New Year Sale Special - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmaspas7

Easiest Solution 2 Pass Your Certification Exams

300-715 Cisco Implementing and Configuring Cisco Identity Services Engine (SISE) v4.0 (300-715 SISE) Free Practice Exam Questions (2025 Updated)

Prepare effectively for your Cisco 300-715 Implementing and Configuring Cisco Identity Services Engine (SISE) v4.0 (300-715 SISE) certification with our extensive collection of free, high-quality practice questions. Each question is designed to mirror the actual exam format and objectives, complete with comprehensive answers and detailed explanations. Our materials are regularly updated for 2025, ensuring you have the most current resources to build confidence and succeed on your first attempt.

Cisco 300-715 Premium Access     Download Demo    
Page: 4 / 5
Total 299 questions

An engineer is configuring 802.1X and is testing out their policy sets. After authentication, some endpoints are given an access-reject message but are still allowed onto the network. What is causing this issue to occur?

A.

The switch port is configured with authentication event server dead action authorize vlan.

B.

The authorization results for the endpoints include a dACL allowing access.

C.

The authorization results for the endpoints include the Trusted security group tag.

D.

The switch port is configured with authentication open.

What are the minimum requirements for deploying the Automatic Failover feature on Administration nodes in a distributed Cisco ISE deployment?

A.

a primary and secondary PAN and a health check node for the Secondary PAN

B.

a primary and secondary PAN and no health check nodes

C.

a primary and secondary PAN and a pair of health check nodes

D.

a primary and secondary PAN and a health check node for the Primary PAN

A network administrator is configuring a new access switch to use with Cisco ISE for network access control. There is a need to use a centralized server for the reauthentication timers. What must be configured in order to accomplish this task?

A.

Configure Cisco ISE to replace the switch configuration with new timers.

B.

Configure Cisco ISE to block access after a certain period of time.

C.

Issue the authentication timer reauthenticate server command on the switch.

D.

Issue the authentication periodic command on the switch.

What is a valid status of an endpoint attribute during the device registration process?

A.

block listed

B.

pending

C.

unknown

D.

DenyAccess

Refer to the exhibit Which component must be configured to apply the SGACL?

A.

egress router

B.

host

C.

secure server

D.

ingress router

Which two actions occur when a Cisco ISE server device administrator logs in to a device? (Choose two)

A.

The device queries the internal identity store

B.

The Cisco ISE server queries the internal identity store

C.

The device queries the external identity store

D.

The Cisco ISE server queries the external identity store.

E.

The device queries the Cisco ISE authorization server

A network administrator is configuring client provisioning resource policies for client machines and must ensure that an agent pop-up is presented to the client when attempting to connect to the network Which configuration item needs to be added to allow for this'?

A.

the client provisioning URL in the authorization policy

B.

a temporal agent that gets installed onto the system

C.

a remote posture agent proxying the network connection

D.

an API connection back to the client

A network engineer is configuring Cisco TrustSec and needs to ensure that the Security Group Tag is being transmitted between two devices Where in the Layer 2 frame should this be verified?

A.

CMD filed

B.

802.1Q filed

C.

Payload

D.

802.1 AE header

What should be considered when configuring certificates for BYOD?

    An endpoint certificate is mandatory for the Cisco ISE BYOD

A.

An Android endpoint uses EST whereas other operation systems use SCEP for enrollment

B.

The CN field is populated with the endpoint host name.

C.

The SAN field is populated with the end user name

Which two events trigger a CoA for an endpoint when CoA is enabled globally for ReAuth? (Choose two.)

A.

endpoint marked as lost in My Devices Portal

B.

addition of endpoint to My Devices Portal

C.

endpoint profile transition from Apple-Device to Apple-iPhone

D.

endpoint profile transition from Unknown to Windows 10-Workstation

E.

updating of endpoint dACL.

An administrator is manually adding a device to a Cisco ISE identity group to ensure that it is able to access the network when needed without authentication Upon testing, the administrator notices that the device never hits the correct authorization policy line using the condition EndPoints LogicalProfile EQUALS static_list Why is this occurring?

A.

The dynamic logical profile is overriding the statically assigned profile

B.

The device is changing identity groups after profiling instead ot remaining static

C.

The logical profile is being statically assigned instead of the identity group

D.

The identity group is being assigned instead of the logical profile

Which two ports must be open between Cisco ISE and the client when you configure posture on Cisco ISE? (Choose two).

A.

TCP 8443

B.

TCP 8906

C.

TCP 443

D.

TCP 80

E.

TCP 8905

Which command displays all 802 1X/MAB sessions that are active on the switch ports of a Cisco Catalyst switch?

A.

show authentication sessions output

B.

Show authentication sessions

C.

show authentication sessions interface Gi 1/0/x

D.

show authentication sessions interface Gi1/0/x output

A company manager is hosting a conference. Conference participants must connect to an open guest SSID and only use a preassigned code that they enter into the guest portal prior to gaining access to the network. How should the manager configure Cisco ISE to accomplish this goal?

A.

Create entries in the guest identity group for all participants.

B.

Create an access code to be entered in the AUP page.

C.

Create logins for each participant to give them sponsored access.

D.

Create a registration code to be entered on the portal splash page.

An engineer is configuring TACACS+ within Cisco ISE for use with a non-Cisco network device. They need to send special attributes in the Access-Accept response to ensure that the users are given the appropriate access. What must be configured to accomplish this'?

A.

dACLs to enforce the various access policies for the users

B.

custom access conditions for defining the different roles

C.

shell profiles with custom attributes that define the various roles

D.

TACACS+ command sets to provide appropriate access

Which port does Cisco ISE use for native supplicant provisioning of a Windows laptop?

A.

TCP 8909

B.

TCP 8905

C.

UDP 1812

D.

TCP 443

A network administrator is configuring authorization policies on Cisco ISE There is a requirement to use AD group assignments to control access to network resources After a recent power failure and Cisco ISE rebooting itself, the AD group assignments no longer work What is the cause of this issue?

A.

The AD join point is no longer connected.

B.

The AD DNS response is slow.

C.

The certificate checks are not being conducted.

D.

The network devices ports are shut down.

An engineer needs to configure Cisco ISE Profiling Services to authorize network access for IP speakers that require access to the intercom system. This traffic needs to be identified if the ToS bit is set to 5 and the destination IP address is the intercom system. What must be configured to accomplish this goal?

A.

NMAP

B.

NETFLOW

C.

pxGrid

D.

RADIUS

A network engineer must enable a profiling probe. The profiling must take details through the Active Directory. Where in the Cisco ISE interface would the engineer enable the probe?

A.

Policy > Policy Elements > Profiling

B.

Administration > Deployment > System > Profiling

C.

Policy > Deployment > System > Profiling

D.

Administration > System > Deployment > Profiling

An engineer is designing a new distributed deployment for Cisco ISE in the network and is considering failover options for the admin nodes. There is a need to ensure that an admin node is available for configuration of policies at all times. What is the requirement to enable this feature?

A.

one primary admin and one secondary admin node in the deployment

B.

one policy services node and one secondary admin node

C.

one policy services node and one monitoring and troubleshooting node

D.

one primary admin node and one monitoring and troubleshooting node

Cisco 300-715 Premium Access     Download Demo    
Page: 4 / 5
Total 299 questions
Copyright © 2014-2025 Solution2Pass. All Rights Reserved