[2023年01月31日]300-715サンプルには正確で更新された問題
300-715試験情報と無料練習テスト
Cisco 300-715 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
| トピック 5 |
|
| トピック 6 |
|
| トピック 7 |
|
質問 123
An administrator is trying to collect metadata information about the traffic going across the network to gam added visibility into the hosts. This Information will be used to create profiling policies for devices us mg Cisco ISE so that network access policies can be used What must be done to accomplish this task?
- A. Configure SNMP to be used with the Cisco ISE appliance
- B. Configure the RADIUS profiling probe within Cisco ISE
- C. Configure the DHCP probe within Cisco ISE
- D. Configure NetFlow to be sent to me Cisco ISE appliance.
正解: D
質問 124
Drag the Cisco ISE node types from the left onto the appropriate purposes on the right.
正解:
解説:
Monitoring = provides advanced monitoring and troubleshooting tools that you can use to effectively manage your network and resources Policy Service = provides network access, posture, guest access, client provisioning, and profiling services. This persona evaluates the policies and makes all the decisions.
Administration = manages all system-related configuration and configurations that relate to functionality such as authentication, authorization, auditing, and so on pxGrid = shares context-sensitive information from Cisco ISE to subscribers
https://www.cisco.com/c/en/us/td/docs/security/ise/1-4/admin_guide/b_ise_admin_guide_14/b_ise_admin_guide_14_chapter_011.html#ID57
質問 125
A Cisco ISE administrator needs to ensure that guest endpoint registrations are only valid for one day When testing the guest policy flow, the administrator sees that the Cisco ISE does not delete the endpoint in the Guest Endpoints identity store after one day and allows access to the guest network after that period. Which configuration is causing this problem?
- A. The length of access is set to 7 days in the Guest Portal Settings
- B. The Endpoint Purge Policy is set to 30 days for guest devices
- C. The RADIUS policy set for guest access is set to allow repeated authentication of the same device
- D. The Guest Account Purge Policy is set to 15 days
正解: B
解説:
Explanation
https://www.cisco.com/c/en/us/td/docs/security/ise/1-3/admin_guide/b_ise_admin_guide_13/b_ise_admin_guide
質問 126
An engineer is configuring a dedicated SSID for onboarding devices. Which SSID type accomplishes this configuration?
- A. broadcast
- B. dual
- C. hidden
- D. guest
正解: B
解説:
https://community.cisco.com/t5/security-documents/ise-byod-dual-vs-single-ssid-onboarding/ta-p/3641422
https://www.youtube.com/watch?v=HH_Xasqd9k4&ab_channel=CiscoISE-IdentityServicesEngine
http://www.labminutes.com/sec0053_ise_1_1_byod_wireless_onboarding_dual_ssid
質問 127
An organization is adding new profiling probes to the system to improve profiling on Oseo ISE The probes must support a common network management protocol to receive information about the endpoints and the ports to which they are connected What must be configured on the network device to accomplish this goal?
- A. WCCP
- B. ARP
- C. ICMP
- D. SNMP
正解: D
解説:
https://community.cisco.com/t5/security-documents/ise-profiling-design-guide/ta-p/3739456#toc-hId-790343135
質問 128
Which personas can a Cisco ISE node assume'?
- A. policy service, gatekeeping, and monitoring
- B. administration, monitoring, and gatekeeping
- C. administration, policy service, gatekeeping
- D. administration, policy service, and monitoring
正解: D
解説:
Explanation
https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_dis_deploy.html The persona or personas of a node determine the services provided by a node. An ISE node can assume any or all of the following personas: Administration, Policy Service, and Monitoring. The menu options that are available through the administrative user interface are dependent on the role and personas that an ISE node assumes. See Cisco ISE Nodes and Available Menu Options for more information.
質問 129
Select and Place
正解:
解説:
質問 130
An administrator is adding network devices for a new medical building into Cisco ISE. These devices must be in a network device group that is identifying them as "Medical Switch" so that the policies can be made separately for the endpoints connecting through them. Which configuration item must be changed in the network device within Cisco ISE to accomplish this goal?
- A. Change the device type to Medical Switch.
- B. Change the device location to Medical Switch.
- C. Change the model name to Medical Switch.
- D. Change the device profile to Medical Switch.
正解: A
質問 131
What allows an endpoint to obtain a digital certificate from Cisco ISE during a BYOD flow?
- A. Application Visibility and Control
- B. Network Access Control
- C. My Devices Portal
- D. Supplicant Provisioning Wizard
正解: D
質問 132
Which two ports do network devices typically use for CoA? (Choose two.)
- A. 0
- B. 1
- C. 2
- D. 3
- E. 4
正解: D,E
解説:
Section: Profiler
Explanation/Reference: https://documentation.meraki.com/MR/Encryption_and_Authentication/ Change_of_Authorization_with_RADIUS_(CoA)_on_MR_Access_Points
質問 133
Which two ports must be open between Cisco ISE and the client when you configure posture on Cisco ISE?
(Choose two).
- A. TCP 443
- B. DTCP80
- C. TCP 8905
- D. TCP 8906
- E. TCP 8443
正解: C,E
質問 134
What are two requirements of generating a single certificate in Cisco ISE by using a certificate provisioning portal, without generating a certificate signing request? (Choose two.)
- A. Locate the CSV file for the device MAC.
- B. Select the certificate template.
- C. Choose the hashing method.
- D. Enter the IP address of the device.
- E. Enter the common name.
正解: B,E
解説:
Section: Policy Enforcement
Explanation/Reference: https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/200534-ISE-2-0- Certificate-Provisioning-Portal.html
質問 135
An engineer is configuring 802.1X and wants it to be transparent from the users' point of view. The implementation should provide open authentication on the switch ports while providing strong levels of security for non-authenticated devices. Which deployment mode should be used to achieve this?
- A. closed
- B. open
- C. high-impact
- D. low-impact
正解: D
解説:
Reference:
https://www.lookingpoint.com/blog/cisco-ise-wired-802.1x-deployment-monitormode#:~:text=Low%20impact%20mode%20works%20similar,DHCP%2C%20PXE%20boot%2C%20etc.
質問 136
An administrator is attempting to replace the built-in self-signed certificates on a Cisco ISE appliance. The CA is requesting some information about the appliance in order to sign the new certificate. What must be done in order to provide the CA this information?
- A. Download the CA server certificate.
- B. Generate the CSR.
- C. Install the Root CA and intermediate CA.
- D. Download the intermediate server certificate.
正解: C
質問 137
An engineer is implementing Cisco ISE and needs to configure 802.1X. The port settings are configured for port-based authentication. Which command should be used to complete this configuration?
- A. dot1x pae authenticator
- B. dot1x system-auth-control
- C. authentication port-control auto
- D. aaa authentication dot1x default group radius
正解: B
解説:
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/31sg/configuration/guide/conf/dot1x.html#wp1133395
質問 138
An organization is hosting a conference and must make guest accounts for several of the speakers attending.
The conference ended two days early but the guest accounts are still being used to access the network. What must be configured to correct this?
- A. Create an authorization rule denying sponsored guest access.
- B. Create an authorization rule denying guest access.
- C. Navigate to the Guest Portal and delete the guest accounts.
- D. Navigate to the Sponsor Portal and suspend the guest accounts.
正解: B
質問 139
Refer to the exhibit.
A network engineers configuring the switch to accept downloadable ACLs from a Cisco ISC server Which two commands should be run to complete the configuration? (Choose two)
- A. radius-server attribute 8 include-in-access-req
- B. radius server vsa sand authentication
- C. ip device tracking
- D. dot1x system-auth-control
- E. aaa authorization auth-proxy default group radius
正解: A,B
質問 140
Which portal is used to customize the settings for a user to log in and download the compliance module?
- A. Client Profiling
- B. Client Provisioning
- C. Client Endpoint
- D. Client Guest
正解: B
解説:
Section: Endpoint Compliance
質問 141
What are two components of the posture requirement when configuring Cisco ISE posture? (Choose two.)
- A. remediation actions
- B. access policy
- C. Client Provisioning portal
- D. updates
- E. conditions
正解: A,E
解説:
Section: Endpoint Compliance
質問 142
What is the purpose of the ip http server command on a switch?
- A. It enables the https server for users for web authentication
- B. It enables the switch to redirect users for web authentication.
- C. It enables dot1x authentication on the switch.
- D. It enables MAB authentication on the switch
正解: B
質問 143
An organization wants to implement 802.1X and is debating whether to use PEAP-MSCHAPv2 or PEAP-EAP-TLS for authentication. Drag the characteristics on the left to the corresponding protocol on the right.
正解:
解説:
質問 144
......
合格させるCisco 300-715プレミアムお試しセットテストエンジンPDFで無料問題集セット:https://jp.fast2test.com/300-715-premium-file.html
2023年最新の実際に出る300-715問題集テストエンジン試験問題はここにある:https://drive.google.com/open?id=1wuplOC7d9IhZ1qXa7M7F4n7CzkBiFHzR