cisco 300-715 practice test

Question 1

What is the purpose of the ip http server command on a switch?

• A. It enables the https server for users for web authentication.
• B. It enables dot1x authentication on the switch.
• C. It enables MAB authentication on the switch.
• D. It enables the switch to redirect users for web authentication.

Question 2

An organization wants to split their Cisco ISE deployment to separate the device administration functionalities from the main deployment. For this to work, the administrator must deregister any nodes that will become a part of the new deployment, but the button for this option is grayed out.
Which configuration is causing this behavior?

• A. All of the nodes are actively being synched.
• B. All of the nodes participate in the PAN auto failover.
• C. One of the nodes is an active PSN.
• D. One of the nodes is the Primary PAN.

Question 3

Which two features are available when the primary admin node is down and the secondary admin node has not been promoted? (Choose two.)

• A. new AD user 802.1X authentication
• B. hotspot
• C. posture
• D. guest AUP
• E. BYOD

Question 4

Which two probes provide IP-to-MAC address binding information to the ARP cache in Cisco ISE? (Choose two.)

• A. HTTP
• B. RADIUS
• C. DHCP
• D. DNS
• E. NetFlow

Question 5

To configure BYOD using Cisco ISE. an administrator is considering issuing certificates to the devices connecting to provide a better user experience. External CA servers cannot be used for this purpose because everything must be local to the Cisco ISE. What must be done to accomplish this?

• A. Use the captive portal network assistant to issue certificates to the endpoints as they authenticate.
• B. Use ISE as a sub CA for the BYOD portal and redirect users to the Root CA for certificate issuance.
• C. Configure the Cisco ISE Internal CA to issue certificates to each endpoint connecting to the BYOD network.
• D. Configure MS SCEP so that endpoints can query their local AD server for the correct certificate.

Question 6

What must be configured on the WLC to configure Central Web Authentication using Cisco ISE and a WLC?

• A. Use the ip access-group webauth in command.
• B. Use the radius-server vsa send authentication command.
• C. Set the NAC State option to SNMP NAC.
• D. Set the NAC State option to RADIUS NAC.

Question 7

An engineer is configuring static SGT classification. Which configuration should be used when authentication is disabled and third-party switches are in use?

• A. VLAN to SGT mapping
• B. IP Address to SGT mapping
• C. L3IF to SGT mapping
• D. Subnet to SGT mapping

Question 8

Which two default guest portals are available with Cisco ISE? (Choose two.)

• A. WiFi-access
• B. self-registered
• C. central web authentication
• D. visitor
• E. sponsored

Question 9

DRAG DROP

An engineer needs to configure a compliance policy on Cisco ISE to ensure that the latest encryption software is running on the C drive of all endpoints. Drag and drop the configuration steps from the left into the sequence on the right to accomplish this task.

Question 10

An administrator is configuring a new profiling policy within Cisco ISE. The organization has several endpoints that are the same device type, and all have the same Block ID in their MAC address. The profiler does not currently have a profiling policy created to categorize these endpoints, therefore a custom profiling policy must be created.
Which condition must the administrator use in order to properly profile an ACME AI Connector endpoint for network access with MAC address 01:41:14:65:50:AB?

• A. CDP_cdpCacheDeviceID_CONTAINS_
• B. MAC_MACAddress_CONTAINS_
• C. Radius_Called_Station-ID_STARTSWITH_
• D. MAC_OUI_STARTSWITH_