Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home Cisco® 300-715

Cisco® 300-715 Exam Practice Questions (P. 2)

  • Full Access (352 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #11
A network engineer is configuring a network device that needs to filter traffic based on security group tags using a security policy on a routed interface.
Which command should be used to accomplish this task?
  1. A
    cts role-based policy priority-static
  2. B
    cts cache enable
  3. C
    cts authorization list
  4. D
    cts role-based enforcement

Correct Answer:
D
chatbot-img GPT-4o - Answer
Absolutely, the command "cts role-based enforcement" is spot on when you need to filter traffic based on security group tags (SGTs) in a Cisco environment. This command activates SGACL (Security Group Access Control List) enforcement on routed interfaces where Cisco TrustSec is enabled. It specifically targets the application of security policies based on the tagged data traffic, ensuring appropriate access control in line with defined security policies. This configuration is indeed essential for network scalability and streamlined security management, especially in complex network architectures.

Question #12
In a Cisco ISE split deployment model, which load is split between the nodes?
  1. A
    log collection
  2. B
    device admission
  3. C
    AAA
  4. D
    network admission

Correct Answer:
A
chatbot-img GPT-4o - Answer
In examining Cisco ISE split deployments, it's crucial to recognize that the AAA (Authentication, Authorization, and Accounting) workload is indeed distributed across primary and secondary nodes. This strategy optimizes the AAA process flows, enhancing the system's efficiency by ensuring that both nodes are capable of independently handling the full AAA workload. This approach not only mitigates the risk of a single point of failure but also maintains smooth operations across the network, affirming the need for a split setup in robust deployment configurations.

Question #13
What is the deployment mode when two Cisco ISE nodes are configured in an environment?
  1. A
    standalone
  2. B
    distributed
  3. C
    standard
  4. D
    active

Correct Answer:
B
Reference:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/admin_guide/b_ise_admin_guide_22/b_ise_admin_guide_22_chapter_010.html

Question #14
An engineer is testing Cisco ISE policies in a lab environment with no support for a deployment server. In order to push supplicant profiles to the workstations for testing, firewall ports will need to be opened.
From which Cisco ISE persona should this traffic be originating?
  1. A
    administration
  2. B
    authentication
  3. C
    policy service
  4. D
    monitoring

Correct Answer:
B
chatbot-img GPT-4o - Answer
The correct answer is indeed the Policy Service persona (C). It is responsible for handling interactions with endpoints, including pushing supplicant profiles which requires determining the appropriate Network Services Policy (NSP) for any Bring Your Own Device (BYOD) processes. The Policy Service Node (PSN) evaluates the Client Provisioning Policy (CPP) to make these determinations effectively.

Question #15
What does a fully distributed Cisco ISE deployment include?
  1. A
    PAN and MnT on the same node while PSNs are on their own dedicated nodes.
  2. B
    All Cisco ISE personas are sharing the same node.
  3. C
    All Cisco ISE personas on their own dedicated nodes.
  4. D
    PAN and PSN on the same node while MnTs are on their own dedicated nodes.

Correct Answer:
D
Reference:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-6/admin_guide/b_ISE_26_admin_guide/b_ISE_admin_26_deployment.html

Question #16
An engineer is configuring 802.1X and wants it to be transparent from the users' point of view. The implementation should provide open authentication on the switch ports while providing strong levels of security for non-authenticated devices.
Which deployment mode should be used to achieve this?
  1. A
    closed
  2. B
    high-impact
  3. C
    low-impact
  4. D
    open

Correct Answer:
C
Reference:
https://community.cisco.com/t5/security-documents/ise-secure-wired-access-prescriptive-deployment-guide/ta-p/3641515

Question #17
A network administrator changed a Cisco ISE deployment from pilot to production and noticed that the JVM memory utilization increased significantly. The administrator suspects this is due to replication between the nodes.
What must be configured to minimize performance degradation?
  1. A
    Enable the endpoint attribute filter.
  2. B
    Review the profiling policies for any misconfiguration.
  3. C
    Ensure that Cisco ISE is updated with the latest profiler feed update.
  4. D
    Change the reauthentication interval.

Correct Answer:
A
Reference:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/admin_guide/b_ise_admin_guide_23/b_ise_admin_guide_23_chapter_010111.html

Question #18
An administrator is attempting to replace the built-in self-signed certificates on a Cisco ISE appliance. The CA is requesting some information about the appliance in order to sign the new certificate.
What must be done in order to provide the CA this information?
  1. A
    Install the Root CA and intermediate CA.
  2. B
    Generate the CSR.
  3. C
    Download the CA server certificate.
  4. D
    Download the intermediate server certificate.

Correct Answer:
B
chatbot-img GPT-4o - Answer
To provide the necessary information to a Certificate Authority (CA) for signing new certificates, a Certificate Signing Request (CSR) must be generated on the Cisco ISE appliance. The CSR includes all essential details such as the organization’s name, domain, and public key, which the CA requires to authenticate and create a valid certificate. Upon receiving the signed certificate from the CA, it can then be installed back on the ISE to replace the self-signed certificates effectively.

Question #19
An administrator is adding network devices for a new medical building into Cisco ISE. These devices must be in a network device group that is identifying them as
`Medical Switch` so that the policies can be made separately for the endpoints connecting through them.
Which configuration item must be changed in the network device within Cisco ISE to accomplish this goal?
  1. A
    Change the device profile to Medical Switch.
  2. B
    Change the device type to Medical Switch.
  3. C
    Change the device location to Medical Switch.
  4. D
    Change the model name to Medical Switch.

Correct Answer:
B
chatbot-img GPT-4o - Answer
Absolutely spot on! To categorize network devices into a specific group like 'Medical Switch' in Cisco ISE, you need to adjust the 'device type'. This categorization helps in applying targeted policies based on the type of device rather than their location or model. This is crucial in environments like medical facilities where specific policies and access controls need to be meticulously applied per device type to ensure security and efficiency. Always remember, the device type lays the groundwork for how the network will interpret and manage the traffic coming from these devices.

Question #20
An organization wants to split their Cisco ISE deployment to separate the device administration functionalities from the main deployment. For this to work, the administrator must deregister any nodes that will become a part of the new deployment, but the button for this option is grayed out.
Which configuration is causing this behavior?
  1. A
    All of the nodes are actively being synched.
  2. B
    All of the nodes participate in the PAN auto failover.
  3. C
    One of the nodes is an active PSN.
  4. D
    One of the nodes is the Primary PAN.

Correct Answer:
D
Reference:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/Workflow/PDF/b_ISE_admin_24_pdf.pdf

Previous Questions Next Questions

All Pages