Which two features should be used on Cisco ISE to enable the TACACS+ feature? (Choose two )
A. External TACACS Servers
B. Device Admin Service
C. Device Administration License
D. Server Sequence
E. Command Sets
An engineer is configuring a guest password policy and needs to ensure that the password complexity requirements are set to mitigate brute force attacks. Which two requirement complete this policy? (Choose two)
A. minimum password length
B. active username limit
C. access code control
D. gpassword expiration period
E. username expiration date
What happens when an internal user is configured with an external identity store for authentication, but an engineer uses the Cisco ISE admin portal to select an internal identity store as the identity source?
A. Authentication is redirected to the internal identity source.
B. Authentication is redirected to the external identity source.
C. Authentication is granted.
D. Authentication fails.
An administrator needs to connect ISE to Active Directory as an external authentication source and allow the proper ports through the firewall. Which two ports should be opened to accomplish this task? (Choose two)
A. TELNET 23
B. LDAP 389
C. HTTP 80
D. HTTPS 443
E. MSRPC 445
The security team identified a rogue endpoint with MAC address 00:47:44:40:54:1A attached to the network. Which action must security engineer take within Cisco ISE to effectively restrict network access for this endpoint?
A. Create authentication policy to force reauthentication.
B. Configure access control list on network switches to block traffic.
C. Add MAC address to the endpoint quarantine list.
D. Implement authentication policy to deny access.
An administrator must provide administrative access to the helpdesk users on production Cisco IOS routers. The solution must meet these requirements:
1.
Authenticate the users against Microsoft AD.
2.
Validate IOS commands run by users.
These configurations have been performed:
1.
joined Cisco ISE to AD
2.
retrieved AD groups
3.
added a router to Cisco ISE
4.
enabled Device Admin Service in Cisco ISE
5.
configured an authorization policy
6.
configured the routers for authentication and authorization
Which two components must be configured? (Choose two.)
A. TACACS command sets
B. authentication profile
C. authorization profile
D. TACACS profile
E. access control list to filter the IOS commands
An engineer must configure posture updates. The task is to ensure the latest set of predefined checks and operating system information is updated. The checks must take place regularly. Where in the Cisco ISE interface would the engineer make the necessary changes to the compliance module?
A. Administration > System > Settings > Updates > Posture
B. Administration > System > Settings > Updates > Schedule
C. Administration > System > Settings > Posture > Updates
D. Administration > System > Settings > Posture > Updates > Schedule
A user is attempting to register a BYOD device to the Cisco ISE deployment but needs to use the onboarding policy to request a digital certificate and provision the endpoint. What must be configured to accomplish this task?
A. The BYOD flow to ensure that the endpoint is provisioned prior to registering.
B. The Cisco Secure Client provisioning policy to provision the endpoint for onboarding.
C. A native supplicant provisioning policy to redirect the user to the BYOD portal for onboarding.
D. The posture provisioning policy to give the endpoint the required components prior to registering.
A network engineer must enable a profiling probe. The profiling must take details through the Active Directory. Where in the Cisco ISE interface would the engineer enable the probe?
A. Administration > Deployment > System > Profiling
B. Policy > Deployment > System > Profiling
C. Policy > Policy Elements > Profiling
D. Administration > System > Deployment > Profiling
A network is going through major hardware upgrades and is using Cisco ISE for network access control. Network devices are being added and removed regularly and the Cisco ISE administrators want to track new network devices. Which probe must be enabled to provide this visibility for Cisco ISE?
A. DHCP SPAN
B. SNMP query
C. SNMP trap
D. NetFlow
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 300-715 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.