[2024年10月22日] 300-715 PDF問題とテストエンジンには347問があります
更新された試験エンジンは300-715試験無料お試しサンプル365日更新されます
シスコ300-715認定試験は、Cisco Identity Services Engine(ISE)の実装と構成を担当するITプロフェッショナルの知識とスキルをテストするために設計されています。この試験は、認証および承認ポリシー、ネットワークアクセスポリシー、ペルソナ管理、およびエンドポイントコンプライアンスなど、幅広いトピックをカバーしています。この試験に合格した候補者は、Cisco ISEソリューションを効果的に展開および管理する能力を証明し、ネットワークリソースへの安全かつ効率的なアクセスを確保するために必要なスキルを持っていることを示します。
質問 # 56
Select and Place
正解:
解説:
質問 # 57
A network engineer must create a guest portal for wireless guests on Cisco ISE. The guest users must not be able to create accounts; however, the portal should require a username and password to connect. Which portal type must be created in Cisco ISE to meet the requirements?
- A. Sponsored Guest Access
- B. Self Registered Guest Access
- C. Hotspot Guest Access
- D. Custom Guest Portal
正解:A
質問 # 58
Drag and drop the description from the left onto the protocol on the right that is used to carry out system authentication, authentication, and accounting.
正解:
解説:
質問 # 59
In a Cisco ISE split deployment model, which load is split between the nodes?
- A. device admission
- B. log collection
- C. network admission
- D. AAA
正解:D
解説:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-6/install_guide/b_ise_InstallationGuide26.pdf
質問 # 60
A network administrator has just added a front desk receptionist account to the Cisco ISE Guest Service sponsor group. Using the Cisco ISE Guest Sponsor Portal, which guest services can the receptionist provide?
- A. Configure authorization settings for guest users.
- B. Create and manage guest user accounts.
- C. Keep track of guest user activities.
- D. Authenticate guest users to Cisco ISE.
正解:B
解説:
Section: Web Auth and Guest Services
質問 # 61
An administrator is configuring posture assessment in Cisco ISE for the first time. Which two components must be uploaded to Cisco ISE to use Secure Client for the agent configuration in a client provisioning policy? (Choose two.)
- A. SecureClientProfie.xml file
- B. Secure Client network visibility module
- C. SecureClientProtie.xsd file
- D. Secure Client compliance module
- E. Secure Client agent image
正解:D、E
質問 # 62
An administrator is adding a switch to a network that is running Cisco ISE and is only for IP Phones The phones do not have the ability to authenticate via 802 1X Which command is needed on each switch port for authentication?
- A. mab
- B. enable network-authentication
- C. enable bypass-mac
- D. dot1x system-auth-control
正解:A
解説:
https://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_aaa/configuration/15-2mt/sec-config-mab.html
質問 # 63
An engineer is configuring a guest password policy and needs to ensure that the password complexity requirements are set to mitigate brute force attacks. Which two requirement complete this policy? (Choose two)
- A. username expiration date
- B. minimum password length
- C. password expiration period
- D. access code control
- E. active username limit
正解:B、C
質問 # 64
An engineer is configuring Cisco ISE and needs to dynamically identify the network endpoints and ensure that endpoint access is protected. Which service should be used to accomplish this task?
- A. Client provisioning
- B. Profiling
- C. Guest access
- D. Posture
正解:B
質問 # 65
What are two differences between the RADIUS and TACACS+ protocols'? (Choose two.)
- A. TACACS+uses TCP port 49. whereas RADIUS uses UDP ports 1812 and 1813.
- B. RADIUS enables encryption of all the packets, whereas with TACACS+. only the password is encrypted.
- C. RADIUS is a Cisco proprietary protocol, whereas TACACS+ is an open standard protocol
- D. RADIUS offers multiprotocol support, whereas TACACS+ does not
- E. RADIUS combines authentication and authorization, whereas TACACS+ does not
正解:A、E
質問 # 66
Drag the steps to configure a Cisco ISE node as a primary administration node from the left into the correct order on the night.
正解:
解説:
Explanation
https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ise_admin_guide_24/b_ise_admin_guide Step 1 Choose Administration > System The Register button will be disabled initially. To enable this button, you must configure a Primary PAN.
Step 2
Check the check box next to the current node, and click
Step 3
Click Make Primary to configure your Primary PAN.
Step 4
Enter data on the General Settings tab.
Step 5
Click Save to save the node configuration.
質問 # 67
Which of the following is not true about profiling in Cisco ISE?
- A. Profiling policies are automatically enabled for use.
- B. Cisco ISE does not support hierarchy within the profiling policy.
- C. The use of Identity Groups is required to leverage the use of profiling in the authorization policy.
- D. Cisco ISE comes with predefined profiles.
正解:B
質問 # 68
Which two probes must be enabled for the ARP cache to function in the Cisco ISE profile service so that a user can reliably bind the IP address and MAC addresses of endpoints? (Choose two.)
- A. SNMP
- B. NetFlow
- C. HTTP
- D. RADIUS
- E. DHCP
正解:D、E
解説:
Explanation
Cisco ISE implements an ARP cache in the profiling service, so that you can reliably map the IP addresses and the MAC addresses of endpoints. For the ARP cache to function, you must enable either the DHCP probe or the RADIUS probe. The DHCP and RADIUS probes carry the IP addresses and the MAC addresses of endpoints in the payload data. The dhcp-requested address attribute in the DHCP probe and the Framed-IP-address attribute in the RADIUS probe carry the IP addresses of endpoints, along with their MAC addresses, which can be mapped and stored in the ARP cache.
https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide
質問 # 69
Drag the descriptions on the left onto the components of 802.1X on the right.
正解:
解説:
質問 # 70
An organization wants to improve their BYOD processes to have Cisco ISE issue certificates to the BYOD endpoints. Currently, they have an active certificate authority and do not want to replace it with Cisco ISE.
What must be configured within Cisco ISE to accomplish this goal?
- A. Add the root certificate authority to the trust store and enable it for authentication.
- B. Add an OCSP profile and configure the root certificate authority as secondary.
- C. Create a certificate signing request and have the root certificate authority sign it.
- D. Create an SCEP profile to link Cisco ISE with the root certificate authority.
正解:D
解説:
Explanation
Ref:https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine-software/116068-configure-pr
質問 # 71
......
試験合格保証300-715試験には正確な問題解答付き:https://jp.fast2test.com/300-715-premium-file.html
テストエンジンの練習テストならこれ300-715有効で更新された問題集:https://drive.google.com/open?id=1x0Ce0kXOoBNVYasSALfw9a43GewLsqr7