Winter Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: s2p65

Easiest Solution 2 Pass Your Certification Exams

300-715 Cisco Implementing and Configuring Cisco Identity Services Engine (SISE) v4.0 (300-715 SISE) Free Practice Exam Questions (2025 Updated)

Prepare effectively for your Cisco 300-715 Implementing and Configuring Cisco Identity Services Engine (SISE) v4.0 (300-715 SISE) certification with our extensive collection of free, high-quality practice questions. Each question is designed to mirror the actual exam format and objectives, complete with comprehensive answers and detailed explanations. Our materials are regularly updated for 2025, ensuring you have the most current resources to build confidence and succeed on your first attempt.

Cisco 300-715 Premium Access     Download Demo    
Page: 3 / 5
Total 299 questions

Which two actions must be verified to confirm that the internet is accessible via guest access when configuring a guest portal? (Choose two.)

A.

The guest device successfully associates with the correct SSID.

B.

The guest user gets redirected to the authentication page when opening a browser.

C.

The guest device has internal network access on the WLAN.

D.

The guest device can connect to network file shares.

E.

Cisco ISE sends a CoA upon successful guest authentication.

What is a function of client provisioning?

A.

Client provisioning ensures that endpoints receive the appropriate posture agents.

B.

Client provisioning checks a dictionary attribute with a value.

C.

Client provisioning ensures an application process is running on the endpoint.

D.

Client provisioning checks the existence, date, and versions of the file on a client.

Which platform does a Windows-based device download the Network Assistant Manager from?

A.

Microsoft app store

B.

Cisco Catalyst Switch

C.

native OS

D.

Cisco ISE

An administrator must provide wired network access to unidentified Cisco devices that fail 802.1X authentication. Cisco ISE profiling services must be configured to gather Cisco Discovery Protocol and LLDP endpoint information from a Cisco switch. These configurations were performed:

• configured switches to accept SNMP queries from Cisco ISE

• enabled Cisco Discovery Protocol and LLDP on the switches

• added the switch as a NAD to Cisco ISE

What must be enabled to complete the configuration?

A.

SNMP traps on the switch

B.

SNMP MIBs in Cisco ISE

C.

SNMP Trap probe in Cisco ISE

D.

SNMP Query probe in Cisco ISE

A user misplaces a personal phone and wants to blacklist the device from accessing the company network. The company uses Cisco ISE for corporate and BYOD device authentication. Which action must the user take in Cisco ISE?

A.

Sign in to the BYOD portal and mark the device as Lost.

B.

Sign in to the My Devices portal and mark the device as Lost.

C.

Sign in to the My Devices portal and mark the device as Irrecoverable.

D.

Sign in to the BYOD portal and mark the device as Irrecoverable.

Which command displays all 802 1X/MAB sessions that are active on the switch ports of a Cisco Catalyst switch?

A.

show authentication sessions output

B.

Show authentication sessions

C.

show authentication sessions interface Gi 1/0/x

D.

show authentication sessions interface Gi1/0/x output

An engineer is configuring ISE for network device administration and has devices that support both protocols. What are two benefits of choosing TACACS+ over RADUs for these devices? (Choose two.)

A.

TACACS+ is FIPS compliant while RADIUS is not

B.

TACACS+ is designed for network access control while RADIUS is designed for role-based access.

C.

TACACS+ uses secure EAP-TLS while RADIUS does not.

D.

TACACS+ provides the ability to authorize specific commands while RADIUS does not

E.

TACACS+ encrypts the entire payload being sent while RADIUS only encrypts the password.

An engineer is designing a new distributed deployment for Cisco ISE in the network and is considering failover options for the admin nodes. There is a need to ensure that an admin node is available for configuration of policies at all times. What is the requirement to enable this feature?

A.

one primary admin and one secondary admin node in the deployment

B.

one policy services node and one secondary admin node

C.

one policy services node and one monitoring and troubleshooting node

D.

one primary admin node and one monitoring and troubleshooting node

A Cisco ISE server sends a CoA to a NAD after a user logs in successfully using CWA Which action does the CoA perform?

A.

It terminates the client session

B.

It applies the downloadable ACL provided in the CoA

C.

It applies new permissions provided in the CoA to the client session.

D.

It triggers the NAD to reauthenticate the client

Which file extension is required when deploying Cisco ISE using a ZTP configuration file in Microsoft Hyper-V?

A.

.iso

B.

.txt

C.

.tar

D.

.img

Which two default endpoint identity groups does Cisco ISE create? (Choose two )

A.

block list

B.

endpoint

C.

profiled

D.

allow list

E.

unknown

An engineer is configuring static SGT classification. Which configuration should be used when authentication is disabled and third-party switches are in use?

A.

VLAN to SGT mapping

B.

IP Address to SGT mapping

C.

L3IF to SGT mapping

D.

Subnet to SGT mapping

What are two requirements of generating a single signing in Cisco ISE by using a certificate provisioning portal, without generating a certificate request? (Choose two )

A.

Location the CSV file for the device MAC

B.

Select the certificate template

C.

Choose the hashing method

D.

Enter the common name

E.

Enter the IP address of the device

An engineer is configuring the remote access VPN to use Cisco ISE for AAA and needs to conduct posture checks on the connecting endpoints After the endpoint connects, it receives its initial authorization result and continues onto the compliance scan What must be done for this AAA configuration to allow compliant access to the network?

A.

Configure the posture authorization so it defaults to unknown status

B.

Fix the CoA port number

C.

Ensure that authorization only mode is not enabled

D.

Enable dynamic authorization within the AAA server group

Which Cisco ISE deployment model is recommended for an enterprise that has over 50,000 concurrent active endpoints?

A.

large deployment with fully distributed nodes running all personas

B.

medium deployment with primary and secondary PAN/MnT/pxGrid nodes with shared PSNs

C.

medium deployment with primary and secondary PAN/MnT/pxGrid nodes with dedicated PSNs

D.

small deployment with one primary and one secondary node running all personas

Which are two characteristics of TACACS+? (Choose two)

A.

It uses TCP port 49.

B.

It combines authorization and authentication functions.

C.

It separates authorization and authentication functions.

D.

It encrypts the password only.

E.

It uses UDP port 49.

An engineer is configuring Cisco ISE policies to support MAB for devices that do not have 802.1X capabilities. The engineer is configuring new endpoint identity groups as conditions to be used in the AuthZ policies, but noticed that the endpoints are not hitting the correct policies. What must be done in order to get the devices into the right policies?

A.

Manually add the MAC addresses of the devices to endpoint ID groups in the context visibility database.

B.

Create an AuthZ policy to identify Unknown devices and provide partial network access prior to profiling.

C.

Add an identity policy to dynamically add the IP address of the devices to their endpoint identity groups.

D.

Identify the non 802.1X supported device types and create custom profiles for them to profile into.

An employee logs on to the My Devices portal and marks a currently on-boarded device as ‘Lost’.

Which two actions occur within Cisco ISE as a result oí this action? (Choose two)

A.

Certificates provisioned to the device are not revoked

B.

BYOD Registration status is updated to No

C.

The device access has been denied

D.

BYOD Registration status is updated to Unknown.

E.

The device status is updated to Stolen

An engineer is configuring 802.1X and is testing out their policy sets. After authentication, some endpoints are given an access-reject message but are still allowed onto the network. What is causing this issue to occur?

A.

The switch port is configured with authentication event server dead action authorize vlan.

B.

The authorization results for the endpoints include a dACL allowing access.

C.

The authorization results for the endpoints include the Trusted security group tag.

D.

The switch port is configured with authentication open.

An organization is adding nodes to their Cisco ISE deployment and has two nodes designated as primary and secondary PAN and MnT nodes. The organization also has four PSNs An administrator is adding two more PSNs to this deployment but is having problems adding one of them What is the problem?

A.

The new nodes must be set to primary prior to being added to the deployment

B.

The current PAN is only able to track a max of four nodes

C.

Only five PSNs are allowed to be in the Cisco ISE cube if configured this way.

D.

One of the new nodes must be designated as a pxGrid node

Cisco 300-715 Premium Access     Download Demo    
Page: 3 / 5
Total 299 questions
Copyright © 2014-2025 Solution2Pass. All Rights Reserved