Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Cisco
  5. 300-715

Cisco 300-715 Exam Questions
Implementing and Configuring Cisco Identity Services Engine (300-715 SISE) (Page 9 )

Updated On: 21-Feb-2026
Page 9 of 75
PDF with 384 Questions

Which nodes are supported in a distributed Cisco ISE deployment?

  1. Monitoring nodes for PxGrid services
  2. Policy Service nodes for session failover
  3. Policy Service nodes for automatic failover
  4. Administration nodes for session failover

Answer(s): B

Explanation:

In a distributed Cisco Identity Services Engine (ISE) deployment, the following types of nodes are supported:
1. Administration Nodes (PANs): These are responsible for configuration, administration, and reporting.
2. Policy Service Nodes (PSNs): These handle the policy evaluation, including authentication, authorization, and accounting (AAA).
3. Monitoring Nodes (MnT): These store logs and provide reporting services.
Policy Service nodes are essential for session failover in a distributed environment.
When multiple PSNs are deployed, if one PSN fails, session traffic can automatically reroute to another PSN. This ensures high availability and session continuity.
However, automatic failover for policy services is a misnomer since failover requires session traffic to be directed manually or through load balancing mechanisms. Administration nodes and monitoring nodes do not manage session failover.



A network security administrator must integrate Cisco ISE with Active Directory. The administrator must carry out a join operation.
Which action must the security administrator take?

  1. Search Active Directory to see if admin user account exists
  2. Remove the ISE machine account from the domain
  3. Join Cisco ISE to the Active Directory domain
  4. Remove Cisco ISE user account from the domain.

Answer(s): C

Explanation:

To integrate Cisco Identity Services Engine (ISE) with Active Directory (AD), the ISE node must join the AD domain. This enables Cisco ISE to authenticate users and devices against the directory and enforce policies based on AD attributes.
Steps to Perform the Join Operation:
1. Navigate to Administration > Identity Management > External Identity Sources > Active Directory in the Cisco ISE GUI.
2. Provide the AD domain name and ensure network connectivity to the AD servers.
3. Use an AD account with appropriate privileges (often a domain admin or delegated account with join permissions) to perform the join operation.
4. After successful domain join, Cisco ISE can query the AD for user and group information.



A network security administrator must integrate Cisco ISE with Active Directory. The administrator must carry out a leave operation.
Which action on Active Directory is needed to meet the requirement?

  1. Remove the ISE machine account from the domain.
  2. Remove the ISE user account from the domain.
  3. Create ISE machine account to domain.
  4. Search Active Directory to see if admin user account exists.

Answer(s): A

Explanation:

Remove the ISE machine account from the domain.
This is the correct action because the machine account represents Cisco ISE in AD. Removing it effectively disconnects ISE from the domain.



Which two VMware features are supported on a Cisco ISE virtual appliance? (Choose two.)

  1. VM cold migration
  2. OVF support
  3. multivendor integration
  4. VM hardware version 7+
  5. VM snapshots

Answer(s): A,B

Explanation:

When deploying Cisco ISE as a virtual appliance on a VMware platform, there are specific VMware features that are supported and recommended:
VM Cold Migration:
Cisco ISE supports cold migration. This means that the virtual appliance can be moved from one host to another while it is powered off. Cold migration is a supported method for relocating the virtual machine in the event of hardware maintenance or upgrades.
OVF Support:
Cisco ISE is distributed as an OVF (Open Virtualization Format) package. This format is supported by VMware environments, making it straightforward to deploy the ISE virtual appliance using standard VMware tools.



A network security administrator wants to integrate Cisco ISE with Active Directory.
Which configuration action must the security administrator take to accomplish the task?

  1. Search Active Directory to see if admin user account exists.
  2. Remove the ISE machine account from the domain.
  3. Remove Cisco ISE user account from the domain.
  4. Join Cisco ISE to the Active Directory domain.

Answer(s): D

Explanation:

To integrate Cisco ISE with Active Directory, the security administrator must join Cisco ISE to the Active Directory domain. This allows ISE to authenticate users against Active Directory and apply identity-based policies.






Post your Comments and Discuss Cisco 300-715 exam dumps with other Community members:

Join the 300-715 Discussion