Cisco®
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk®
Scrum
All Vendors
  2. Home
  3. Exams
  4. Cisco®
  5. 300-715

Free 300-715 Exam Braindumps (page: 27)

Page 26 of 93
PDF with 367 Questions

An administrator is configuring MAB and needs to create profiling policies to support devices that do not match the built-in profiles.
Which two steps must the administrator take in order to use these new profiles in authorization policies? (Choose two.)

  1. Edit the authorization policy to give the profiles as a result of the authentication and authorization results
  2. Use the profiling policies as the matching conditions in each authorization policy
  3. Modify the endpoint identity group to feed the profiling policies into and match the parent group in the policy
  4. Configure the profiling policy to make a matching identity group and use the group in the authorization policy
  5. Feed the profiling policies into a logical profile and use the logical profile in the authorization policy

Answer(s): D,E



An administrator must enable scanning for specific endpoints when they attempt to access the network. The scanning must be triggered as a result of successful authentication.
Which action accomplishes this task?

  1. Modify the authorization policy to send init_endpoint_scan as a result to the authenticator.
  2. Create an authorization profile with scanning enabled and add it to the authorization policy that the endpoints will hit.
  3. Add an entry in the authentication conditions to allow only scanned endpoints access, then redirect everything else to the portal to initiate the scan.
  4. Configure the endpoint scanning probe to profile the endpoint correctly and assign it a risk score.

Answer(s): B



A network engineer responsible for the switching environment must provision a new switch to properly propagate security group tags within the TrustSec inline method.
Which CLI command must the network engineer enter on the switch to globally enable the tagging of SGTs?

  1. cts sxp enable
  2. cts manual
  3. cts role-based sgt-map
  4. cts role-based enforcement

Answer(s): B



A client connects to a network and the authenticator device learns the MAC address 11:22:33:44:55:AA of this client. After the MAC address is learned, the 802.1 x authentication process begins on this port.
Which ISE deployment mode restricts all traffic initially, applies a rule for access control if 802.1x authentication is successful, and can be configured to grant only limited access if 802.1 x authentication is unsuccessful?

  1. open mode
  2. monitor mode
  3. closed mode
  4. low-impact mode

Answer(s): C

Explanation:

In closed mode, the port is initially in a restricted state, allowing no traffic until the 802.1x authentication process is completed successfully. Once the client passes authentication, access control rules are applied based on policies defined in Cisco ISE. These rules determine the level of access the authenticated client is granted.






Post your Comments and Discuss Cisco® 300-715 exam with other Community members:

Exam Discussions & Posts