New 2020 CCNP 300-715 SISE exam questions from PassLeader 300-715 dumps! Welcome to download the newest PassLeader 300-715 VCE and PDF dumps: https://www.passleader.com/300-715.html (344 Q&As)
P.S. Free 2020 CCNP 300-715 SISE dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=10mbBp2Z7ri3RGpRaeaLp8R2BTE37if3P
NEW QUESTION 322
A user is attempting to register a BYOD device to the Cisco ISE deployment but needs to use the onboarding policy to request a digital certificate and provision the endpoint. What must be configured to accomplish this task?
A. The BYOD flow to ensure that the endpoint is provisioned prior to registering.
B. The Cisco Secure Client provisioning policy to provision the endpoint for onboarding.
C. A native supplicant provisioning policy to redirect the user to the BYOD portal for onboarding.
D. The posture provisioning policy to give the endpoint the required components prior to registering.
Answer: C
NEW QUESTION 323
Which platform does a Windows-based device download the Network Assistant from?
A. Microsoft app store.
B. Cisco ISE.
C. Native OS.
D. Cisco download site.
Answer: B
NEW QUESTION 324
An administrator must provide administrative access to the helpdesk users on production Cisco IOS routers. The solution must meet these requirements:
– Authenticate the users against Microsoft AD.
– Validate IOS commands run by users.
These configurations have been performed:
– joined Cisco ISE to AD
– retrieved AD groups
– added a router to Cisco ISE
– enabled Device Admin Service in Cisco ISE
– configured an authorization policy
– configured the routers for authentication and authorization
Which two components must be configured? (Choose two.)
A. TACACS command sets
B. authentication profile
C. authorization profile
D. TACACS profile
E. access control list to filter the IOS commands
Answer: AD
NEW QUESTION 325
An engineer must create an authentication policy in Cisco ISE to allow wired printers that lack support for 802.1X onto the network. What must the RadiusFlowType be set to in the policy to meet the requirement?
A. MAB
B. Wired_MAB
C. Compliant_Devices
D. Compliance_Unknown_Devices
Answer: B
NEW QUESTION 326
An engineer is starting to implement a wired 802.1X project throughout the campus. The task is for failed authentication to be logged to Cisco ISE and also have a minimal impact on the users. Which command must the engineer configure?
A. monitor-mode enabled
B. authentication host-mode multi-auth
C. authentication open
D. pae dot1x enabled
Answer: A
NEW QUESTION 327
An engineer wants to preselect AD groups to be used in the access policy after integrating Cisco ISE with an active directory. Which configuration steps must the engineer take to assign groups to the AD on the identity management page?
A. external identity sources –> active directory –> groups
B. user identity groups –> groups
C. external identity sources –> groups –> active directory
D. groups –> user identity groups
Answer: A
NEW QUESTION 328
An enterprise uses a separate PSN for each of its four remote sites. Recently, a user reported receiving an “EAP-TLS authentication failed” message when moving between remote sites. Which configuration must be applied on Cisco ISE?
A. Use a third-party certificate on the network device.
B. Add the device to all PSN nodes in the deployment.
C. Configure an authorization profile for the end users.
D. Renew the expired certificate on one of the PSN.
Answer: B
NEW QUESTION 329
An engineer must configure posture updates. The task is to ensure the latest set of predefined checks and operating system information is updated. The checks must take place regularly. Where in the Cisco ISE interface would the engineer make the necessary changes to the compliance module?
A. Administration –> System –> Settings –> Updates –> Posture
B. Administration –> System –> Settings –> Updates –> Schedule
C. Administration –> System –> Settings –> Posture –> Updates
D. Administration –> System –> Settings –> Posture –> Updates –> Schedule
Answer: C
NEW QUESTION 330
An engineer must develop a policy that utilizes AD group membership on Cisco ISE. Which type of policy element must the engineer configure to create an AD group within a policy?
A. conditions
B. results
C. dictionaries
D. smart conditions
Answer: A
NEW QUESTION 331
An engineer is working on a switch and must tag packets with SGT values such that it learns via SXP. Which command must be entered to meet this requirement?
A. ip source guard
B. ip arp inspection
C. ip device tracking maximum
D. ip dhcp snooping
Answer: D
NEW QUESTION 332
Which file extension is required when deploying Cisco ISE using a ZTP configuration file in Microsoft Hyper-V?
A. .txt
B. .img
C. .tar
D. .iso
Answer: D
NEW QUESTION 333
A network engineer must enable a profiling probe. The profiling must take details through the Active Directory. Where in the Cisco ISE interface would the engineer enable the probe?
A. Administration –> Deployment –> System –> Profiling
B. Policy –> Deployment –> System –> Profiling
C. Policy –> Policy Elements –> Profiling
D. Administration –> System –> Deployment –> Profiling
Answer: D
NEW QUESTION 334
Guest users report repeated prompts to authenticate with the portal when connecting to a wireless network. An administrator must configure Cisco ISE to reduce the number of prompts. The solution must meet the requirements:
– Users must be authenticated once.
– When reconnecting to the visitor network, users do not need to be redirected to the login page.
Which action completes the configuration?
A. Configure an authorization profile to send a redirection access control list only for unauthenticated users.
B. Configure the Wi-Fi Guest Access policy to allow the GuestEndpoint group.
C. Configure an authorization rule for guest flow to bypass authenticated MAC address.
D. Configure an authentication rule for MAC Authentication Bypass users to add an authenticated MAC address in an identity group.
Answer: D
NEW QUESTION 335
A network is going through major hardware upgrades and is using Cisco ISE for network access control. Network devices are being added and removed regularly and the Cisco ISE administrators want to track new network devices. Which probe must be enabled to provide this visibility for Cisco ISE?
A. DHCP SPAN.
B. SNMP query.
C. SNMP trap.
D. NetFlow.
Answer: C
NEW QUESTION 336
A network security administrator needs a web authentication configuration when a guest user connects to the network with a wireless connection using these steps:
– An initial MAB request is sent to the Cisco ISE node.
– Cisco ISE responds with a URL redirection authorization profile if the user’s MAC address is unknown in the endpoint identity store.
– The URL redirection presents the user with an AUP acceptance page when the user attempts to go to any URL.
Which authentication must the administrator configure on Cisco ISE?
A. Wired NAD with local WebAuth.
B. WLC with local WebAuth.
C. NAD with central WebAuth.
D. Device registration WebAuth.
Answer: C
NEW QUESTION 337
A network engineer received alerts from the monitoring platform that a switch port exists with multiple sessions. RADIUS CoA using Cisco ISE must be used to address the issue. Which RADIUS CoA configuration must be used?
A. port bounce
B. no CoA
C. exception
D. reauth
Answer: D
NEW QUESTION 338
The security team identified a rogue endpoint with MAC address 00:47:44:40:54:1A attached to the network. Which action must security engineer take within Cisco ISE to effectively restrict network access for this endpoint?
A. Create authentication policy to force reauthentication.
B. Configure access control list on network switches to block traffic.
C. Add MAC address to the endpoint quarantine list.
D. Implement authentication policy to deny access.
Answer: C
NEW QUESTION 339
An administrator must configure Cisco ISE to authenticate a user accessing a Cisco Adaptive Security Appliance firewall using SSH. The solution must meet these requirements:
– The local Cisco ISE database must be used for user authentication.
– ASA commands run by users must be validated.
The configurations were performed:
– added the Cisco Adaptive Security Appliance firewall
– configured user accounts
– enabled Device Admin Service in Cisco ISE
– configured a TACACS profile
– configured an authorization policy
– configured the Cisco Adaptive Security Appliance firewall for authentication and authorization
Which two actions must be taken in Cisco ISE? (Choose two.)
A. Enable local authentication.
B. Configure a user identity group.
C. Configure an authentication profile.
D. Configure TACACS command sets.
E. Configure an authorization profile.
Answer: DE
NEW QUESTION 340
Which nodes are supported in a distributed Cisco ISE deployment? (Choose two.)
A. Policy Service nodes for session failover.
B. Administration nodes for session failover.
C. Monitoring nodes for PxGrid services.
D. Policy Service nodes for automatic failover.
Answer: AC
NEW QUESTION 341
……
New 2020 CCNP 300-715 SISE exam questions from PassLeader 300-715 dumps! Welcome to download the newest PassLeader 300-715 VCE and PDF dumps: https://www.passleader.com/300-715.html (344 Q&As)
P.S. Free 2020 CCNP 300-715 SISE dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=10mbBp2Z7ri3RGpRaeaLp8R2BTE37if3P