New 2020 CCNP 300-715 SISE exam questions from PassLeader 300-715 dumps! Welcome to download the newest PassLeader 300-715 VCE and PDF dumps: https://www.passleader.com/300-715.html (145 Q&As –> 176 Q&As –> 210 Q&As –> 262 Q&As –> 311 Q&As –> 344 Q&As)
P.S. Free 2020 CCNP 300-715 SISE dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=10mbBp2Z7ri3RGpRaeaLp8R2BTE37if3P
NEW QUESTION 121
What is the deployment mode when two Cisco ISE nodes are configured in an environment?
A. distributed
B. active
C. standalone
D. standard
Answer: C
NEW QUESTION 122
Which two roles are taken on by the administration person within a Cisco ISE distributed environment? (Choose two.)
A. backup
B. secondary
C. standby
D. primary
E. active
Answer: BD
NEW QUESTION 123
What must be configured on the WLC to configure Central Web Authentication using Cisco ISE and a WLC?
A. Set the NAC State option to SNMP NAC.
B. Set the NAC State option to RADIUS NAC.
C. Use the radius-server vsa send authentication command.
D. Use the ip access-group webauth in command.
Answer: C
NEW QUESTION 124
There is a need within an organization for a new policy to be created in Cisco ISE. It must validate that a specific anti-virus application is not only installed, but running on a machine before it is allowed access to the network. Which posture condition should the administrator configure in order for this policy to work?
A. file
B. registry
C. application
D. service
Answer: C
NEW QUESTION 125
An administrator is adding network devices for a new medical building into Cisco ISE. These devices must be in a network device group that is identifying them as “Medical Switch” so that the policies can be made separately for the endpoints connecting through them. Which configuration item must be changed in the network device within Cisco ISE to accomplish this goal?
A. Change the device type to Medical Switch.
B. Change the device profile to Medical Switch.
C. Change the model name to Medical Switch.
D. Change the device location to Medical Switch.
Answer: A
NEW QUESTION 126
A company manager is hosting a conference. Conference participants must connect to an open guest SSID and only use a preassigned code that they enter into the guest portal prior to gaining access to the network. How should the manager configure Cisco ISE to accomplish this goal?
A. Create entries in the guest identity group for all participants.
B. Create an access code to be entered in the AUP page.
C. Create logins for each participant to give them sponsored access.
D. Create a registration code to be entered on the portal splash page.
Answer: B
NEW QUESTION 127
When setting up profiling in an environment using Cisco ISE for network access control, an organization must use non-proprietary protocols for collecting the information at layer 2. Which two probes will provide this information without forwarding SPAN packets to Cisco ISE? (Choose two.)
A. DHCP SPAN probe.
B. SNMP query probe.
C. NetFlow probe.
D. RADIUS probe.
E. DNS probe.
Answer: AE
NEW QUESTION 128
An engineer is testing Cisco ISE policies in a lab environment with no support for a deployment server. In order to push supplicant profiles to the workstations for testing, firewall ports will need to be opened. From which Cisco ISE persona should this traffic be originating?
A. monitoring
B. policy service
C. administration
D. authentication
Answer: D
NEW QUESTION 129
Which three conditions can be used for posture checking? (Choose three.)
A. certificate
B. operating system
C. file
D. application
E. services
Answer: CDE
NEW QUESTION 130
By default, which traffic does an 802.IX-enabled switch allow before authentication?
A. all traffic
B. no traffic
C. traffic permitted in the port dACL on Cisco ISE
D. traffic permitted in the default ACL on the switch
Answer: B
NEW QUESTION 131
Which Cisco ISE node does not support automatic failover?
A. Inline Posture node.
B. Monitoring node.
C. Policy Services node.
D. Admin node.
Answer: C
NEW QUESTION 132
Which statement is true?
A. A Cisco ISE Advanced license is perpetual in nature.
B. A Cisco ISE Advanced license can be installed on top of a Base and/or Wireless license.
C. A Cisco ISE Wireless license can be installed on top of a Base and/or Advanced license.
D. A Cisco ISE Advanced license can be used without any Base licenses.
Answer: B
NEW QUESTION 133
What are the three default behaviors of Cisco ISE with respect to authentication, when a user connects to a switch that is configured for 802.1X, MAB, and WebAuth? (Choose three.)
A. MAB traffic uses internal endpoints for retrieving identity.
B. Dot1X traffic uses a user-defined identity store for retrieving identity.
C. Unmatched traffic is allowed on the network.
D. Unmatched traffic is dropped because of the Reject/Reject/Drop action that is configured under Options.
E. Dot1X traffic uses internal users for retrieving identity.
Answer: ABD
NEW QUESTION 134
Which types of design are required in the Cisco ISE ATP program?
A. schematic and detailed
B. preliminary and final
C. high-level and low-level designs
D. top down and bottom up
Answer: C
NEW QUESTION 135
The profiling data from network access devices is sent to which Cisco ISE node?
A. Monitoring node.
B. Administration node.
C. Inline Posture node.
D. Policy Service node.
Answer: D
NEW QUESTION 136
What is the condition that a Cisco ISE authorization policy cannot match?
A. company contact
B. custom
C. time
D. device type
E. posture
Answer: A
NEW QUESTION 137
What should be considered when configuring certificates for BYOD?
A. An endpoint certificate is mandatory for the Cisco ISE BYOD.
B. An Android endpoint uses EST whereas other operation systems use SCEP for enrollment.
C. The CN field is populated with the endpoint host name.
D. The SAN field is populated with the end user name.
Answer: A
NEW QUESTION 138
An administrator is attempting to replace the built-in self-signed certificates on a Cisco ISE appliance. The CA is requesting some information about the appliance in order to sign the new certificate. What must be done in order to provide the CA this information?
A. Install the Root CA and intermediate CA.
B. Generate the CSR.
C. Download the intermediate server certificate.
D. Download the CA server certificate.
Answer: A
NEW QUESTION 139
What does MAB stand for?
A. MAC Address Binding
B. MAC Authorization Binding
C. MAC Authorization Bypass
D. MAC Authentication Bypass
Answer: D
NEW QUESTION 140
The default (standalone) Cisco ISE node configuration has which role or roles enabled by default?
A. Administration only.
B. Inline Posture only.
C. Administration and Pokey Service.
D. Policy Service, Monitoring and Admin.
Answer: D
NEW QUESTION 141
Drag and Drop
An organization wants to implement 802.1X and is debating whether to use PEAP-MSCHAPv2 or PEAP-EAP-TLS for authentication. Drag the characteristics on the left to the corresponding protocol on the right.
Answer:
NEW QUESTION 142
……
New 2020 CCNP 300-715 SISE exam questions from PassLeader 300-715 dumps! Welcome to download the newest PassLeader 300-715 VCE and PDF dumps: https://www.passleader.com/300-715.html (145 Q&As –> 176 Q&As –> 210 Q&As –> 262 Q&As –> 311 Q&As –> 344 Q&As)
P.S. Free 2020 CCNP 300-715 SISE dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=10mbBp2Z7ri3RGpRaeaLp8R2BTE37if3P
