1. Home
  2. Cisco
  3. 300-715

Implementing and Configuring Cisco Identity Services Engine (SISE)

Exam Details

  • Exam Code
    :300-715
  • Exam Name
    :Implementing and Configuring Cisco Identity Services Engine (SISE)
  • Certification
    :CCNP Security
  • Vendor
    :Cisco
  • Total Questions
    :404 Q&As
  • Last Updated
    :Apr 14, 2025

Cisco CCNP Security 300-715 Questions & Answers

  • Question 161:

    Which deployment mode allows for one or more policy service nodes to be used for session failover?

    A. centralized

    B. secondary

    C. standalone

    D. distributed

  • Question 162:

    Which two default guest portals are available with Cisco ISE? (Choose two.)

    A. WiFi-access

    B. self-registered

    C. central web authentication

    D. visitor

    E. sponsored

  • Question 163:

    An engineer is using profiling to determine what access an endpoint must receive. After configuring both Cisco ISE and the network devices for 802.1X and profiling, the endpoints do not profile prior to authentication.

    What are two reasons this is happening? (Choose two.)

    A. Closed mode is restricting the collection of the attributes prior to authentication.

    B. The HTTP probe is malfunctioning due to closed mode being enabled.

    C. The SNMP probe is not enabled.

    D. NetFlow is not enable on the switch, so the attributes will not be collected.

    E. The switch is collecting the attributes via RADIUS but the probes are not sending them.

  • Question 164:

    A Cisco ISE administrator must restrict specific endpoints from accessing the network while in closed mode. The requirement is to have Cisco ISE centrally store the endpoints to restrict access from.

    What must be done to accomplish this task?

    A. Create a profiling policy for each endpoint with the cdpCacheDeviceId attribute.

    B. Create a logical profile for each device's profile policy and block that via authorization policies.

    C. Add each MAC address manually to a blocklist identity group and create a policy denying access.

    D. Add each IP address to a policy denying access.

  • Question 165:

    An employee logs on to the My Devices portal and marks a currently on-boarded device as `Lost'.

    A. Certificates provisioned to the device are not revoked

    B. BYOD Registration status is updated to No

    C. The device access has been denied

    D. BYOD Registration status is updated to Unknown.

    E. The device status is updated to Stolen

  • Question 166:

    A network administrator must configure Cisco ISE Personas in the company to share session information via syslog. Which Cisco ISE personas must be added to syslog receivers to accomplish this goal?

    A. admin

    B. policy services

    C. monitor

    D. pxGrid

  • Question 167:

    What is the maximum number of PSN nodes supported in a medium-sized deployment?

    A. two

    B. three

    C. five

    D. eight

  • Question 168:

    An organization has a fully distributed Cisco ISE deployment. When implementing probes, an administrator must scan for unknown endpoints to learn the IP-to-MAC address bindings The scan is complete on one PSN, but the information is not available on the others.

    What must be done to make the information available?

    A. Cisco ISE must be configured to learn the IP-MAC binding of unknown endpoints via RADIUS authentication, not via scanning.

    B. Cisco ISE must learn the IP-MAC binding of unknown endpoints via DHCP profiling, not via scanning.

    C. Scanning must be initiated from the MnT node to centrally gather the information.

    D. Scanning must be initiated from the PSN that last authenticated the endpoint.

  • Question 169:

    An administrator is configuring a switch port for use with 802.1X.

    What must be done so that the port will allow voice and multiple data endpoints?

    A. Connect a hub to the switch port to allow multiple devices access after authentication.

    B. Configure the port with the authentication host-mode multi-auth command.

    C. Connect the data devices to the port, then attach the phone behind them.

    D. Use the command authentication host-mode multi-domain on the port.

  • Question 170:

    An administrator is troubleshooting an endpoint that is supposed to bypass 802.1X and use MAB. The endpoint is bypassing 802.1X and successfully getting network access using MAB, however the endpoint cannot communicate because it cannot obtain an IP address.

    What is the problem?

    A. The endpoint is using the wrong protocol to authenticate with Cisco ISE.

    B. The 802.1X timeout period is too long.

    C. The DHCP probe for Cisco ISE is not working as expected.

    D. An ACL on the port is blocking HTTP traffic.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 300-715 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.