A Cisco ISE engineer is creating certificate authentication profile to be used with machine authentication for the network. The engineer wants to be able to compare the user-presented certificate with a certificate stored in Active Directory. What must be done to accomplish this?
A. Add the subject alternative name and the common name to the CAP
B. Use MS-CHAPv2 since it provides machine credentials and matches them to credentials stored in Active Directory.
C. Configure the user-presented password hash and a hash stored in Active Directory for comparison.
D. Enable the option for performing binary comparison.
An engineer has been tasked with using Cisco ISE to restrict network access at the switchport level using 802.1X authentication. Users who fail 802.1X authentication should e redirected via web redirection and have their access restricted via an ACL. What must be configured in Cisco ISE to accomplish this task?
A. an authorization profile
B. an authorization rule
C. an authentication policy
D. an authentication profile
Due to a recent network incident, all access to network devices must be centrally logged and tracked in Cisco ISE. On which nodes must the Device Admin service be enabled?
A. one PAN
B. each PSN
C. each PAN
D. one PSN
An engineer is configuring a new Cisco ISE node. The Device Admin service must run on this node to handle authentication requests for network device access via TACACS+. Which persona must be enabled on this node to perform this function?
A. pxGrid
B. Administration
C. Policy Service
D. Monitoring
An engineer needs to create a Self-Registered Guest Portal in Cisco ISE in which guest users receive their passwords via SMS. Which two settings must be configured to accomplish this task? (Choose two.)
A. Choose the SMS provider previously configured as a SMS gateway under the Registration Form Settings.
B. Select SMS for the Send Credential upon notification setting under Registration Form Settings.
C. Choose the SMS provider previously configured as a SMS gateway under Device Registration Settings.
D. Select Allow employees to use personal devices and SMS for notifications under BYOD.
E. Select SMS for the Send Credential upon notification setting under the Login Page Settings.
A Cisco ISE administrator is setting up Central Web Authentication to be used for user endpoint authentication. The client cannot reach the guest portal to log in and gain access, but DNS is functioning properly and the guest portal is enabled. What else must be configured to gain access?
A. Allow port TCP/8443 on the firewall.
B. Configure HTTP to HTTPS redirection.
C. Configure the guest portal to listen on TCP/8443.
D. Allow redirection from any client IP range.
An engineer is deploying Cisco ISE to use 802.1X authentication for controlling access to the company's wired network. The request from company management is to minimize the impact on users during the rollout of 802.1X on the company switches. Which mode must be used first in a phased 802.1X deployment to fulfill this request?
A. Monitor
B. Open
C. Low-impact
D. Closed
A network engineer is attempting to terminate and reinitialize wireless user sessions individually by using the Live Sessions tab in Cisco ISE. Cisco ISE and the Cisco WLC are separated by a firewall. Which port must be allowed on the firewall so that the network engineer can perform this function from Cisco ISE?
A. TCP port 8443
B. UDP port 5246
C. UDP port 1700
D. TCP port 3791
An engineer must configure an HTTP probe on a Cisco ISE virtual appliance running on VMWare using a dedicated interface for profiling. The interface is assigned to the VM Network port group. The engineer is logged into the hypervisor with a user account that only provides access to the Cisco ISE VM and the network settings for the VM.
Which security setting must be changed for this interface to accept SPAN traffic?
A. Set Promiscuous mode to inherit from vSwitch in the Port Group properties.
B. Set Promiscuous mode to inherit from Port Group in the vSwitch properties.
C. Set Promiscuous mode to Accept in the Port Group properties.
D. Set Promiscuous mode to Accept in the vSwitch properties.
What are two differences of TACACS+ compared to RADIUS? (Choose two.)
A. TACACS+ uses a connectionless transport protocol, whereas RADIUS uses a connection-oriented transport protocol.
B. TACACS+ encrypts the full packet payload, whereas RADIUS only encrypts the password.
C. TACACS+ only encrypts the password, whereas RADIUS encrypts the full packet payload.
D. TACACS+ uses a connection-oriented transport protocol, whereas RADIUS uses a connectionless transport protocol.
E. TACACS+ supports multiple sessions per user, whereas RADIUS supports one session per user.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 300-715 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.