Cisco 300-715 Exam Dumps

Implementing and Configuring Cisco Identity Services Engine (SISE) v4.0 (300-715 SISE)

984 Reviews

Exam Code	300-715
Exam Name	Implementing and Configuring Cisco Identity Services Engine (SISE) v4.0 (300-715 SISE)
Questions	299 Questions Answers With Explanation
Update Date	04, 14, 2026
Price	Was : $178.2 Today : $99 Was : $196.2 Today : $109 Was : $232.2 Today : $129

Add To Cart

Demo Questions

Question # 1

An employee must access the internet through the corporate network from a new mobile device that does not support native supplicant provisioning provided by Cisco ISE. Which portal must the employee use to provision to the device?

A. BYOD
B. Personal Device
C. My Devices
D. Client Provisioning

Show Answer

Question # 2

An administrator needs to allow guest devices to connect to a private network without requiring usernames and passwords. Which two features must be configured to allow for this? (Choose two.)

A. hotspot guest portal
B. device registration WebAuth
C. central WebAuth
D. local WebAuth
E. self-registered guest portal

Show Answer

Question # 3

An administrator is configuring a new profiling policy in Cisco ISE for a printer type that is missing from the profiler feed The logical profile Printers must be used in the authorizationrule and the rule must be hit. What must be done to ensure that this configuration will be successful^

A. Create a new logical profile for the new printer policy
B. Enable the EndPoints:EndPointPolicy condition in the authorization policy.
C. Add the new profiling policy to the logical profile Printers.
D. Modify the profiler conditions to ensure that it goes into the correct logical profile

Show Answer

Question # 4

An engineer is configuring ISE for network device administration and has devices that support both protocols. What are two benefits of choosing TACACS+ over RADUs for these devices? (Choose two.)

A. TACACS+ is FIPS compliant while RADIUS is not
B. TACACS+ is designed for network access control while RADIUS is designed for rolebased access.
C. TACACS+ uses secure EAP-TLS while RADIUS does not.
D. TACACS+ provides the ability to authorize specific commands while RADIUS does not
E. TACACS+ encrypts the entire payload being sent while RADIUS only encrypts the password.

Show Answer

Question # 5

A Cisco ISE administrator needs to ensure that guest endpoint registrations are only valid for 1 day. When testing the guest policy flow, the administrator sees that the Cisco ISE does not delete the endpoint in the Guest Endpoints identity store after one day and allows access to the guest network after that period. Which configuration is causing this problem?

A. The RADIUS policy set for guest access is set to allow repeated authentication of the same device.
B. The length of access is set to 7 days in the Guest Portal Settings.
C. The Endpoint Purge Policy is set to 30 days for guest devices.
D. The Guest Account Purge Policy is set to 15 days.

Show Answer

Question # 6

An administrator is configuring a Cisco WLC for web authentication Which two client profiling methods are enabled by default if the Apply Cisco ISE Default Settings check boxhas been selected'? (Choose two.)

A. CDP
B. DHCP
C. HTTP
D. SNMP
E. LLDP

Show Answer

Question # 7

What is the maximum number of PSN nodes supported in a medium-sized deployment?

A. three
B. five 
C. two 
D. eight

Show Answer

Question # 8

An engineer is configuring 802.1X and is testing out their policy sets. After authentication, some endpoints are given an access-reject message but are still allowed onto the network.What is causing this issue to occur?

A. The switch port is configured with authentication event server dead action authorize vlan.
B. The authorization results for the endpoints include a dACL allowing access.
C. The authorization results for the endpoints include the Trusted security group tag.
D. The switch port is configured with authentication open.

Show Answer

Question # 9

Which two default guest portals are available with Cisco ISE? (Choose two.)

A. visitor
B. WIFI-access
C. self-registered
D. central web authentication
E. sponsored

Show Answer

Question # 10

Refer to the exhibit. An engineer is creating a new TACACS* command set and cannot use any show commands after togging into the device with this command set authorizationWhich configuration is causing this issue?

A. Question marks are not allowed as wildcards for command sets.
B. The command set is allowing all commands that are not in the command list
C. The wildcard command listed is in the wrong format
D. The command set is working like an ACL and denying every command.

Show Answer

Question # 11

A network administrator must configure Cisco SE Personas in the company to share session information via syslog. Which Cisco ISE personas must be added to syslog receivers to accomplish this goal?

A. pxGrid
B. admin
C. policy services
D. monitor

Show Answer

Question # 12

A Cisco ISE administrator must restrict specific endpoints from accessing the network while in closed mode. The requirement is to have Cisco ISE centrally store the endpoints to restrict access from. What must be done to accomplish this task''

A. Add each MAC address manually to a blocklist identity group and create a policy denying access 
B. Create a logical profile for each device's profile policy and block that via authorization policies. 
C. Create a profiling policy for each endpoint with the cdpCacheDeviceld attribute.
D. Add each IP address to a policy denying access.

Show Answer

Question # 13

An engineer is configuring Cisco ISE policies to support MAB for devices that do not have 802.1X capabilities. The engineer is configuring new endpoint identity groups as conditions to be used in the AuthZ policies, but noticed that the endpoints are not hitting the correct policies. What must be done in order to get the devices into the right policies?

A. Manually add the MAC addresses of the devices to endpoint ID groups in the context visibility database.
B. Create an AuthZ policy to identify Unknown devices and provide partial network access prior to  profiling. 
C. Add an identity policy to dynamically add the IP address of the devices to their endpoint identity groups.
D. Identify the non 802.1 * supported device types and create custom profiles for them to profile into.

Show Answer

Question # 14

A network administrator is configuring client provisioning resource policies for client machines and must ensure that an agent pop-up is presented to the client when attempting to connect to the network Which configuration item needs to be added to allow for this'?

A. the client provisioning URL in the authorization policy
B. a temporal agent that gets installed onto the system
C. a remote posture agent proxying the network connection
D. an API connection back to the client

Show Answer

Question # 15

Which two external identity stores support EAP-TLS and PEAP-TLS? (Choose two.)

A. Active Directory
B. RADIUS Token
C. Internal Database
D. RSA SecurlD
E. LDAP

Show Answer

Question # 16

Which RADIUS attribute is used to dynamically assign the inactivity active timer for MAB users from the Cisco ISE node'?

A. radius-server timeout
B. session-timeout
C. idle-timeout 
D. termination-action

Show Answer

Question # 17

An administrator is troubleshooting an endpoint that is supposed to bypass 802 1X and use MAB. The endpoint is bypassing 802.1X and successfully getting network access using MAB. however the endpoint cannot communicate because it cannot obtain an IP address. What is the problem?

A. The DHCP probe for Cisco ISE is not working as expected.
B. The 802.1 X timeout period is too long.
C. The endpoint is using the wrong protocol to authenticate with Cisco ISE.
D. An AC I on the port is blocking HTTP traffic

Show Answer

Question # 18

An engineer deploys Cisco ISE and must configure Active Directory to then use information from Active Directory in an authorization policy. Which two components must be configured, in addition to Active Directory groups, to achieve this goat? (Choose two )

A. Active Directory External Identity Sources
B. Library Condition for External Identity. External Groups
C. Identity Source Sequences 
D. LDAP External Identity Sources
E Library Condition for Identity Group: User Identity Group

Show Answer

Question # 19

During a 802 1X deployment, an engineer must identify failed authentications without causing problems for the connected endpoint. Which command will successfully achieve this''

A. dotlxsystem-auth-control 
B. dotlx pae authenticator 
C. authentication open
D. authentication port-control auto

Show Answer

Question # 20

An engineer is configuring TACACS+ within Cisco ISE for use with a non-Cisco network device. They need to send special attributes in the Access-Accept response to ensure that the users are given the appropriate access. What must be configured to accomplish this'?

A. dACLs to enforce the various access policies for the users
B. custom access conditions for defining the different roles 
C. shell profiles with custom attributes that define the various roles 
D. TACACS+ command sets to provide appropriate access

Show Answer

Question # 21

What are two differences between the RADIUS and TACACS+ protocols'? (Choose two.)

A. RADIUS is a Cisco proprietary protocol, whereas TACACS+ is an open standard protocol
B. TACACS+uses TCP port 49. whereas RADIUS uses UDP ports 1812 and 1813.
C. RADIUS offers multiprotocol support, whereas TACACS+ does not
D. RADIUS combines authentication and authorization, whereas TACACS+ does not
E. RADIUS enables encryption of all the packets, whereas with TACACS+. only the password is encrypted.

Show Answer

Question # 22

An administrator is configuring RADIUS on a Cisco switch with a key set to Cisc403012128 but is receiving the error “Authentication failed: 22040 Wrong password or invalid shared secret. “what must be done to address this issue?

A. Add the network device as a NAD inside Cisco ISE using the existing key. 
B. Configure the key on the Cisco ISE instead of the Cisco switch. 
C. Use a key that is between eight and ten characters. 
D. Validate that the key is correct on both the Cisco switch as well as Cisco ISE. 

Show Answer

Question # 23

An administrator needs to give the same level of access to the network devices when users are logging into them using TACACS+ However, the administrator must restrict certain commands based on one of three user roles that require different commands How is this accomplished without creating too many objects using Cisco ISE?

A. Create one shell profile and multiple command sets. 
B. Create multiple shell profiles and multiple command sets. 
C. Create one shell profile and one command set. 
D. Create multiple shell profiles and one command set 

Show Answer

Question # 24

What is the deployment mode when two Cisco ISE nodes are configured in an environment? 

A. distributed 
B. active 
C. standalone 
D. standard 

Show Answer

Question # 25

An administrator connects an HP printer to a dot1x enable port, but the printer in not accessible Which feature must the administrator enable to access the printer? 

A. MAC authentication bypass 
B. change of authorization 
C. TACACS authentication 
D. RADIUS authentication

Show Answer