1. Home
  2. Cisco
  3. 300-715

Implementing and Configuring Cisco Identity Services Engine (SISE)

Exam Details

  • Exam Code
    :300-715
  • Exam Name
    :Implementing and Configuring Cisco Identity Services Engine (SISE)
  • Certification
    :CCNP Security
  • Vendor
    :Cisco
  • Total Questions
    :404 Q&As
  • Last Updated
    :Apr 14, 2025

Cisco CCNP Security 300-715 Questions & Answers

  • Question 131:

    An administrator wants to configure network device administration and is trying to decide whether to use TACACS* or RADIUS. A reliable protocol must be used that can check command authorization

    Which protocol meets these requirements and why?

    A. TACACS+ because it runs over TCP

    B. RADIUS because it runs over UDP

    C. RADIUS because it runs over TCP.

    D. TACACS+ because it runs over UDP

  • Question 132:

    Which Cisco ISE deployment model provides redundancy by having every node in the deployment configured with the Administration. Policy Service, and Monitoring personas to protect from a complete node failure?

    A. distributed

    B. dispersed

    C. two-node

    D. hybrid

  • Question 133:

    An engineer is enabling a newly configured wireless SSID for tablets and needs visibility into which other types of devices are connecting to it.

    What must be done on the Cisco WLC to provide this information to Cisco ISE?

    A. enable IP Device Tracking

    B. enable MAC filtering

    C. enable Fast Transition

    D. enable mDNS snooping

  • Question 134:

    An engineer is configuring 802.1X and is testing out their policy sets. After authentication, some endpoints are given an access-reject message but are still allowed onto the network. What is causing this issue to occur?

    A. The switch port is configured with authentication event server dead action authorize vlan.

    B. The authorization results for the endpoints include a dACL allowing access.

    C. The authorization results for the endpoints include the Trusted security group tag.

    D. The switch port is configured with authentication open.

  • Question 135:

    An engineer is configuring ISE for network device administration and has devices that support both protocols.

    What are two benefits of choosing TACACS+ over RADUs for these devices? (Choose two.)

    A. TACACS+ is FIPS compliant while RADIUS is not

    B. TACACS+ is designed for network access control while RADIUS is designed for role-based access.

    C. TACACS+ uses secure EAP-TLS while RADIUS does not.

    D. TACACS+ provides the ability to authorize specific commands while RADIUS does not

    E. TACACS+ encrypts the entire payload being sent while RADIUS only encrypts the password.

  • Question 136:

    An administrator is configuring a Cisco WLC for web authentication.

    Which two client profiling methods are enabled by default if the Apply Cisco ISE Default Settings check box has been selected'? (Choose two.)

    A. CDP

    B. DHCP

    C. HTTP

    D. SNMP

    E. LLDP

  • Question 137:

    Refer to the exhibit.

    An engineer is configuring Cisco ISE for guest services They would like to have any unregistered guests redirected to the guest portal for authentication then have a CoA provide them with full access to the network that is segmented via firewalls.

    Why is the given configuration failing to accomplish this goal?

    A. The Guest Flow condition is not in the line that gives access to the quest portal

    B. The Network_Access_Authentication_Passed condition will not work with guest services for portal access.

    C. The Permit Access result is not set to restricted access in its policy line

    D. The Guest Portal and Guest Access policy lines are in the wrong order

  • Question 138:

    Users in an organization report issues about having to remember multiple usernames and passwords. The network administrator wants the existing Cisco ISE deployment to utilize an external identity source to alleviate this issue.

    Which two requirements must be met to implement this change? (Choose two.)

    A. Enable IPC access over port 80.

    B. Ensure that the NAT address is properly configured

    C. Establish access to one Global Catalog server.

    D. Provide domain administrator access to Active Directory.

    E. Configure a secure LDAP connection.

  • Question 139:

    An engineer is configuring TACACS+ within Cisco ISE for use with a non-Cisco network device. They need to send special attributes in the Access-Accept response to ensure that the users are given the appropriate access.

    What must be configured to accomplish this'?

    A. dACLs to enforce the various access policies for the users

    B. custom access conditions for defining the different roles

    C. shell profiles with custom attributes that define the various roles

    D. TACACS+ command sets to provide appropriate access

  • Question 140:

    An administrator needs to allow guest devices to connect to a private network without requiring usernames and passwords. Which two features must be configured to allow for this? (Choose two.)

    A. hotspot guest portal

    B. device registration WebAuth

    C. central WebAuth

    D. local WebAuth

    E. self-registered guest portal

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 300-715 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.