Weekend Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

300-715 Exam Dumps - Cisco CCNP Security Questions and Answers

Question # 54

A laptop was stolen and a network engineer added it to the block list endpoint identity group What must be done on a new Cisco ISE deployment to redirect the laptop and restrict access?

Options:

A.

Select DenyAccess within the authorization policy.

B.

Ensure that access to port 8443 is allowed within the ACL.

C.

Ensure that access to port 8444 is allowed within the ACL.

D.

Select DROP under If Auth fail within the authentication policy.

Buy Now
Question # 55

An administrator needs to add a new third party network device to be used with Cisco ISE for Guest and BYOD authorizations. Which two features must be configured under Network Device Profile to achieve this? (Choose two.)

Options:

A.

dACL

B.

TACACS

C.

URL Redirect

D.

SNMP community

E.

CoA Type

Buy Now
Question # 56

An administrator is troubleshooting an endpoint that is supposed to bypass 802 1X and use MAB. The endpoint is bypassing 802.1X and successfully getting network access using MAB. however the endpoint cannot communicate because it cannot obtain an IP address. What is the problem?

Options:

A.

The DHCP probe for Cisco ISE is not working as expected.

B.

The 802.1 X timeout period is too long.

C.

The endpoint is using the wrong protocol to authenticate with Cisco ISE.

D.

An AC I on the port is blocking HTTP traffic

Buy Now
Question # 57

Which statement about configuring certificates for BYOD is true?

Options:

A.

An Android endpoint uses EST, whereas other operating systems use SCEP for enrollment

B.

The SAN field is populated with the end user name.

C.

An endpoint certificate is mandatory for the Cisco ISE BYOD

D.

The CN field is populated with the endpoint host name

Buy Now
Question # 58

An administrator plans to use Cisco ISE to deploy posture policies to assess Microsoft Windows endpoints that run Cisco Secure Client. The administrator wants to minimize the occurrence of messages related to unknown posture profiles if Cisco ISE fails to determine the posture of the endpoint. Secure Client is deployed to all the endpoints. and all the required Cisco ISE authentication, authorization, and posture policy configurations were performed. Which action must be taken next to complete the configuration?

Options:

A.

Install the latest version of the Secure Client client on the endpoints.

B.

Enable Cisco ISE posture on Secure Client configuration.

C.

Configure a native supplicant on the endpoints to support the posture policies.

D.

Install the compliance module on the endpoints.

Buy Now
Question # 59

What must be configured on the WLC to configure Central Web Authentication using Cisco ISE and a WLC?

Options:

A.

Set the NAC State option to SNMP NAC.

B.

Set the NAC State option to RADIUS NAC.

C.

Use the radius-server vsa send authentication command.

D.

Use the ip access-group webauth in command.

Buy Now
Question # 60

What is a requirement for Feed Service to work?

Options:

A.

TCP port 3080 must be opened between Cisco ISE and the feed server

B.

Cisco ISE has a base license.

C.

Cisco ISE has access to an internal server to download feed update

D.

Cisco ISE has Internet access to download feed update

Buy Now
Question # 61

An engineer is configuring sponsored guest access and needs to limit each sponsored guest to a maximum of two devices. There are other guest services in production that rely on the default guest types. How should this configuration change be made without disrupting the other guest services currently offering three or more guest devices per user?

Options:

A.

Create an ISE identity group to add users to and limit the number of logins via the group configuration.

B.

Create a new guest type and set the maximum number of devices sponsored guests can register

C.

Create an LDAP login for each guest and tag that in the guest portal for authentication.

D.

Create a new sponsor group and adjust the settings to limit the devices for each guest.

Buy Now
Question # 62

What should be considered when configuring certificates for BYOD?

    An endpoint certificate is mandatory for the Cisco ISE BYOD

Options:

A.

An Android endpoint uses EST whereas other operation systems use SCEP for enrollment

B.

The CN field is populated with the endpoint host name.

C.

The SAN field is populated with the end user name

Buy Now
Question # 63

A network administrator changed a Cisco ISE deployment from pilot to production and noticed that the JVM memory utilization increased significantly. The administrator suspects this is due to replication between the nodes What must be configured to minimize performance degradation?

Options:

A.

Review the profiling policies for any misconfiguration

B.

Enable the endpoint attribute filter

C.

Change the reauthenticate interval.

D.

Ensure that Cisco ISE is updated with the latest profiler feed update

Buy Now
Exam Code: 300-715
Exam Name: Implementing and Configuring Cisco Identity Services Engine (SISE) v4.0 (300-715 SISE)
Last Update: Sep 14, 2025
Questions: 295
300-715 pdf

300-715 PDF

$28.5  $94.99
 Add to Cart
300-715 Engine

300-715 Testing Engine

$33  $109.99
 Add to Cart
300-715 PDF + Engine

300-715 PDF + Testing Engine

$43.5  $144.99
 Add to Cart