• Home
  • Blogs
  • [Q16-Q38] Cisco 300-715 Practice Verified Answers - Pass Your Exams For Sure! [2021]

[Q16-Q38] Cisco 300-715 Practice Verified Answers - Pass Your Exams For Sure! [2021]

Share

Cisco 300-715 Practice Verified Answers - Pass Your Exams For Sure! [2021]

Valid Way To Pass CCNP Security's  300-715 Exam

NEW QUESTION 16
When creating a policy within Cisco ISE for network access control, the administrator wants to allow different access restrictions based upon the wireless SSID to which the device is connecting. Which policy condition must be used in order to accomplish this?

  • A. Radius Called-Station-ID CONTAINS <SSID Name>
  • B. Network Access NetworkDeviceName CONTAINS <SSID Name>
  • C. Airespace Airespace-Wlan-ld CONTAINS <SSID Name>
  • D. DEVICE Device Type CONTAINS <SSID Name>

Answer: B

 

NEW QUESTION 17
An administrator is configuring a Cisco ISE posture agent in the client provisioning policy and needs to ensure that the posture policies that interact with clients are monitored, and end users are required to comply with network usage rules Which two resources must be added in Cisco ISE to accomplish this goal? (Choose two)

  • A. AnyConnect
  • B. PEAP
  • C. Cisco ISE NAC
  • D. Posture Agent
  • E. Supplicant

Answer: A,D

Explanation:
https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect40/administration/guide/b_AnyConnect_Administrator_Guide_4-0/configure-posture.html
https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ISE_admin_guide_24/m_configure_client_provisioning.html#task_D1C2E8ECE1D54D259C01BCBF0A5822F1

 

NEW QUESTION 18
An engineer is configuring Cisco ISE and needs to dynamically identify the network endpoints and ensure that endpoint access is protected.
Which service should be used to accomplish this task?

  • A. guest access
  • B. client provisioning
  • C. profiling
  • D. posture

Answer: C

Explanation:
Section: Profiler
Explanation

 

NEW QUESTION 19
Drag the steps to configure a Cisco ISE node as a primary administration node from the left into the correct order on the night.

Answer:

Explanation:

Explanation
https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ise_admin_guide_24/b_ise_admin_guide Step 1 Choose Administration > System > Deployment.
The Register button will be disabled initially. To enable this button, you must configure a Primary PAN.
Step 2
Check the check box next to the current node, and click Edit.
Step 3
Click Make Primary to configure your Primary PAN.
Step 4
Enter data on the General Settings
Step 5
Click Save to save the node configuration.

 

NEW QUESTION 20
An organization is hosting a conference and must make guest accounts for several of the speakers attending.
The conference ended two days early but the guest accounts are still being used to access the network. What must be configured to correct this?

  • A. Create an authorization rule denying sponsored guest access.
  • B. Create an authorization rule denying guest access.
  • C. Navigate to the Guest Portal and delete the guest accounts.
  • D. Navigate to the Sponsor Portal and suspend the guest accounts.

Answer: D

 

NEW QUESTION 21
How is policy services node redundancy achieved in a deployment?

  • A. by enabling VIP
  • B. by utilizing RADIUS server list on the NAD
  • C. by creating a node group
  • D. by deploying both primary and secondary node

Answer: D

 

NEW QUESTION 22
Which two components are required for creating a Native Supplicant Profile within a BYOD flow? (Choose two.)

  • A. Operating System
  • B. iOS Settings
  • C. Connection Type
  • D. Redirect ACL
  • E. Windows Settings

Answer: A,B

Explanation:
Section: BYOD

 

NEW QUESTION 23
Which personas can a Cisco ISE node assume?

  • A. administration, policy service, and monitoring
  • B. administration, policy service, gatekeeping
  • C. policy service, gatekeeping, and monitoring
  • D. administration, monitoring, and gatekeeping

Answer: A

Explanation:
Section: Architecture and Deployment
Explanation/Reference: https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_dis_deploy.html

 

NEW QUESTION 24
An administrator is configuring TACACS+ on a Cisco switch but cannot authenticate users with Cisco ISE. The configuration contains the correct key of Cisc039712287. but the switch is not receiving a response from the Cisco ISE instance What must be done to validate the AAA configuration and identify the problem with the TACACS+ servers?

  • A. Validate that the key value is correct using the test aaa authentication admin <key> legacy command.
  • B. Confirm the authorization policies are correct using the test aaa authorization admin drop legacy command.
  • C. Test the user account on the server using the test aaa group radius server CUCS user admin pass <key> legacy command.
  • D. Check for server reachability using the test aaa group tacacs+ admin <key> legacy command.

Answer: D

Explanation:
https://medium.com/training-course-ccna-security-210-260/ccna-security-part-3-implementing-aaa-in-cisco-ios-4b13ab285f51

 

NEW QUESTION 25
An administrator is adding a switch to a network that is running Cisco ISE and is only for IP Phones The phones do not have the ability to authenticate via 802 1X Which command is needed on each switch port for authentication?

  • A. dot1x system-auth-control
  • B. mab
  • C. enable network-authentication
  • D. enable bypass-mac

Answer: B

Explanation:
https://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_aaa/configuration/15-2mt/sec-config-mab.html

 

NEW QUESTION 26
A Cisco ISE server sends a CoA to a NAD after a user logs in successfully using CWA Which action does the CoA perform?

  • A. It applies the downloadable ACL provided in the CoA
  • B. It terminates the client session
  • C. It applies new permissions provided in the CoA to the client session.
  • D. It triggers the NAD to reauthenticate the client

Answer: A

Explanation:
Reference:
https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732-central-web-auth-00.html
https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/113362-config-web-auth-ise-00.html

 

NEW QUESTION 27
A network security engineer needs to configure 802.1X port authentication to allow a single host to be authenticated for data and another single host to be authenticated for voice. Which command should the engineer run on the interface to accomplish this goal?

  • A. authentication host-mode multi-auth
  • B. authentication host-mode single-host
  • C. authentication host-mode multi-domain
  • D. authentication host-mode multi-host

Answer: A

 

NEW QUESTION 28
In a Cisco ISE split deployment model, which load is split between the nodes?

  • A. log collection
  • B. AAA
  • C. device admission
  • D. network admission

Answer: B

Explanation:
Explanation
https://www.cisco.com/c/en/us/td/docs/security/ise/2-6/install_guide/b_ise_InstallationGuide26.pdf

 

NEW QUESTION 29
In a standalone Cisco ISE deployment, which two personas are configured on a node? (Choose two )

  • A. administration
  • B. subscriber
  • C. primary
  • D. publisher
  • E. policy service

Answer: A,E

Explanation:
Reference:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-0/admin_guide/b_ise_admin_guide_20/b_ise_admin_guide_20_chapter_010.html

 

NEW QUESTION 30
An administrator needs to give the same level of access to the network devices when users are logging into them using TACACS+ However, the administrator must restrict certain commands based on one of three user roles that require different commands How is this accomplished without creating too many objects using Cisco ISE?

  • A. Create one shell profile and one command set.
  • B. Create multiple shell profiles and multiple command sets.
  • C. Create multiple shell profiles and one command set
  • D. Create one shell profile and multiple command sets.

Answer: B

Explanation:
Reference:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_0100010.html
https://www.youtube.com/watch?v=IlZwB71Szog&ab_channel=JasonMaynard

 

NEW QUESTION 31
An engineer is configuring a virtual Cisco ISE deployment and needs each persona to be on a different node. Which persona should be configured with the largest amount of storage in this environment?

  • A. policy Services
  • B. Primary Administration
  • C. Platform Exchange Grid
  • D. Monitoring and Troubleshooting

Answer: D

 

NEW QUESTION 32
Which command displays all 802.1X/MAB sessions that are active on the switch ports of a Cisco Catalyst switch?

  • A. show authentication sessions interface Gi 1/0/x
  • B. show authentication sessions
  • C. show authentication sessions output
  • D. show authentication sessions interface Gi1/0/x output

Answer: A

Explanation:
Section: Policy Enforcement
Explanation/Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/s1/sec-s1-xe-3se-3850-cr-book/sec-s1- xe-3se-3850-cr-book_chapter_01.html#wp3404908137

 

NEW QUESTION 33
There are several devices on a network that are considered critical and need to be placed into the ISE database and a policy used for them. The organization does not want to use profiling. What must be done to accomplish this goal?

  • A. Enter the IP address in the correct Logical Profile.
  • B. Enter the MAC address in the correct Endpoint Identity Group.
  • C. Enter the IP address in the correct Endpoint Identity Group.
  • D. Enter the MAC address in the correct Logical Profile.

Answer: C

 

NEW QUESTION 34
If a user reports a device lost or stolen, which portal should be used to prevent the device from accessing the network while still providing information about why the device is blocked?

  • A. Guest
  • B. Blacklist
  • C. Client Provisioning
  • D. BYOD

Answer: B

 

NEW QUESTION 35
Which personas can a Cisco ISE node assume'?

  • A. administration, policy service, and monitoring
  • B. administration, policy service, gatekeeping
  • C. policy service, gatekeeping, and monitoring
  • D. administration, monitoring, and gatekeeping

Answer: A

Explanation:
Explanation
https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_dis_deploy.html The persona or personas of a node determine the services provided by a node. An ISE node can assume any or all of the following personas: Administration, Policy Service, and Monitoring. The menu options that are available through the administrative user interface are dependent on the role and personas that an ISE node assumes. See Cisco ISE Nodes and Available Menu Options for more information.

 

NEW QUESTION 36
Drag the steps to configure a Cisco ISE node as a primary administration node from the left into the correct order on the night.

Answer:

Explanation:

Explanation
https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ise_admin_guide_24/b_ise_admin_guide Step 1 Choose Administration > System The Register button will be disabled initially. To enable this button, you must configure a Primary PAN.
Step 2
Check the check box next to the current node, and click
Step 3
Click Make Primary to configure your Primary PAN.
Step 4
Enter data on the General Settings tab.
Step 5
Click Save to save the node configuration.

 

NEW QUESTION 37
Which term refers to an endpoint agent that tries to join an 802 1X-enabled network?

  • A. EAP server
  • B. authenticator
  • C. client
  • D. supplicant

Answer: B

 

NEW QUESTION 38
......

Cisco 300-715 Pre-Exam Practice Tests | Exams-boost: https://www.exams-boost.com/300-715-valid-materials.html

300-715 practice test questions, answers, explanations: https://drive.google.com/open?id=1YZtGKMs682Fip4FH8DTKwy2ZnYo3feGx

Related Blogs

more
Cisco 300-715 Certification Practice Exam

Copyright © 2026 EXAMS-BOOST.COM. All rights reserved. All trademarks are the property of their respective owners and we don't provide actual questions from any vendor.