Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home Cisco® 300-715

Cisco® 300-715 Exam Practice Questions (P. 5)

  • Full Access (352 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #41
An administrator needs to connect ISE to Active Directory as an external authentication source and allow the proper ports through the firewall.
Which two ports should be opened to accomplish this task? (Choose two.)
  1. A
    TELNET: 23
  2. B
    HTTPS: 443
  3. C
    HTTP: 80
  4. D
    LDAP: 389
  5. E
    MSRPC:445

Correct Answer:
DE

Question #42
An engineer is implementing Cisco ISE and needs to configure 802.1X. The port settings are configured for port-based authentication.
Which command should be used to complete this configuration?
  1. A
    aaa authentication dot1x default group radius
  2. B
    dot1x system-auth-control
  3. C
    authentication port-control auto
  4. D
    dot1x pae authenticator

Correct Answer:
B

Question #43
DRAG DROP -
An organization wants to implement 802.1X and is debating whether to use PEAP-MSCHAPv2 or PEAP-EAP-TLS for authentication. Drag the characteristics on the left to the corresponding protocol on the right.
Select and Place:


Correct Answer:

Question #44
DRAG DROP -
Drag the descriptions on the left onto the components of 802.1X on the right.
Select and Place:


Correct Answer:

 Authenticator ג€" device that controls physical access to the network based on the authentication status
Supplicant - software on the endpoint that communicates with EAP at layer 2
Authentication server ג€" device that validates the identity of the endpoint and provides results to another device
Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_8021x/configuration/xe-3se/3850/sec-user-8021x-xe-3se-3850-book/config-ieee-802x- pba.html

Question #45
A network engineer is configuring Cisco TrustSec and needs to ensure that the Security Group Tag is being transmitted between two devices.
Where in the Layer 2 frame should this be verified?
  1. A
    payload
  2. B
    802.1 AE header
  3. C
    CMD field
  4. D
    802.1Q field

Correct Answer:
C
Reference:
https://www.cisco.com/c/dam/en/us/solutions/collateral/borderless-networks/trustsec/C07-730151-00_overview_of_trustSec_og.pdf

Question #46
A network administrator must configure endpoints using an 802.1X authentication method with EAP identity certificates that are provided by the Cisco ISE. When the endpoint presents the identity certificate to Cisco ISE to validate the certificate, endpoints must be authorized to connect to the network.
Which EAP type must be configured by the network administrator to complete this task?
  1. A
    EAP-TTLS
  2. B
    EAP-TLS
  3. C
    EAP-FAST
  4. D
    EAP-PEAP-MSCHAPv2

Correct Answer:
B
Reference:
https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/214975-configure-eap-tls-authentication-with-is.html

Question #47
An organization wants to standardize the 802.1X configuration on their switches and remove static ACLs on the switch ports while allowing Cisco ISE to communicate to the switch what access to provide.
What must be configured to accomplish this task?
  1. A
    dynamic access list within the authorization profile
  2. B
    extended access-list on the switch for the client
  3. C
    security group tag within the authorization policy
  4. D
    port security on the switch based on the client's information

Correct Answer:
C

Question #48

Refer to the exhibit.
In which scenario does this switch configuration apply?
  1. A
    when allowing a hub with multiple clients connected
  2. B
    when allowing multiple IP phones to be connected
  3. C
    when preventing users with hypervisor
  4. D
    when bypassing IP phone authentication

Correct Answer:
A
Reference;
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_8021x/configuration/xe-3se/5700/sec-user-8021x-xe-3se-5700-book/sec-ieee-802x-multi- auth.html

Question #49

Refer to the exhibit.
Which switch configuration change will allow only one voice and one data endpoint on each port?
  1. A
    auto to manual
  2. B
    mab to dot1x
  3. C
    multi-auth to multi-domain
  4. D
    multi-auth to single-auth

Correct Answer:
C
Reference:
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9300/software/release/16-6/configuration_guide/sec/b_166_sec_9300_cg/ configuring_ieee_802_1x_port_based_authentication.html

Question #50
A network security engineer needs to configure 802.1X port authentication to allow a single host to be authenticated for data and another single host to be authenticated for voice.
Which command should the engineer run on the interface to accomplish this goal?
  1. A
    authentication host-mode multi-domain
  2. B
    authentication host-mode single-host
  3. C
    authentication host-mode multi-auth
  4. D
    authentication host-mode multi-host

Correct Answer:
A
Reference:
https://www.pearsonitcertification.com/articles/article.aspx?p=1762597

Previous Questions Next Questions

All Pages