1. Home
  2. Cisco
  3. 300-715

Implementing and Configuring Cisco Identity Services Engine (SISE)

Exam Details

  • Exam Code
    :300-715
  • Exam Name
    :Implementing and Configuring Cisco Identity Services Engine (SISE)
  • Certification
    :CCNP Security
  • Vendor
    :Cisco
  • Total Questions
    :404 Q&As
  • Last Updated
    :Apr 14, 2025

Cisco CCNP Security 300-715 Questions & Answers

  • Question 111:

    Which Cisco ISE deployment model is recommended for an enterprise that has over 50,000 concurrent active endpoints?

    A. large deployment with fully distributed nodes running all personas

    B. medium deployment with primary and secondary PAN/MnT/pxGrid nodes with shared PSNs

    C. medium deployment with primary and secondary PAN/MnT/pxGrid nodes with dedicated PSNs

    D. small deployment with one primary and one secondary node running all personas

  • Question 112:

    What is a restriction of a standalone Cisco ISE node deployment?

    A. Only the Policy Service persona can be disabled on the node.

    B. The domain name of the node cannot be changed after installation.

    C. Personas are enabled by default and cannot be edited on the node.

    D. The hostname of the node cannot be changed after installation.

  • Question 113:

    An organization is adding nodes to their Cisco ISE deployment and has two nodes designated as primary and secondary PAN and MnT nodes. The organization also has four PSNs An administrator is adding two more PSNs to this deployment but is having problems adding one of them What is the problem?

    A. The new nodes must be set to primary prior to being added to the deployment

    B. The current PAN is only able to track a max of four nodes

    C. Only five PSNs are allowed to be in the Cisco ISE cube if configured this way.

    D. One of the new nodes must be designated as a pxGrid node

  • Question 114:

    An engineer is creating a new authorization policy to give the endpoints access to VLAN 310 upon successful authentication The administrator tests the 802.1X authentication for the endpoint and sees that it is authenticating successfully What must be done to ensure that the endpoint is placed into the correct VLAN?

    A. Configure the switchport access vlan 310 command on the switch port

    B. Ensure that the security group is not preventing the endpoint from being in VLAN 310

    C. Add VLAN 310 in the common tasks of the authorization profile

    D. Ensure that the endpoint is using The correct policy set

  • Question 115:

    An engineer is configuring posture assessment for their network access control and needs to use an agent that supports using service conditions as conditions for the assessment. The agent should be run as a background process to avoid user interruption but when it is run. the user can see it. What is the problem?

    A. The engineer is using the "Anyconnect" posture agent but should be using the "Stealth Anyconnect posture agent

    B. The posture module was deployed using the headend instead of installing it with SCCM

    C. The user was in need of remediation so the agent appeared m the notifications

    D. The proper permissions were no! given to the temporal agent to conduct the assessment

  • Question 116:

    Refer to the exhibit.

    An engineer is configuring a client but cannot authenticate to Cisco ISE During troubleshooting, the show authentication sessions command was issued to display the authentication status of each port Which command gives additional information to help identify the problem with the authentication?

    A. show authentication sessions

    B. show authentication sessions Interface Gil/0/1 output

    C. show authentication sessions interface Gi1/0/1 details

    D. show authentication sessions output

  • Question 117:

    A user is attempting to register a BYOD device to the Cisco ISE deployment, but needs to use the onboarding policy to request a digital certificate and provision the endpoint. What must be configured to accomplish this task?

    A. A native supplicant provisioning policy to redirect them to the BYOD portal for onboarding

    B. The Cisco AnyConnect provisioning policy to provision the endpoint for onboarding

    C. The BYOD flow to ensure that the endpoint will be provisioned prior to registering

    D. The posture provisioning policy to give the endpoint all necessary components prior to registering

  • Question 118:

    An administrator is configuring sponsored guest access using Cisco ISE Access must be restricted to the sponsor portal to ensure that only necessary employees can issue sponsored accounts and employees must be classified to do so

    What must be done to accomplish this task?

    A. Configure an identity-based access list in Cisco ISE to restrict the users allowed to login

    B. Edit the sponsor portal to only accept members from the selected groups

    C. Modify the sponsor groups assigned to reflect the desired user groups

    D. Create an authorization rule using the Guest Flow condition to authorize the administrators

  • Question 119:

    Refer to the exhibit.

    An engineer is configuring the remote access VPN to use Cisco ISE for AAA and needs to conduct posture checks on the connecting endpoints After the endpoint connects, it receives its initial authorization result and continues onto the compliance scan

    What must be done for this AAA configuration to allow compliant access to the network?

    A. Configure the posture authorization so it defaults to unknown status

    B. Fix the CoA port number

    C. Ensure that authorization only mode is not enabled

    D. Enable dynamic authorization within the AAA server group

  • Question 120:

    Which two Cisco ISE deployment models require two nodes configured with dedicated PAN and MnT personas? (Choose two.)

    A. three PSN nodes

    B. seven PSN nodes with one PxGrid node

    C. five PSN nodes with one PxGrid node

    D. two PSN nodes with one PxGrid node

    E. six PSN nodes

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 300-715 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.