An engineer needs to configure a new certificate template in the Cisco ISE Internal Certificate Authority to prevent BYOD devices from needing to re-enroll when their MAC address changes. Which option must be selected in the Subject Alternative Name field?
A. Common Name and GUID
B. MAC Address and GUID
C. Distinguished Name
D. Common Name
A user changes the status of a device to stolen in the My Devices Portal of Cisco ISE. The device was originally onboarded in the BYOD wireless Portal without a certificate. The device is found later, but the user cannot re-onboard the device because Cisco ISE assigned the device to the Blocklist endpoint identity group. What must the user do in the My Devices Portal to resolve this issue?
A. Manually remove the device from the Blocklist endpoint identity group.
B. Change the device state from Stolen to Not Registered.
C. Change the BYOD registration attribute of the device to None.
D. Delete the device, and then re-add the device.
A security administrator is using Cisco ISE to create a BYOD onboarding solution for all employees who use personal devices on the corporate network. The administrator generates a Certificate Signing Request and signs the request using an external Certificate Authority server. Which certificate usage option must be selected when importing the certificate into ISE?
A. RADIUS
B. DLTS
C. Portal
D. Admin
An administrator replaced a PSN in the distributed Cisco ISE environment. When endpoints authenticate to it, the devices are not getting the right profiles or attributes and as a result, are not hitting the correct policies. This was working correctly on the previous PSN. Which action must be taken to ensure the endpoints get identified?
A. Verify that the MnT node is tracking the session.
B. Verify the shared secret used between the switch and the PSN.
C. Verify that the profiling service is running on the new PSN.
D. Verify that the authentication request the PSN is receiving is not malformed.
An administrator must block access to BYOD endpoints that were onboarded without a certificate and have been reported as stolen in the Cisco ISE My Devices Portal. Which condition must be used when configuring an authorization policy that sets DenyAccess permission?
A. Endpoint Identity Group is Blocklist, and the BYOD state is Registered.
B. Endpoint Identify Group is Blocklist, and the BYOD state is Pending.
C. Endpoint Identity Group is Blocklist, and the BYOD state is Lost.
D. Endpoint Identity Group is Blocklist, and the BYOD state is Reinstate.
An engineer is configuring static SGT classification. Which configuration should be used when authentication is disabled and third-party switches are in use?
A. VLAN to SGT mapping
B. IP Address to SGT mapping
C. L3IF to SGT mapping
D. Subnet to SGT mapping
An engineer must configure Cisco ISE to provide internet access for guests in which guests are required to enter a code to gain network access. Which action accomplishes the goal?
A. Configure the hotspot portal for guest access and require an access code.
B. Configure the sponsor portal with a single account and use the access code as the password.
C. Configure the self-registered guest portal to allow guests to create a personal access code.
D. Create a BYOD policy that bypasses the authentication of the user and authorizes access codes.
Which two actions must be verified to confirm that the internet is accessible via guest access when configuring a guest portal? (Choose two.)
A. The guest device successfully associates with the correct SSID.
B. The guest user gets redirected to the authentication page when opening a browser.
C. The guest device has internal network access on the WLAN.
D. The guest device can connect to network file shares.
E. Cisco ISE sends a CoA upon successful guest authentication.
An administrator made changes in Cisco ISE and needs to apply new permissions for endpoints that have already been authenticated by sending a CoA packet to the network devices. Which IOS command must be configured on the devices to accomplish this goal?
A. aaa server radius dynamic-author
B. authentication command bounce-port
C. authentication command disable-port
D. authentication command disable-port
An engineer needs to configure Cisco ISE Profiling Services to authorize network access for IP speakers that require access to the intercom system. This traffic needs to be identified if the ToS bit is set to 5 and the destination IP address is the intercom system. What must be configured to accomplish this goal?
A. NMAP
B. NETFLOW
C. pxGrid
D. RADIUS
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 300-715 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.