300-715試験無料問題集（377題）「Cisco Implementing and Configuring Cisco Identity Services Engine 認定」

出題：1

Which configuration is required in the Cisco ISE authentication policy to allow Central Web Authentication?

A. MAB and if authentication failed, continue

B. Dot1x and if authentication failed, continue

C. MAB and if user not found, continue

D. Dot1x and if user not found, continue

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：2

An engineer is creating a new authorization policy to give the endpoints access to VLAN 310 upon successful authentication. The administrator tests the 802.1X authentication for the endpoint and sees that it is authenticating successfully. What must be done to ensure that the endpoint is placed into the correct VLAN?

A. Configure the switchport access vlan 310 command on the switch port

B. Add VLAN 310 in the common tasks of the authorization profile

C. Ensure that the endpoint is using The correct policy set

D. Ensure that the security group is not preventing the endpoint from being in VLAN 310

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：3

An engineer builds a five-node distributed Cisco ISE deployment. The first two deployed nodes are responsible for the primary and secondary administration and monitoring personas.
Which persona configuration is necessary to have the remaining three Cisco ISE nodes serve as dedicated nodes in the Cisco ISE cube that is responsible only for handling the RADIUS and TACACS+ authentication requests, identity lookups, and policy evaluation?

A.

B.

C.

D.

正解：C 解答を投票する

出題：4

An engineer needs to configure Cisco ISE Profiling Services to authorize network access for IP speakers that require access to the intercom system. This traffic needs to be identified if the ToS bit is set to 5 and the destination IP address is the intercom system. What must be configured to accomplish this goal?

A. RADIUS

B. pxGrid

C. NETFLOW

D. NMAP

正解：C 解答を投票する

出題：5

An engineer is starting to implement a wired 802.1X project throughout the campus. The task is for failed authentication to be logged to Cisco ISE and also have a minimal impact on the users.
Which command must the engineer configure?

A. pae dot1x enabled

B. authentication host-mode multi-auth

C. monitor-mode enabled

D. authentication open

正解：C 解答を投票する

出題：6

An administrator is configuring posture assessment in Cisco ISE for the first time. Which two components must be uploaded to Cisco ISE to use Secure Client for the agent configuration in a client provisioning policy? (Choose two.)

A. Secure Client agent image

B. SecureClientProtie.xsd file

C. Secure Client network visibility module

D. SecureClientProfie.xml file

E. Secure Client compliance module

正解：A,E 解答を投票する

出題：7

An organization wants to split their Cisco ISE deployment to separate the device administration functionalities from the mam deployment. For this to work, the administrator must deregister any nodes that will become a part of the new deployment, but the button for this option is grayed out.
Which configuration is causing this behavior?

A. All of the nodes are actively being synched.

B. All of the nodes participate in the PAN auto failover.

C. One of the nodes is an active PSN.

D. One of the nodes is the Primary PAN

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：8

Which type of identity store allows for creating single-use access credentials in Cisco ISE?

A. PKI

B. OpenLDAP

C. Local

D. RSA SecurID

正解：D 解答を投票する

出題：9

Which two default endpoint identity groups does Cisco ISE create? (Choose two )

A. endpoint

B. block list

C. unknown

D. allow list

E. profiled

正解：C,E 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：10

What is a function of client provisioning?

A. Client provisioning ensures an application process is running on the endpoint.

B. Client provisioning ensures that endpoints receive the appropriate posture agents.

C. Client provisioning checks the existence, date, and versions of the file on a client.

D. Client provisioning checks a dictionary attribute with a value.

正解：B 解答を投票する

出題：11

An administrator for a small network is configuring Cisco ISE to provide dynamic network access to users.
Management needs Cisco ISE to not automatically trigger a CoA whenever a profile change is detected.
Instead, the administrator needs to verify the new profile and manually trigger a CoA.
What must be configuring in the profiler to accomplish this goal?

A. Session Query

B. Reauth

C. No CoA

D. Port Bounce

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：12

An engineer wants to ease the management of endpoint identity groups from the Cisco ISE GUI.
From the Identity Management menu in Cisco ISE, the engineer must be able to list the endpoint identity groups with a name that contains Android. Which task must the engineer perform?

A. Create and save an advanced filter with name equals Android as the criteria.

B. Create an identity group named Android and populate the group with Android devices only.

C. Create and save a quick filter with name equals Android as the criteria.

D. Create an identity group named Android and set the parent group to profiled.

正解：A 解答を投票する

出題：13

When configuring Active Directory groups, an administrator is attempting to retrieve a group that has a name that is ambiguous with another group. What must be done so that the correct group is returned?

A. Use the SID as the identifier for the group.

B. Select both groups, and use a TCT pointer to identity the appropriate one.

C. Configure MAB to utilize one group, and 802 1xto utilize the conflicting group.

D. Utilize MIB entries to identify the desired group.

正解：A 解答を投票する

出題：14

Which device acts as an authenticator during the 802.1X authentication process?

A. RADIUS server

B. Cisco switch

C. LDAP server

D. Cisco ISE PSN

正解：B 解答を投票する

300-715試験無料問題集「Cisco Implementing and Configuring Cisco Identity Services Engine 認定」