New 2020 CCNP 300-715 SISE exam questions from PassLeader 300-715 dumps! Welcome to download the newest PassLeader 300-715 VCE and PDF dumps: https://www.passleader.com/300-715.html (210 Q&As –> 262 Q&As –> 311 Q&As –> 344 Q&As)
P.S. Free 2020 CCNP 300-715 SISE dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=10mbBp2Z7ri3RGpRaeaLp8R2BTE37if3P
NEW QUESTION 186
An organization has a fully distributed Cisco ISE deployment. When implementing probes, an administrator must scan for unknown endpoints to learn the IP-to-MAC address bindings. The scan is complete on one FPSN, but the information is not available on the others. What must be done to make the information available?
A. Scanning must be initiated from the PSN that last authenticated the endpoint.
B. Cisco ISE must learn the IP-MAC binding of unknown endpoints via DHCP profiling, not via scanning.
C. Scanning must be initiated from the MnT node to centrally gather the information.
D. Cisco ISE must be configured to learn the IP-MAC binding of unknown endpoints via RADIUS authentication, not via scanning.
Answer: B
NEW QUESTION 187
An administrator is configuring a new profiling policy in Cisco ISE for a printer type that is missing from the profiler feed. The logical profile Printers must be used in the authorization rule and the rule must be hit. What must be done to ensure that this configuration will be successful?
A. Create a new logical profile for the new printer policy.
B. Enable the EndPoints:EndPointPolicy condition in the authorization policy.
C. Add the new profiling policy to the logical profile printers.
D. Modify the profiler conditions to ensure that it goes into the correct logical profile.
Answer: B
NEW QUESTION 188
Which two default guest portals are available with Cisco ISE? (Choose two.)
A. visitor
B. WIFI-access
C. self-registered
D. central web authentication
E. sponsored
Answer: CE
NEW QUESTION 189
An administrator is configuring a switch port for use with 802.1X. What must be done so that the port will allow voice and multiple data endpoints?
A. Configure the port with the authentication host-mode multi-auth command.
B. Connect the data devices to the port, then attach the phone behind them.
C. Use the command authentication host-mode multi-domain on the port.
D. Connect a hub to the switch port to allow multiple devices access after authentication.
Answer: A
NEW QUESTION 190
Which RADIUS attribute is used to dynamically assign the inactivity active timer for MAB users from the Cisco ISE node?
A. radius-server timeout
B. session-timeout
C. idle-timeout
D. termination-action
Answer: C
NEW QUESTION 191
A network administrator is configuring client provisioning resource policies for client machines and must ensure that an agent pop-up is presented to the client when attempting to connect to the network. Which configuration item needs to be added to allow for this?
A. the client provisioning URL in the authorization policy
B. a temporal agent that gets installed onto the system
C. a remote posture agent proxying the network connection
D. an API connection back to the client
Answer: C
NEW QUESTION 192
A network administrator must configure Cisco SE Personas in the company to share session information via syslog. Which Cisco ISE personas must be added to syslog receivers to accomplish this goal?
A. pxGrid
B. admin
C. policy services
D. monitor
Answer: D
NEW QUESTION 193
A network administrator notices that after a company-wide shut down, many users cannot connect their laptops to the corporate SSID. What must be done to permit access in a timely manner?
A. Authenticate the user’s system to the secondary Cisco ISE node and move this user to the primary with the renewed certificate.
B. Connect this system as a guest user and then redirect the web auth protocol to log in to the network.
C. Add a certificate issue from the CA server, revoke the expired certificate, and add the new certificate in system.
D. Allow authentication for expired certificates within the EAP-TLS section under the allowed protocols.
Answer: A
NEW QUESTION 194
What is the maximum number of PSN nodes supported in a medium-sized deployment?
A. three
B. five
C. two
D. eight
Answer: B
NEW QUESTION 195
An engineer tests Cisco ISE posture services on the network and must configure the compliance module to automatically download and install on endpoints. Which action accomplishes this task for VPN users?
A. Create a Cisco AnyConnect configuration and Client Provisioning policy within Cisco ISE.
B. Configure the compliance module to be downloaded from within the posture policy.
C. Push the compliance module from Cisco FTD prior to attempting posture.
D. Use a compound posture condition to check for the compliance module and download if needed.
Answer: A
NEW QUESTION 196
Users in an organization report issues about having to remember multiple usernames and passwords. The network administrator wants the existing Cisco ISE deployment to utilize an external identity source to alleviate this issue. Which two requirements must be met to implement this change? (Choose two.)
A. Enable IPC access over port 80.
B. Ensure that the NAT address is properly configured.
C. Establish access to one Global Catalog server.
D. Provide domain administrator access to Active Directory.
E. Configure a secure LDAP connection.
Answer: CD
NEW QUESTION 197
Which two external identity stores support EAP-TLS and PEAP-TLS? (Choose two.)
A. Active Directory
B. RADIUS Token
C. Internal Database
D. RSA SecurlD
E. LDAP
Answer: AE
NEW QUESTION 198
What is a function of client provisioning?
A. It ensures an application process is running on the endpoint.
B. It checks a dictionary’ attribute with a value.
C. It ensures that endpoints receive the appropriate posture agents.
D. It checks the existence date and versions of the file on a client.
Answer: C
NEW QUESTION 199
A Cisco ISE administrator must restrict specific endpoints from accessing the network while in closed mode. The requirement is to have Cisco ISE centrally store the endpoints to restrict access from. What must be done to accomplish this task?
A. Add each MAC address manually to a blocklist identity group and create a policy denying access.
B. Create a logical profile for each device’s profile policy and block that via authorization policies.
C. Create a profiling policy for each endpoint with the cdpCacheDeviceld attribute.
D. Add each IP address to a policy denying access.
Answer: B
NEW QUESTION 200
An engineer is working with a distributed deployment of Cisco ISE and needs to configure various network probes to collect a set of attributes from the endpoints on the network. Which node should be used to accomplish this task?
A. PSN
B. primary PAN
C. pxGrid
D. MnT
Answer: A
NEW QUESTION 201
An administrator is configuring a Cisco WLC for web authentication. Which two client profiling methods are enabled by default if the Apply Cisco ISE Default Settings check box has been selected? (Choose two.)
A. CDP
B. DHCP
C. HTTP
D. SNMP
E. LLDP
Answer: BC
NEW QUESTION 202
An administrator needs to allow guest devices to connect to a private network without requiring usernames and passwords. Which two features must be configured to allow for this? (Choose two.)
A. hotspot guest portal
B. device registration WebAuth
C. central WebAuth
D. local WebAuth
E. self-registered guest portal
Answer: AB
NEW QUESTION 203
An engineer is enabling a newly configured wireless SSID for tablets and needs visibility into which other types of devices are connecting to it. What must be done on the Cisco WLC to provide this information to Cisco ISE?
A. enable IP Device Tracking
B. enable MAC filtering
C. enable Fast Transition
D. enable mDNS snooping
Answer: B
NEW QUESTION 204
An engineer is configuring ISE for network device administration and has devices that support both protocols. What are two benefits of choosing TACACS+ over RADUs for these devices? (Choose two.)
A. TACACS+ is FIPS compliant while RADIUS is not.
B. TACACS+ is designed for network access control while RADIUS is designed for role-based access.
C. TACACS+ uses secure EAP-TLS while RADIUS does not.
D. TACACS+ provides the ability to authorize specific commands while RADIUS does not.
E. TACACS+ encrypts the entire payload being sent while RADIUS only encrypts the password.
Answer: DE
NEW QUESTION 205
During a 802.1X deployment, an engineer must identify failed authentications without causing problems for the connected endpoint. Which command will successfully achieve this?
A. dotlx system-auth-control
B. dotlx pae authenticator
C. authentication open
D. authentication port-control auto
Answer: B
NEW QUESTION 206
An engineer is configuring 802.1X and is testing out their policy sets. After authentication, some endpoints are given an access-reject message but are still allowed onto the network. What is causing this issue to occur?
A. The switch port is configured with authentication event server dead action authorize vlan.
B. The authorization results for the endpoints include a dACL allowing access.
C. The authorization results for the endpoints include the Trusted security group tag.
D. The switch port is configured with authentication open.
Answer: D
NEW QUESTION 207
An engineer has been tasked with standing up a new guest portal for customers that are waiting in the lobby. There is a requirement to allow guests to use their social media logins to access the guest network to appeal to more customers. What must be done to accomplish this task?
A. Create a sponsor portal to allow guests to create accounts using their social media logins.
B. Create a sponsored guest portal and enable social media in the external identity sources.
C. Create a self-registered guest portal and enable the feature for social media logins.
D. Create a hotspot portal and enable social media login for network access.
Answer: C
NEW QUESTION 208
Which Cisco ISE deployment model provides redundancy by having every node in the deployment configured with the Administration. Policy Service, and Monitoring personas to protect from a complete node failure?
A. distributed
B. dispersed
C. two-node
D. hybrid
Answer: A
NEW QUESTION 209
An administrator enables the profiling service for Cisco ISE to use for authorization policies while in closed mode. When the endpoints connect, they receive limited access so that the profiling probes can gather information and Cisco ISE can assign the correct profiles. They are using the default values within Cisco ISE, but the devices do not change their access due to the new profile. What is the problem?
A. In closed mode, profiling does not work unless CDP is enabled.
B. The profiling probes are not able to collect enough information to change the device profile.
C. The profiler feed is not downloading new information so the profiler is inactive.
D. The default profiler configuration is set to No CoA for the reauthentication setting.
Answer: D
NEW QUESTION 210
……
New 2020 CCNP 300-715 SISE exam questions from PassLeader 300-715 dumps! Welcome to download the newest PassLeader 300-715 VCE and PDF dumps: https://www.passleader.com/300-715.html (210 Q&As –> 262 Q&As –> 311 Q&As –> 344 Q&As)
P.S. Free 2020 CCNP 300-715 SISE dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=10mbBp2Z7ri3RGpRaeaLp8R2BTE37if3P
