Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Cisco 300-715 Exam

Exam Name: Implementing and Configuring Cisco Identity Services Engine
Exam Code: 300-715 SISE
Related Certification(s):
  • Cisco Certified Network Professional CCNP Certifications
  • Cisco Certified Network Professional Security CCNP Security Certifications
Certification Provider: Cisco
Actual Exam Duration: 90 Minutes
Number of 300-715 practice questions in our database: 244 (updated: Jun. 02, 2024)
Expected 300-715 Exam Topics, as suggested by Cisco :
  • Topic 1: Configure TACACS+ Device Administration And Command Authorization/ Architecture And Deployment
  • Topic 2: Describe Supplicant, Supplicant Options, Authenticator, And Server/ Describe Deployment Options
  • Topic 3: Network Access Device Administration/ Configure Native AD And LDAP
  • Topic 4: Configure Cisco ISE Posture Agents And Operational Modes/ Configure Wired/Wireless 802.1X Network Access
  • Topic 5: Configure Posture Conditions And Policy, And Client Provisioning/ Describe Identity Store Options
  • Topic 6: Configure BYOD Device On-Boarding Using Internal CA With Cisco Switches And Cisco Wireless LAN Controllers
  • Topic 7: Describe Endpoint Compliance, Posture Services, And Client Provisioning/ Configure 802.1X Phasing Deployment
  • Topic 8: Configure The Compliance Module/ Configure Network Access Devices
  • Topic 9: Configure Policies Including Authentication And Authorization Profiles/ Configure Sponsor And Guest Portals
  • Topic 10: Configure Blacklist/Whitelist/ Describe Cisco BYOD Functionality/ Configure Web Authentication
  • Topic 11: Configure Endpoint Identity Management/ Configure Guest Access Services
  • Topic 12: Configure Certificates For BYOD/ Implement Profiler Services
  • Topic 13: Web Auth And Guest Services/ Configure Cisco Trustsec
Disscuss Cisco 300-715 Topics, Questions or Ask Anything Related

Currently there are no comments in this discussion, be the first to comment!

Free Cisco 300-715 Exam Actual Questions

Note: Premium Questions for 300-715 were last updated On Jun. 02, 2024 (see below)

Question #1

The security team identified a rogue endpoint with MAC address 00:46:91:02:28:4A attached to the network. Which action must security engineer take within Cisco ISE to effectively

restrict network access for this endpoint?

Reveal Solution Hide Solution
Correct Answer: C

Cisco ISE provides a feature called Adaptive Network Control (ANC) that allows administrators to apply policies to endpoints based on their behavior or status1. One of the ANC policies is Quarantine, which restricts network access for an endpoint by assigning it to a limited-access VLAN or applying an access control list (ACL) on the switch port2. To use the Quarantine policy, the administrator must add the MAC address of the rogue endpoint to the endpoint quarantine list in ISE2. This will trigger a change of authorization (CoA) for the endpoint and apply the Quarantine policy. The other options are not effective for restricting network access for a rogue endpoint, as they do not use the ANC feature of ISE.


Question #2

A network security administrator needs a web authentication configuration when a guest user connects to the network with a wireless connection using these steps:

. An initial MAB request is sent to the Cisco ISE node.

. Cisco ISE responds with a URL redirection authorization profile if the user's MAC address is unknown in the endpoint identity store.

. The URL redirection presents the user with an AUP acceptance page when the user attempts to go to any URL.

Which authentication must the administrator configure on Cisco ISE?

Reveal Solution Hide Solution
Correct Answer: D

Central Web Authentication (CWA) is a feature that allows the network access device (NAD) to redirect the web traffic of a guest user to a web portal hosted by Cisco ISE1. The NAD acts as a proxy between the guest user and the ISE node, and performs the authentication and authorization based on the RADIUS attributes returned by ISE1. To configure CWA on ISE, the administrator must create an authorization profile that contains the URL redirection attribute and assign it to the guest user1. The other options are not correct because they do not use CWA. Device registration WebAuth is a feature that allows users to register their devices on ISE before they can access the network2. WLC with local WebAuth is a feature that allows the wireless LAN controller (WLC) to host the web portal and authenticate the guest user locally3. Wired NAD with local WebAuth is a feature that allows the switch to host the web portal and authenticate the guest user locally


Question #3

Which Cisco ISE deployment model is recommended for an enterprise that has over 50,000 concurrent active endpoints?

Reveal Solution Hide Solution
Correct Answer: C

Question #4

A network security administrator needs a web authentication configuration when a guest user connects to the network with a wireless connection using these steps:

. An initial MAB request is sent to the Cisco ISE node.

. Cisco ISE responds with a URL redirection authorization profile if the user's MAC address is unknown in the endpoint identity store.

. The URL redirection presents the user with an AUP acceptance page when the user attempts to go to any URL.

Which authentication must the administrator configure on Cisco ISE?

Reveal Solution Hide Solution
Correct Answer: D

Central Web Authentication (CWA) is a feature that allows the network access device (NAD) to redirect the web traffic of a guest user to a web portal hosted by Cisco ISE1. The NAD acts as a proxy between the guest user and the ISE node, and performs the authentication and authorization based on the RADIUS attributes returned by ISE1. To configure CWA on ISE, the administrator must create an authorization profile that contains the URL redirection attribute and assign it to the guest user1. The other options are not correct because they do not use CWA. Device registration WebAuth is a feature that allows users to register their devices on ISE before they can access the network2. WLC with local WebAuth is a feature that allows the wireless LAN controller (WLC) to host the web portal and authenticate the guest user locally3. Wired NAD with local WebAuth is a feature that allows the switch to host the web portal and authenticate the guest user locally


Question #5

An enterprise uses a separate PSN for each of its four remote sites. Recently, a user reported receiving an "EAP-TLS authentication failed" message when moving between remote sites. Which configuration must be applied on Cisco ISE?

Reveal Solution Hide Solution
Correct Answer: B

When using separate PSNs for different sites, the network device must be added to all PSN nodes in the deployment, so that the device can communicate with the appropriate PSN based on the location of the user1. If the device is not added to all PSN nodes, the user may encounter an EAP-TLS authentication failure when moving between sites, as the device may not be able to reach the PSN that issued the certificate2. The other options are not relevant for this scenario, as they do not address the issue of PSN communication.



Unlock Premium 300-715 Exam Questions with Advanced Practice Test Features:
  • Select Question Types you want
  • Set your Desired Pass Percentage
  • Allocate Time (Hours : Minutes)
  • Create Multiple Practice tests with Limited Questions
  • Customer Support
Get Full Access Now

Save Cancel