Big Halloween Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

300-715 Exam Dumps - Cisco CCNP Security Questions and Answers

Question # 34

An engineer needs to configure Cisco ISE Profiling Services to authorize network access for IP speakers that require access to the intercom system. This traffic needs to be identified if the ToS bit is set to 5 and the destination IP address is the intercom system. What must be configured to accomplish this goal?

Options:

A.

NMAP

B.

NETFLOW

C.

pxGrid

D.

RADIUS

Buy Now
Question # 35

An administrator is adding network devices for a new medical building into Cisco ISE. These devices must be in a network device group that is identifying them as "Medical Switch" so that the policies can be made separately for the endpoints connecting through them. Which configuration item must be changed in the network device within Cisco ISE to accomplish this goal?

Options:

A.

Change the device type to Medical Switch.

B.

Change the device profile to Medical Switch.

C.

Change the model name to Medical Switch.

D.

Change the device location to Medical Switch.

Buy Now
Question # 36

Which two events trigger a CoA for an endpoint when CoA is enabled globally for ReAuth? (Choose two.)

Options:

A.

endpoint marked as lost in My Devices Portal

B.

addition of endpoint to My Devices Portal

C.

endpoint profile transition from Apple-Device to Apple-iPhone

D.

endpoint profile transition from Unknown to Windows 10-Workstation

E.

updating of endpoint dACL.

Buy Now
Question # 37

What is the deployment mode when two Cisco ISE nodes are configured in an environment?

Options:

A.

distributed

B.

active

C.

standalone

D.

standard

Buy Now
Question # 38

A network engineer must configure a centralized Cisco ISE solution for wireless guest access with users in different time zones. The guest account activation time must be independent of the user time zone, and the guest account must be enabled automatically when the user self-registers on the guest portal. Which option in the time profile settings must be selected to meet the requirement?

Options:

A.

Select FromFirstLogin from the Account Type dropdown.

B.

Select FromCreation from the Account Type dropdown.

C.

Set the Maximum Account Duration to 1 Day.

D.

Set the Duration field to 24:00:00.

Buy Now
Question # 39

A network engineer is configuring a Cisco Wireless LAN Controller in order to find out more information about the devices that are connecting. This information must be sent to Cisco ISE to be used in authorization policies. Which profiling mechanism must be configured in the Cisco Wireless LAN Controller to accomplish this task?

Options:

A.

DNS

B.

CDP

C.

DHCP

D.

ICMP

Buy Now
Question # 40

What are two differences of TACACS+ compared to RADIUS? (Choose two.)

Options:

A.

TACACS+ uses a connectionless transport protocol, whereas RADIUS uses a connection-oriented transport protocol.

B.

TACACS+ encrypts the full packet payload, whereas RADIUS only encrypts the password.

C.

TACACS+ only encrypts the password, whereas RADIUS encrypts the full packet payload.

D.

TACACS+ uses a connection-oriented transport protocol, whereas RADIUS uses a connectionless transport protocol.

E.

TACACS+ supports multiple sessions per user, whereas RADIUS supports one session per user.

Buy Now
Question # 41

What is a characteristic of the UDP protocol?

Options:

A.

UDP can detect when a server is down.

B.

UDP offers best-effort delivery

C.

UDP can detect when a server is slow

D.

UDP offers information about a non-existent server

Buy Now
Question # 42

An employee must access the internet through the corporate network from a new mobile device that does not support native supplicant provisioning provided by Cisco ISE. Which portal must the employee use to provision to the device?

Options:

A.

BYOD

B.

Personal Device

C.

My Devices

D.

Client Provisioning

Buy Now
Question # 43

A Cisco ISE administrator must restrict specific endpoints from accessing the network while in closed mode. The requirement is to have Cisco ISE centrally store the endpoints to restrict access from. What must be done to accomplish this task''

Options:

A.

Add each MAC address manually to a blocklist identity group and create a policy denying access

B.

Create a logical profile for each device's profile policy and block that via authorization policies.

C.

Create a profiling policy for each endpoint with the cdpCacheDeviceld attribute.

D.

Add each IP address to a policy denying access.

Buy Now
Exam Code: 300-715
Exam Name: Implementing and Configuring Cisco Identity Services Engine (SISE) v4.0 (300-715 SISE)
Last Update: Oct 31, 2025
Questions: 295
300-715 pdf

300-715 PDF

$28.5  $94.99
 Add to Cart
300-715 Engine

300-715 Testing Engine

$33  $109.99
 Add to Cart
300-715 PDF + Engine

300-715 PDF + Testing Engine

$43.5  $144.99
 Add to Cart