Free 300-715 Exam Braindumps (page: 31)

Page 30 of 93

A client with MAC address 11:22:33:44:55:AA connects to the network. The client does not support 802.1X.
Which setting must be enabled in the Allowed Authentication Protocols list in your Authentication Policy for Cisco ISE Server to support MAB authentication for this MAC address?

  1. Process Host Lookup
  2. EAP-FAST
  3. EAP-TTLS
  4. MS-CHAPv2

Answer(s): A



An engineer is deploying Cisco ISE in a network that contains an existing Cisco Secure Firewall ASA. The customer requested that Cisco TrustSec be configured so that Cisco ISE and the firewall can share SGT information.
Which protocol must be configured on Cisco ISE to meet the requirement?

  1. RADIUS
  2. pxGrid
  3. PAC
  4. SXP

Answer(s): D

Explanation:

Cisco TrustSec uses Security Group Tags (SGTs) to implement security policies based on user roles and access permissions. To share SGT information between Cisco ISE and Cisco Secure Firewall ASA, the SGT Exchange Protocol (SXP) must be configured.
SXP: This protocol is specifically designed to exchange SGT information between devices that cannot propagate SGTs natively in their data plane (like ASA firewalls).
pxGrid: While it facilitates integration and sharing of policy information, it is not used for SGT propagation.
RADIUS: Used for authentication, authorization, and accounting, but not for SGT information sharing.
PAC (Protected Access Credential): Relevant for EAP-FAST authentication, not for SGT exchange.
By configuring SXP on both Cisco ISE and the ASA firewall, SGT mappings can be securely shared, allowing the firewall to enforce TrustSec policies.



Which component of the 802.1X authentication process provides the identity credentials and communicates using EAP at Layer 2?

  1. authentication server
  2. authenticator
  3. authentication database
  4. supplicant

Answer(s): D

Explanation:

In the 802.1X authentication framework, the supplicant is the device or software application that provides the identity credentials (such as a username and password or digital certificate) during the authentication process. It communicates with the authenticator using the Extensible Authentication Protocol (EAP) at Layer 2.
The supplicant is essential for initiating the authentication process and ensures secure communication of identity credentials via EAP.



An engineer is configuring a new Cisco ISE node. The Cisco ISE must make authorization decisions based on the threat and vulnerability attributes received from the threat and vulnerability adapters.
Which persona must be enabled?

  1. pxGrid
  2. Policy Service
  3. Administration
  4. Monitoring

Answer(s): A

Explanation:

To enable Cisco ISE to make authorization decisions based on threat and vulnerability attributes received from external sources, the pxGrid persona must be enabled. pxGrid (Platform Exchange Grid) is a Cisco ISE service that facilitates communication between ISE and third-party systems for the exchange of context-based information such as threat intelligence, vulnerabilities, and device posture.
How pxGrid Works:
1. pxGrid provides a framework for integrating external systems like threat intelligence platforms or vulnerability scanners with Cisco ISE.
2. These systems send threat and vulnerability data to Cisco ISE via pxGrid.
3. Cisco ISE uses this information to enforce dynamic authorization policies, such as quarantining or restricting access for compromised devices.






Post your Comments and Discuss Cisco® 300-715 exam with other Community members:

Exam Discussions & Posts