Cisco® 300-715 Exam Practice Questions (P. 1)
- Full Access (337 questions)
- Six months of Premium Access
- Access to one million comments
- Seamless ChatGPT Integration
- Ability to download PDF files
- Anki Flashcard files for revision
- No Captcha & No AdSense
- Advanced Exam Configuration
Question #1
Which personas can a Cisco ISE node assume?
- Apolicy service, gatekeeping, and monitoring
- Badministration, monitoring, and gatekeeping
- Cadministration, policy service, and monitoringMost Voted
- Dadministration, policy service, gatekeeping
Correct Answer:
C
Reference:
https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_dis_deploy.html
C
Reference:
https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_dis_deploy.html
send
light_mode
delete
Question #2
What occurs when a Cisco ISE distributed deployment has two nodes and the secondary node is deregistered?
- AThe secondary node restarts.Most Voted
- BThe primary node restarts.
- CBoth nodes restart.
- DThe primary node becomes standalone.
Correct Answer:
C
C

When a secondary node is deregistered in a Cisco ISE distributed deployment with only two nodes, it is important to remember that changes in the node registration status can have widespread effects on the system's behavior. Specifically, both nodes typically restart to apply and recognize the configuration changes in the system effectively. This ensures that each node correctly understands its role and state within the deployment. This behavior aligns with standard operational procedures for maintaining system stability and preventing any discrepancies in node role recognition. Thus, it is crucial to plan for potential system downtime when reconfiguring node statuses.
send
light_mode
delete
Question #3
DRAG DROP -
Drag the steps to configure a Cisco ISE node as a primary administration node from the left into the correct order on the right.
Select and Place:

Drag the steps to configure a Cisco ISE node as a primary administration node from the left into the correct order on the right.
Select and Place:

Correct Answer:
Reference:
https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_dis_deploy.html

Reference:
https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_dis_deploy.html
send
light_mode
delete
Question #4
Which two features are available when the primary admin node is down and the secondary admin node has not been promoted? (Choose two.)
- Anew AD user 802.1X authenticationMost Voted
- Bhotspot
- CpostureMost Voted
- Dguest AUP
- EBYOD
Correct Answer:
BD
BD

In the scenario where the primary admin node of Cisco ISE is down and the secondary hasn't been promoted yet, it's crucial to distinguish between operational capabilities. When this situation arises, features such as Hotspot and Guest Acceptable Use Policy (AUP) remain functional. This means users will continue to access hotspots seamlessly and guest users can still adhere to defined usage policies without interruption. These capabilities remain online because they do not rely exclusively on the primary admin node being active, ensuring minimal disruption to user experience in guest and hotspot services during node failovers.
send
light_mode
delete
Question #5
Which supplicant(s) and server(s) are capable of supporting EAP-CHAINING?
- ACisco Secure Services Client and Cisco Access Control Server
- BCisco AnyConnect NAM and Cisco Identity Service EngineMost Voted
- CCisco AnyConnect NAM and Cisco Access Control Server
- DWindows Native Supplicant and Cisco Identity Service Engine
Correct Answer:
B
Reference:
https://www.cisco.com/c/en/us/support/docs/wireless-mobility/eap-fast/200322-Understanding-EAP-FAST-and-Chaining-imp.html
B
Reference:
https://www.cisco.com/c/en/us/support/docs/wireless-mobility/eap-fast/200322-Understanding-EAP-FAST-and-Chaining-imp.html
send
light_mode
delete
Question #6
What is a requirement for Feed Service to work?
- ATCP port 8080 must be opened between Cisco ISE and the feed server.
- BCisco ISE has access to an internal server to download feed update.
- CCisco ISE has a base license.
- DCisco ISE has Internet access to download feed update.Most Voted
Correct Answer:
B
B

The necessity for a Cisco ISE to have access to an internal server for downloading feed updates (answer B) is often misinterpreted. It's crucial to distinguish that while Cisco ISE can indeed download updates via an Internet connection directly from a Cisco feed server, configurations in certain network environments may necessitate the use of an internal server for these updates, particularly in air-gapped or highly secure networks where direct Internet access is restricted or not allowed. This internal server acts as a middleman, ensuring that updates can still be received securely, albeit indirectly. Essentially, the option to use an internal server expands the flexibility of deployment scenarios for Cisco ISE feed services, catering to various security policies of different organizations.
send
light_mode
delete
Question #7
What is a method for transporting security group tags throughout the network?
- Aby embedding the security group tag in the 802.1Q header
- Bby the Security Group Tag Exchange ProtocolMost Voted
- Cby enabling 802.1AE on every network device
- Dby embedding the security group tag in the IP header
Correct Answer:
B
B

The Security Group Tag Exchange Protocol (SXP) is indeed the correct method for transporting security group tags effectively across networks. This protocol allows for the exchange of Cisco TrustSec environment data, including security group tags, even over network segments that may not directly support TrustSec. By establishing peer relationships, SXP ensures the propagation of security policy and tag mappings throughout heterogeneous network environments, including those incorporating equipment from different vendors. This capacity makes SXP indispensable for maintaining coherent security postures across complex network topologies.
send
light_mode
delete
Question #8
An engineer is configuring a virtual Cisco ISE deployment and needs each persona to be on a different node.
Which persona should be configured with the largest amount of storage in this environment?
Which persona should be configured with the largest amount of storage in this environment?
- AMonitoring and TroubleshootingMost Voted
- BPolicy Services
- CPrimary Administration
- DPlatform Exchange Grid
Correct Answer:
A
A

The Monitoring and Troubleshooting (MnT) persona in Cisco ISE requires the largest amount of storage due to its responsibility for logging and analytical data. Hence, deploying this persona on a node with substantial storage capacity ensures the system can handle extensive logging without performance degradation. Ensuring correct storage sizing per Cisco's official ISE installation guides, particularly for the MnT persona, is crucial for effective network operations and troubleshooting.
send
light_mode
delete
Question #9
In a standalone Cisco ISE deployment, which two personas are configured on a node? (Choose two.)
- Asubscriber
- Bprimary
- CadministrationMost Voted
- Dpublisher
- Epolicy serviceMost Voted
Correct Answer:
CE
CE

In a standalone Cisco ISE deployment, the node functions with both the administration and policy service personas. These personas are essential for managing configurations and enforcing access policies directly on the same device. Persona types like pxGrid are not activated by default in such configurations. This setup allows for a streamlined management and operational efficiency, centralizing tasks without the need for additional nodes handling other services.
send
light_mode
delete
Question #10
A network engineer must enforce access control using special tags, without re-engineering the network design.
Which feature should be configured to achieve this in a scalable manner?
Which feature should be configured to achieve this in a scalable manner?
- ARBAC
- BdACL
- CSGTMost Voted
- DVLAN
Correct Answer:
C
Reference:
https://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise-networks/trustsec/branch-segmentation.pdf
C
Reference:
https://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise-networks/trustsec/branch-segmentation.pdf
send
light_mode
delete
All Pages