
A. TCP 8909
B. TCP 8905
C. CUDP 1812
D. TCP 443
13 of 40 27/09/2023, 11:34 pm
ISE DUMPS
QUESTION 32 Which of these D Study
is not a method to obtain
Cisco ISE profiling data?
A. RADIUS
B. HTTP
C. SNMP query
D. active scans
E. Netflow
F. DNS
QUESTION 33 Which of the C

following is not true about
profiling in Cisco ISE?
A. Profiling policies are
automatically enabled for use.
B. Cisco ISE comes with
predefined profiles.
C. The use of Identity Groups
is required to leverage the
use of profiling in the
authorization policy.
D. Cisco ISE does not support
hierarchy within the profiling
policy
QUESTION 34 Which two ADE

default endpoint identity
groups does cisco ISE
create? (Choose two )
A. Unknown
B. whitelist
C. end point
D. profiled
E. blacklist
14 of 40 27/09/2023, 11:34 pm
ISE DUMPS
QUESTION 35 Which Cisco D Study
ISE service allows an
engineer to check the
compliance of endpoints
before connecting to the
network?
A. personas
B. qualys
C. nexpose
D. posture
QUESTION 36 Which default B

endpoint identity group does
an endpoint that does not
match any profile in Cisco ISE
become a member of?
A. Endpoint
B. unknown
C. blacklist
D. white list
E. profiled
15 of 40 27/09/2023, 11:34 pm
ISE DUMPS
QUESTION 37 Refer to the A Study
exhibit. Which command is
typed within the CU of a
switch to view the
troubleshooting output?
A. show authentication
sessions mac 000e.84af.59af
details
B. show authentication
registrations
C. show authentication
interface
gigabitethemet2/0/36
D. show authentication
sessions method
QUESTION 38 What must be D

configured on the Cisco ISE
authentication policy for
unknown MAC
addresses/identities for
successful authentication?
A. pass
B. reject
C. drop
D. continue
16 of 40 27/09/2023, 11:34 pm
ISE DUMPS
QUESTION 39 Which two DE Study
probes must be enabled for
the ARP cache to function in
the Cisco ISE profile service
so that a user can reliably
bind the IP address and MAC
addresses of endpoints?
(Choose two.)
A. NetFlow
B. SNMP
C. HTTP
D. DHCP
E. RADIUS
QUESTION 40 Which RADIUS B

attribute is used to
dynamically assign the
Inactivity active timer for MAB
users from the Cisco ISE
node?
A. session timeout
B. idle timeout
C. radius-server timeout
D. termination-action
17 of 40 27/09/2023, 11:34 pm
ISE DUMPS
personas can a Cisco ISE
node assume?
A. policy service,
gatekeeping, and monitonng
B. administration, policy
service, and monitoring
C. administration, policy
service, gatekeeping
D. administration, monitoring,
and gatekeeping
QUESTION 42 What is a B
characteristic of the UDP
protocol?
A. UDP can detect when a

server is down.
B. UDP offers best-effort

delivery
C. UDP can detect when a

server is slow
D. UDP offers information

about a non-existent server
18 of 40 27/09/2023, 11:34 pm
ISE DUMPS
QUESTION 43 Which two AD Study
endpoint compliance statuses
are possible? (Choose two.)
A. unknown
B. known
C. invalid
D. compliant
E. valid
QUESTION 44 Which are two AC

characteristics of TACACS+?
(Choose two ) ,
A. It uses TCP port 49.
B. It combines authorization
and authentication functions.
C. It separates authorization
and authentication functions.
D. It encrypts the password

only.
E. It uses UDP port 49.
19 of 40 27/09/2023, 11:34 pm
ISE DUMPS
QUESTION 45 Which two DE Study
ports do network devices
typically use for CoA?
(Choose two )
A. 443
B. 19005
C. 8080
D. 3799
E. 1700
QUESTION 46 Which two DE

responses from the RADIUS
server to NAS are valid
during the authentication
process? (Choose two )
A. access-response
B. access-request
C. access-reserved
D. access-accept
E. access-challenge
20 of 40 27/09/2023, 11:34 pm
ISE DUMPS
QUESTION 47 Which two BE Study
components are required for
creating a Native Supplicant
Profile within a BYOD flow?
(Choose two )
A. Windows Settings
B. Connection Type
C. iOS Settings
D. Redirect ACL
E. Operating System
21 of 40 27/09/2023, 11:34 pm
ISE DUMPS
minimum certainty factor
when creating a profiler
policy?
A. the minimum number that a

predefined condition provides
B. the maximum number that a

predefined condition provides
C. the minimum number that a

device certainty factor must
reach to become a member
of the profile
D. the maximum number that

a device certainty factor must
reach to become a member
of the profile
QUESTION 49 What must B

match between Cisco ISE and
the network access device to
successfully authenticate
endpoints?
A. SNMP version
B. shared secret
C. certificate
D. profile
22 of 40 27/09/2023, 11:34 pm
ISE DUMPS
QUESTION 50 Which two AD Study
methods should a sponsor
select to create bulk guest
accounts from the sponsor
portal? (Choose two )
A. Random
B. Monthly
C. Daily
D. Imported
E. Known
23 of 40 27/09/2023, 11:34 pm
ISE DUMPS
QUESTION 51 A Study
Which statement about

configuring certificates for
BYOD is true?
A. An Android endpoint uses

EST, whereas other operating
systems use SCEP for
enrollment
B. The SAN field is populated

with the end user name.
C. An endpoint certificate is
mandatory for the Cisco ISE
BYOD
D. The CN field is populated

with the endpoint host name
QUESTION 52 What sends A

the redirect ACL that is
configured in the
authorization profile back to
the Cisco WLC?
A. Cisco-av-pair
B. Class attribute
C. Event
D. State attribute
24 of 40 27/09/2023, 11:34 pm
ISE DUMPS
QUESTION 53 Which two CD Study
events trigger a CoA for an
endpoint when CoA is
enabled globally for ReAuth?
(Choose two.)
A. endpoint marked as lost in

My Devices Portal
B. addition of endpoint to My
Devices Portal
C. endpoint profile transition

from Apple-device to Apple-
iPhone
D. endpoint profile transition

from Unknown to Windows
10Workstation
E. updating of endpoint dACL.
25 of 40 27/09/2023, 11:34 pm
ISE DUMPS
QUESTION 54 D Study
What is a requirement for

Feed Service to work-?
A. TCP port 3080 must be

opened between Cisco ISE
and the feed server
B. Cisco ISE has a base

license.
C. Cisco ISE has access to an

internal server to download
feed update
D. Cisco ISE has Internet

access to download feed
update
QUESTION 55 Which D
advanced option within a
WLAN must be enabled to
trigger Central Web
Authentication for Wireless
users on AireOS controller?
A. DHCP server
B. static IP tunneling
C. override Interface ACL
D. AAA override
26 of 40 27/09/2023, 11:34 pm
ISE DUMPS
QUESTION 56 What is a valid A Study
guest portal type?
A. Sponsored-Guest
B. My Devices
C. Sponsor
D. Captive-Guest
QUESTION 57 B
What is needed to configure

wireless guest access on the
network?
A. endpoint already profiled

in ISE
B. WEBAUTH ACL for

redirection
C. valid user account in Active

Directory
D. Captive Portal Bypass

turned on
27 of 40 27/09/2023, 11:34 pm
ISE DUMPS
QUESTION 58 The default D Study
Cisco ISE node configuration
has which role or roles
enabled by default?
A. Administration only
B. Inline Posture only
C. Administration and Pokey

Service
D. Policy Service Monitoring,

and Administration
What does MAB stand for? D

A. MAC Address Binding
B. MAC Authorization Binding
C. MAC Authorization Bypass
D. MAC Authentication
Bypass
28 of 40 27/09/2023, 11:34 pm
ISE DUMPS
Cisco ISE default admin login
name and password?
A. ISEAdmin/admin
B. admin/cisco
C. admin/no default
password--the admin
password is configured at
setup
D. admin/admin
QUESTION 61 A
What is the condition that a

Cisco ISE authorization policy
cannot match?
A. company contact
B. custom
C. time
D. device type
E. posture
29 of 40 27/09/2023, 11:34 pm
ISE DUMPS
QUESTION 62 Which C Study
statement is not correct about
the Cisco ISE Monitoring
node?
A. The local collector agent

collects logs locally from
itself and from any NAD that
is configured to send logs to
the Policy Service node.
B. Cisco ISE supports

distributed log collection
across all nodes to optimize
local data collection,
aggregation, and centralized
correlation and storage.
C. The local collector agent

process runs only the Inline
Posture node.
D. The local collector buffers

transport the collected data
to designated Cisco ISE
Monitoring nodes as syslog;
once Monitoring nodes are
globally defined via
Administration, ISE nodes
automatically send logs to
one or both of the configured
Monitoring nodes.
30 of 40 27/09/2023, 11:34 pm
ISE DUMPS
QUESTION 63 The profiling D Study
data from network access
devices is sent to which Cisco
ISE node?
A. Monitoring node
B. Administration node
C. Inline Posture node
D. Policy Service node
QUESTION 64 Drag and Drop See ISE DUMP

Question Drag the Cisco ISE
node types from the left onto
the appropriate purposes on
the right.
31 of 40 27/09/2023, 11:34 pm
ISE DUMPS
QUESTION 65 Which A Study
configuration is required in
the Cisco ISE authentication
policy to allow Central Web
Authentication?
A. MAB and if user not found,

continue
B. MAB and if authentication

failed, continue
C. Dot1x and if user not found,

continue
D. Dot1x and if authentication

failed, continue
QUESTION 66 Which portal is C

used to customize the
settings for a user to log in
and download the
compliance module?
A. Client Profiling
B. Client Endpoint
C. Client Provisioning
D. Client Guest
32 of 40 27/09/2023, 11:34 pm
ISE DUMPS
QUESTION 67 B Study
Which term refers to an

endpoint agent that tries to
join an 802 1Xenabled
network?
A. EAP server
B. supplicant
C. client
D. authenticator
QUESTION 68 Which two AB

features are available when
the primary admin node is
down and the secondary
admin node has not been
promoted? (Choose two)
A. hotspot
B. new AD user 802 1X

authentication
C. BYOD
D. guest AUP
33 of 40 27/09/2023, 11:34 pm
ISE DUMPS
QUESTION 69 Which C Study
protocol must be allowed for
a BYOD device to access the
BYOD portal?
A. HTTP
B. SMTP
C. HTTPS
D. SSH
QUESTION 70 In which two AC

ways can users and endpoints
be classified for TrustSec?
(Choose Two.)
A. VLAN
B. SXP
C. dynamic
D. QoS
E. SGACL
34 of 40 27/09/2023, 11:34 pm
ISE DUMPS
QUESTION 71 Which types of C Study
design are required in the
Cisco ISE ATP program?
A. schematic and detailed
B. preliminary and final
C. high-level and low-level

designs
D. top down and bottom up
QUESTION 72 If there is a C
firewall between Cisco ISE
and an Active Directory
external identity store, which
port does not need to be
open?
A. UDP/TCP 389
B. UDP123
C. TCP 21
D. TCP 445
35 of 40 27/09/2023, 11:34 pm
ISE DUMPS
QUESTION 73 ADE Study
What are the three default

behaviors of Cisco ISE with
respect to authentication,
when a user connects to a
switch that is configured for
802.1X, MAB, and WebAuth?
(Choose three)
A. MAB traffic uses internal

endpoints for retrieving
identity.
B. Dot1X traffic uses a user-

defined identity store for
retrieving identity.
C. Unmatched traffic is
allowed on the network.
D. Unmatched traffic is
dropped because of the
Reject/Reject/Drop action
that is configured under
Options.
E. Dot1 traffic uses internal

users for retrieving identity.
36 of 40 27/09/2023, 11:34 pm
ISE DUMPS
statement is true?
A. A Cisco ISE Advanced
license is perpetual in nature.
B. A Cisco ISE Advanced

license can be installed on
top of a Base and/or Wireless
license.
C. A Cisco ISE Wireless

license can be installed on
top of a Base and/or
Advanced license.
D. A Cisco ISE Advanced

license can be used without
any Base licenses.
QUESTION 75 B
In which scenario does Cisco

ISE allocate an Advanced
license?
A. guest services with dACL

enforcement
B. endpoint authorization
using SGA enforcement
C. dynamic device profiling
D. high availability
Administrator nodes
37 of 40 27/09/2023, 11:34 pm
ISE DUMPS
QUESTION 76 C Study
Which Cisco ISE node does

not support automatic
failover?
A. Inline Posture node
B. Monitoring node
C. Policy Services node
D. Admin node
QUESTION 77 A
Which scenario does not

support Cisco ISE guest
services?
A. wired NAD with local
WebAuth
B. wireless LAN controller

with central WebAuth
C. wireless LAN controller

with local WebAuth
D. wired NAD with central

WebAuth
38 of 40 27/09/2023, 11:34 pm
ISE DUMPS
QUESTION 78 B Study
By default, which traffic does

an 802.IX-enabled switch
allow before authentication?
A. all traffic
B. no traffic
C. traffic permitted in the port

dACL on Cisco ISE
D. traffic permitted in the

default ACL on the switch
QUESTION 79 What does D

MAB leverage a MAC address
for?
A. Calling-Station-ID
B. password
C. cisco-av-pair
D. username
39 of 40 27/09/2023, 11:34 pm
ISE DUMPS
QUESTION 80 Which three CDE Study
conditions can be used for
posture checking? (Choose
three.)
A. certificate
B. operating system
C. file
D. application
E. service
40 of 40 27/09/2023, 11:34 pm

Cisco ISE 300-715 Flashcards Quizlet 80

Uploaded by

Copyright:

Available Formats

Cisco ISE 300-715 Flashcards Quizlet 80

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cisco ISE 300-715 Flashcards Quizlet 80

Uploaded by

Copyright:

Available Formats

ISE DUMPS Flashcards | Quizlet https://quizlet.com/517685299/ise-dumps-flash-cards/?funnelUUID=7...

ISE DUMPS Study

Other Computer Skills

Terms in this set (80)

QUESTION 1 Which two fields AC

QUESTION 4 What are two BD

QUESTION 6 In which two AC

QUESTION 7 What does the B

QUESTION 9 What gives D

QUESTION 13 Which two AD

QUESTION 15 Drag and Drop Look at dump

QUESTION 16 What are two BD

QUESTION 18 Which two AE

QUESTION 19 Which profiling C

QUESTION 21 Which two AD

QUESTION 23 What are two CE

QUESTION 25 How is policy B or C

QUESTION 28 Which two task BE

QUESTION 30 What occurs C

QUESTION 31 Which port B

QUESTION 33 Which of the C

QUESTION 34 Which two ADE

QUESTION 36 Which default B

QUESTION 38 What must be D

QUESTION 40 Which RADIUS B

A. UDP can detect when a

B. UDP offers best-effort

C. UDP can detect when a

D. UDP offers information

QUESTION 44 Which are two AC

A. It uses TCP port 49.

D. It encrypts the password

E. It uses UDP port 49.

QUESTION 46 Which two DE

A. the minimum number that a

B. the maximum number that a

C. the minimum number that a

D. the maximum number that

QUESTION 49 What must B

Which statement about

A. An Android endpoint uses

B. The SAN ﬁeld is populated

D. The CN ﬁeld is populated

QUESTION 52 What sends A

A. endpoint marked as lost in

C. endpoint proﬁle transition

D. endpoint proﬁle transition

E. updating of endpoint dACL.

What is a requirement for

A. TCP port 3080 must be

B. Cisco ISE has a base

C. Cisco ISE has access to an

D. Cisco ISE has Internet

C. override Interface ACL

What is needed to conﬁgure

A. endpoint already proﬁled

B. WEBAUTH ACL for

C. valid user account in Active

D. Captive Portal Bypass

B. Inline Posture only