300-715 Cisco Implementing and Configuring Cisco Identity Services Engine (SISE) v4.0 (300-715 SISE) exact Exam Questions

Implementing and Configuring Cisco Identity Services Engine (SISE) v4.0 (300-715 SISE)

Last Update 12 hours ago Total Questions : 299

The Implementing and Configuring Cisco Identity Services Engine (SISE) v4.0 (300-715 SISE) content is now fully updated, with all current exam questions added 12 hours ago. Deciding to include 300-715 practice exam questions in your study plan goes far beyond basic test preparation.

You'll find that our 300-715 exam questions frequently feature detailed scenarios and practical problem-solving exercises that directly mirror industry challenges. Engaging with these 300-715 sample sets allows you to effectively manage your time and pace yourself, giving you the ability to finish any Implementing and Configuring Cisco Identity Services Engine (SISE) v4.0 (300-715 SISE) practice test comfortably within the allotted time.

Question # 81

An engineer deploys Cisco ISE and must configure Active Directory to then use information from Active Directory in an authorization policy. Which two components must be configured, in addition to Active Directory groups, to achieve this goat? (Choose two )

Active Directory External Identity Sources

Library Condition for External Identity. External Groups

Identity Source Sequences

LDAP External Identity SourcesE Library Condition for Identity Group: User Identity Group

Question # 82

Which two fields are available when creating an endpoint on the context visibility page of Cisco IS? (Choose two)

Policy Assignment

Endpoint Family

Identity Group Assignment

Security Group Tag

IP Address

Question # 83

An administrator has added a new Cisco ISE PSN to their distributed deployment. Which two features must the administrator enable to accept authentication requests and profile the endpoints correctly, and add them to their respective endpoint identity groups? (Choose two )

Session Services

Endpoint Attribute Filter

Posture Services

Profiling Services

Radius Service

Question # 84

An organization is implementing Cisco ISE posture services and must ensure that a host-based firewall is in place on every Windows and Mac computer that attempts to access the network They have multiple vendors’ firewall applications for their devices, so the engineers creating the policies are unable to use a specific application check in order to validate the posture for this What should be done to enable this type of posture check?

Use the file registry condition to ensure that the firewal is installed and running appropriately.

Use a compound condition to look for the Windows or Mac native firewall applications.

Enable the default ﬁrewall condition to check for any vendor ﬁrewall application.

Enable the default application condition to identify the applications installed and validade the ﬁrewall app.

Question # 85

An administrator must provide network access to legacy Windows endpoints with a specific device type and operating system version using Cisco ISE profiler services. The ISE profiler services and access switches must be configured to identify endpoints using the dhcp-class-identifier and parameters-request-list attributes from the DHCP traffic. These configurations were performed:

enabled the DHCP probe in Cisco ISE

configured the Cisco ISE PSN interface to receive DHCP packets

configured the attributes in custom profiling conditions

configured a custom profiling policy

configured an authorization rule with permit access

Which action completes the configuration?

Configure the switches to send copies of the DHCP traffic to the Cisco ISE PSN.

Configure the Cisco ISE PSN interface to receive SPAN DHCP traffic.

Configure the switches to relay DHCP packets to the Cisco ISE PSN.

Enable the DHCP SPAN probe in Cisco ISE primary server.

Question # 86

Which two default endpoint identity groups does Cisco ISE create? (Choose two )

block list

endpoint

profiled

allow list

unknown

Answer:

C, E

Explanation:

https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_010100.html

Default Endpoint Identity Groups Created for EndpointsCisco ISE creates the following five endpoint identity groups by default: Blacklist, GuestEndpoints, Profiled, RegisteredDevices, and Unknown. In addition, it creates two more identity groups, such as Cisco-IP-Phone and Workstation, which are associated to the Profiled (parent) identity group. A parent group is the default identity group that exists in the system.

Cisco ISE creates the following endpoint identity groups:

Blacklist—This endpoint identity group includes endpoints that are statically assigned to this group in Cisco ISE and endpoints that are block listed in the device registration portal. An authorization profile can be defined in Cisco ISE to permit, or deny network access to endpoints in this group.

GuestEndpoints—This endpoint identity group includes endpoints that are used by guest users.

Profiled—This endpoint identity group includes endpoints that match endpoint profiling policies except Cisco IP phones and workstations in Cisco ISE.

RegisteredDevices—This endpoint identity group includes endpoints, which are registered devices that are added by an employee through the devices registration portal. The profiling service continues to profile these devices normally when they are assigned to this group. Endpoints are statically assigned to this group in Cisco ISE, and the profiling service cannot reassign them to any other identity group. These devices will appear like any other endpoint in the endpoints list. You can edit, delete, and block these devices that you added through the device registration portal from the endpoints list in the Endpoints page in Cisco ISE. Devices that you have blocked in the device registration portal are assigned to the Blacklist endpoint identity group, and an authorization profile that exists in Cisco ISE redirects blocked devices to a URL, which displays “Unauthorised Network Access”, a default portal page to the blocked devices.

Unknown—This endpoint identity group includes endpoints that do not match any profile in Cisco ISE.

In addition to the above system created endpoint identity groups, Cisco ISE creates the following endpoint identity groups, which are associated to the Profiled identity group:

Cisco-IP-Phone—An identity group that contains all the profiled Cisco IP phones on your network.

Workstation—An identity group that contains all the profiled workstations on your network.

Question # 87

A network administrator must use Cisco ISE to check whether endpoints have the correct version of antivirus installed Which action must be taken to allow this capability?

Configure a native supplicant profile to be used for checking the antivirus version

Configure Cisco ISE to push the HostScan package to the endpoints to check for the antivirus version.

Create a Cisco AnyConnect Network Visibility Module configuration profile to send the antivirus information of the endpoints to Cisco ISE.

Create a Cisco AnyConnect configuration within Cisco ISE for the Compliance Module and associated configuration files

Question # 88

A network engineer is configuring a Cisco Wireless LAN Controller in order to find out more information about the devices that are connecting. This information must be sent to Cisco ISE to be used in authorization policies. Which profiling mechanism must be configured in the Cisco Wireless LAN Controller to accomplish this task?

DNS

CDP

DHCP

ICMP

Question # 89

An ISE administrator must change the inactivity timer for MAB endpoints to terminate the authentication session whenever a switch port that is connected to an IP phone does not detect packets from the device for 30 minutes. Which action must be taken to accomplish this task?

Add the authentication timer reauthenticate server command to the switchport.

Add the authentication timer inactivity 3600 command to the switchport.

Change the idle-timeout on the Radius server to 3600 seconds for IP Phone endpoints.

Configure the session-timeout to be 3600 seconds on Cisco ISE.