[2024年12月10日] 365日無料更新300-715知能問題集をゲット
ベスト品質のCisco 300-715試験問題
Cisco 300-715試験は、Implementing and Configuring Cisco Identity Services Engineとしても知られており、Cisco Identity Services Engine(ISE)の実装と設定に関するITプロフェッショナルの知識とスキルをテストする認証試験です。この試験は、ISEを使用して組織のネットワークインフラストラクチャを管理およびセキュリティを確保する責任がある人々を対象としています。ネットワークアクセス、デバイス管理、およびアイデンティティ管理など、様々なトピックをカバーしています。
質問 # 74
An organization is hosting a conference and must make guest accounts for several of the speakers attending.
The conference ended two days early but the guest accounts are still being used to access the network. What must be configured to correct this?
- A. Navigate to the Guest Portal and delete the guest accounts.
- B. Navigate to the Sponsor Portal and suspend the guest accounts.
- C. Create an authorization rule denying guest access.
- D. Create an authorization rule denying sponsored guest access.
正解:C
質問 # 75
Which two events trigger a CoA for an endpoint when CoA is enabled globally for ReAuth? (Choose two.)
- A. addition of endpoint to My Devices Portal
- B. endpoint profile transition from Unknown to Windows 10-Workstation
- C. endpoint profile transition from Aop.e-dev.ee to Apple-iPhone
- D. endpoint marked as lost in My Devices Portal
- E. updating of endpoint dACL.
正解:B、C
質問 # 76
When creating a policy within Cisco ISE for network access control, the administrator wants to allow different access restrictions based upon the wireless SSID to which the device is connecting. Which policy condition must be used in order to accomplish this?
- A. Radius Called-Station-ID CONTAINS <SSID Name>
- B. Airespace Airespace-Wlan-ld CONTAINS <SSID Name>
- C. Network Access NetworkDeviceName CONTAINS <SSID Name>
- D. DEVICE Device Type CONTAINS <SSID Name>
正解:A
解説:
https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115734-ise-policies-ssid-00.html
質問 # 77
Which two fields are available when creating an endpoint on the context visibility page of Cisco IS? (Choose two )
- A. Endpoint Family
- B. Security Group Tag
- C. Policy Assignment
- D. Identity Group Assignment
- E. IP Address
正解:A、C
質問 # 78
If a user reports a device lost or stolen, which portal should be used to prevent the device from accessing the network while still providing information about why the device is blocked?
- A. Guest
- B. Blacklist
- C. Client Provisioning
- D. BYOD
正解:B
解説:
Explanation
https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Borderless_Networks/Unified_Access/BYOD_Desig The Blacklist identity group is system generated and maintained by ISE to prevent access to lost or stolen devices. In this design guide, two authorization profiles are used to enforce the permissions for wireless and wired devices within the Blacklist:
* Blackhole WiFi Access
* Blackhole Wired Access
質問 # 79
Drag the steps to configure a Cisco ISE node as a primary administration node from the left into the correct order on the night.
正解:
解説:
Explanation
https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ise_admin_guide_24/b_ise_admin_guide Step 1 Choose Administration > System > Deployment.
The Register button will be disabled initially. To enable this button, you must configure a Primary PAN.
Step 2
Check the check box next to the current node, and click Edit.
Step 3
Click Make Primary to configure your Primary PAN.
Step 4
Enter data on the General Settings
Step 5
Click Save to save the node configuration.
質問 # 80
What is a function of client provisioning?
- A. Client provisioning checks a dictionary attribute with a value.
- B. Client provisioning checks the existence, date, and versions of the file on a client.
- C. Client provisioning ensures that endpoints receive the appropriate posture agents.
- D. Client provisioning ensures an application process is running on the endpoint.
正解:C
解説:
Reference:
https://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_client_prov.html#:~:text=After%20Cisco%20ISE%20classifies%20a,packages%20and%20profiles%2C%20if%20necessary.
質問 # 81
Refer to the exhibit:
Which command is typed within the CU of a switch to view the troubleshooting output?
- A. show authentication sessions method
- B. show authentication registrations
- C. show authentication interface gigabitethemet2/0/36
- D. show authentication sessions mac 000e.84af.59af details
正解:D
質問 # 82
A network engineer is configuring a Cisco WLC in order to find out more information about the devices that are connecting. This information must be sent to Cisco ISE to be used in authorization policies. Which profiling mechanism must be configured in the Cisco WLC to accomplish this task?
- A. SNMP
- B. DHCP
- C. CDP
- D. DNS
正解:A
質問 # 83
Which scenario does not support Cisco ISE guest services?
- A. wireless LAN controller with central WebAuth
- B. wireless LAN controller with local WebAuth
- C. wired NAD with local WebAuth
- D. wired NAD with central WebAuth
正解:A
質問 # 84
Which use case validates a change of authorization?
- A. An endpoint that is disconnected from the network is discovered
- B. An authenticated, wired EAP-capable endpoint is discovered
- C. An endpoint profiling policy is changed for authorization policy.
- D. Endpoints are created through device registration for the guests
正解:C
解説:
https://www.cisco.com/c/en/us/td/docs/security/ise/1-
2/user_guide/ise_user_guide/ise_prof_pol.html
質問 # 85
An administrator is configuring cisco ISE lo authenticate users logging into network devices using TACACS+ The administrator is not seeing any oiithe authentication in the TACACS+ live logs. Which action ensures the users are able to log into the network devices?
- A. Enable the device administration service in the PSN persona.
- B. Enable the device administration service in the Administration persona
- C. Enable the session services in the administration persona
- D. Enable the service sessions in the PSN persona.
正解:A
解説:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ISE_admin_guide_24/m_ise_tacacs_device_admin.html
質問 # 86
A company is attempting to improve their BYOD policies and restrict access based on certain criteri a. The company's subnets are organized by building. Which attribute should be used in order to gain access based on location?
- A. device registration status
- B. IP address
- C. MAC address
- D. static group assignment
正解:D
解説:
Reference:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_010100.html#ID1353
質問 # 87
What gives Cisco ISE an option to scan endpoints for vulnerabilities?
- A. authentication policy
- B. authentication profile
- C. authorization profile
- D. authorization policy
正解:C
解説:
Configure Authorization Profile
The authorization profile in Cisco ISE now includes an option to scan endpoints for vulnerabilities.
You can choose to run the scan periodically and also specify the time interval for these scans.
After you define the authorization profile, you can apply it to an existing authorization policy rule or create a new authorization policy rule.
https://www.cisco.com/c/en/us/td/docs/security/ise/2-
2/admin_guide/b_ise_admin_guide_22/b_ise_admin_guide_22_chapter_010100.html
質問 # 88
An organization wants to improve their BYOD processes to have Cisco ISE issue certificates to the BYOD endpoints. Currently, they have an active certificate authority and do not want to replace it with Cisco ISE. What must be configured within Cisco ISE to accomplish this goal?
- A. Add an OCSP profile and configure the root certificate authority as secondary.
- B. Create an SCEP profile to link Cisco ISE with the root certificate authority.
- C. Create a certificate signing request and have the root certificate authority sign it.
- D. Add the root certificate authority to the trust store and enable it for authentication.
正解:B
解説:
Ref:https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine-software/116068-configure-product-00.html
質問 # 89
An organization is hosting a conference and must make guest accounts for several of the speakers attending. The conference ended two days early but the guest accounts are still being used to access the network. What must be configured to correct this?
- A. Navigate to the Guest Portal and delete the guest accounts.
- B. Navigate to the Sponsor Portal and suspend the guest accounts.
- C. Create an authorization rule denying guest access.
- D. Create an authorization rule denying sponsored guest access.
正解:C
質問 # 90
When setting up profiling in an environment using Cisco ISE for network access control, an organization must use non-proprietary protocols for collecting the information at layer 2. Which two probes will provide this information without forwarding SPAN packets to Cisco ISE? {Choose two.)
- A. NetFlow probe
- B. SNMP query probe
- C. DHCP SPAN probe
- D. DNS probe
- E. RADIUS probe
正解:B、E
解説:
Explanation
https://ciscocustomer.lookbookhq.com/iseguidedjourney/ISE-profiling-design
質問 # 91
An engineer tests Cisco ISE posture services on the network and must configure the compliance module to automatically download and install on endpoints.
Which action accomplishes this task for VPN users?
- A. Configure the compliance module to be downloaded from within the posture policy.
- B. Create a Cisco AnyConnect configuration and Client Provisioning policy within Cisco ISE.
- C. Push the compliance module from Cisco FTD prior to attempting posture.
- D. Use a compound posture condition to check for the compliance module and download if needed.
正解:B
質問 # 92
Select and Place
正解:
解説:
質問 # 93
......
Cisco試験練習テスト問題で高得点を目指そう:https://jp.fast2test.com/300-715-premium-file.html
検証された材料は決まってこれ!300-715:https://drive.google.com/open?id=1wuplOC7d9IhZ1qXa7M7F4n7CzkBiFHzR