1. Home
  2. Cisco
  3. 300-715

Implementing and Configuring Cisco Identity Services Engine (SISE)

Exam Details

  • Exam Code
    :300-715
  • Exam Name
    :Implementing and Configuring Cisco Identity Services Engine (SISE)
  • Certification
    :CCNP Security
  • Vendor
    :Cisco
  • Total Questions
    :404 Q&As
  • Last Updated
    :Apr 14, 2025

Cisco CCNP Security 300-715 Questions & Answers

  • Question 231:

    An organization wants to improve their BYOD processes to have Cisco ISE issue certificates to the BYOD endpoints. Currently, they have an active certificate authority and do not want to replace it with Cisco ISE. What must be configured within Cisco ISE to accomplish this goal?

    A. Create a certificate signing request and have the root certificate authority sign it.

    B. Add the root certificate authority to the trust store and enable it for authentication.

    C. Create an SCEP profile to link Cisco ISE with the root certificate authority.

    D. Add an OCSP profile and configure the root certificate authority as secondary.

  • Question 232:

    There is a need within an organization for a new policy to be created in Cisco ISE. It must validate that a specific anti-virus application is not only installed, but running on a machine before it is allowed access to the network. Which posture condition should the administrator configure in order for this policy to work?

    A. file

    B. registry

    C. application

    D. service

  • Question 233:

    A network engineer must enforce access control using special tags, without re-engineering the network design. Which feature should be configured to achieve this in a scalable manner?

    A. SGT

    B. dACL

    C. VLAN

    D. RBAC

  • Question 234:

    A policy is being created in order to provide device administration access to the switches on a network. There is a requirement to ensure that if the session is not actively being used, after 10 minutes, it will be disconnected.

    Which task must be configured in order to meet this requirement?

    A. session timeout

    B. idle time

    C. monitor

    D. set attribute as

  • Question 235:

    An administrator is attempting to replace the built-in self-signed certificates on a Cisco ISE appliance. The CA is requesting some information about the appliance in order to sign the new certificate. What must be done in order to provide the CA this information?

    A. Install the Root CA and intermediate CA.

    B. Generate the CSR.

    C. Download the intermediate server certificate.

    D. Download the CA server certificate.

  • Question 236:

    An organization is hosting a conference and must make guest accounts for several of the speakers attending. The conference ended two days early but the guest accounts are still being used to access the network. What must be configured to correct this?

    A. Create an authorization rule denying sponsored guest access.

    B. Navigate to the Guest Portal and delete the guest accounts.

    C. Create an authorization rule denying guest access.

    D. Navigate to the Sponsor Portal and suspend the guest accounts.

  • Question 237:

    An administrator is configuring posture with Cisco ISE and wants to check that specific services are present on the workstations that are attempting to access the network. What must be configured to accomplish this goal?

    A. Create a registry posture condition using a non-OPSWAT API version.

    B. Create an application posture condition using a OPSWAT API version.

    C. Create a compound posture condition using a OPSWAT API version.

    D. Create a service posture condition using a non-OPSWAT API version.

  • Question 238:

    An engineer is configuring 802.1X and wants it to be transparent from the users' point of view. The implementation should provide open authentication on the switch ports while providing strong levels of security for non-authenticated devices. Which deployment mode should be used to achieve this?

    A. closed

    B. low-impact

    C. open

    D. high-impact

  • Question 239:

    An engineer is configuring web authentication and needs to allow specific protocols to permit DNS traffic. Which type of access list should be used for this configuration?

    A. reflexive ACL

    B. extended ACL

    C. standard ACL

    D. numbered ACL

  • Question 240:

    Which three default endpoint identity groups does cisco ISE create? (Choose three)

    A. Unknown

    B. whitelist

    C. end point

    D. profiled

    E. block list

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 300-715 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.