300-715ブレーン問題集リアル試験最新問題2022年11月19日には210問題
最新300-715のPDF問題集リアル無料テスト本日更新です
Cisco 300-715 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
| トピック 5 |
|
| トピック 6 |
|
質問 122
Drag the Cisco ISE node types from the left onto the appropriate purposes on the right.
正解:
解説:
Explanation
Monitoring= provides advanced monitoring and troubleshooting tools that you can use to effectively manage your network and resources Policy Service= provides network access, posture, guest access, client provisioning, and profiling services.
This persona evaluates the policies and makes all the decisions.
Administration= manages all system-related configuration and configurations that relate to functionality such as authentication, authorization, auditing, and so on pxGrid= shares context-sensitive information from Cisco ISE to subscribers
https://www.cisco.com/c/en/us/td/docs/security/ise/1-4/admin_guide/b_ise_admin_guide_14/b_ise_admin_guide
質問 123
An engineer is using Cisco ISE and configuring guest services to allow wireless devices to access the network. Which action should accomplish this task?
- A. Create the redirect ACL on the WLC and add it to the Cisco ISE policy.
- B. Create the redirect ACL on Cisco ISE and add it to the Cisco ISE Policy
- C. Create the redirect ACL on the WLC and add it to the WLC policy
- D. Create the redirect ACL on Cisco ISE and add it to the WLC policy
正解: A
質問 124
Which two features are available when the primary admin node is down and the secondary admin node has not been promoted? (Choose two.)
- A. new AD user 802 1X authentication
- B. BYOD
- C. posture
- D. hotspot
- E. guest AUP
正解: A,C
質問 125
Which two values are compared by the binary comparison (unction in authentication that is based on Active Directory?
- A. MS-CHAPv2 provided machine credentials and credentials stored in Active Directory
- B. user-presented password hash and a hash stored in Active Directory
- C. user-presented certificate and a certificate stored in Active Directory
- D. subject alternative name and the common name
正解: A,D
解説:
Explanation
Basic certificate checking does not require an identity source. If you want binary comparison checking for the certificates, you must select an identity source. If you select Active Directory as an identity source, subject and common name and subject alternative name (all values) can be used to look up a user.
https://www.cisco.com/c/en/us/td/docs/security/ise/1-3/admin_guide/b_ise_admin_guide_13/b_ise_admin_guide_sample_chapter_01110.html
質問 126
An administrator is configuring TACACS+ on a Cisco switch but cannot authenticate users with Cisco ISE. The configuration contains the correct key of Cisc039712287. but the switch is not receiving a response from the Cisco ISE instance What must be done to validate the AAA configuration and identify the problem with the TACACS+ servers?
- A. Validate that the key value is correct using the test aaa authentication admin <key> legacy command.
- B. Confirm the authorization policies are correct using the test aaa authorization admin drop legacy command.
- C. Test the user account on the server using the test aaa group radius server CUCS user admin pass <key> legacy command.
- D. Check for server reachability using the test aaa group tacacs+ admin <key> legacy command.
正解: D
解説:
https://medium.com/training-course-ccna-security-210-260/ccna-security-part-3-implementing-aaa-in-cisco-ios-4b13ab285f51
質問 127
A policy is being created in order to provide device administration access to the switches on a network. There is a requirement to ensure that if the session is not actively being used, after 10 minutes, it will be disconnected. Which task must be configured in order to meet this requirement?
- A. set attribute as
- B. session timeout
- C. monitor
- D. idle time
正解: B
解説:
Explanation
https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ISE_admin_guide_24/m_admin_acc
質問 128
Which two endpoint compliance statuses are possible? (Choose two.)
- A. unknown
- B. compliant
- C. valid
- D. invalid
- E. known
正解: A,B
解説:
Section: Endpoint Compliance
質問 129
A network administrator is setting up wireless guest access and has been unsuccessful in testing client access. The endpoint is able to connect to the SSID but is unable to grant access to the guest network through the guest portal. What must be done to identify the problem?
- A. Use the identity group to validate the authorization rules.
- B. Use the endpoint ID to execute a session trace.
- C. Use context visibility to verify posture status.
- D. Use traceroute to ensure connectivity.
正解: B
解説:
https://www.cisco.com/c/en/us/td/docs/security/ise/1-3/admin_guide/b_ise_admin_guide_13/b_ise_admin_guide_sample_chapter_011001.html#concept_87916A77E8774545B36D0BB422429596
質問 130
Which of the following is not true about profiling in Cisco ISE?
- A. Cisco ISE comes with predefined profiles.
- B. Profiling policies are automatically enabled for use.
- C. Cisco ISE does not support hierarchy within the profiling policy.
- D. The use of Identity Groups is required to leverage the use of profiling in the authorization policy.
正解: C
質問 131
What is the deployment mode when two Cisco ISE nodes are configured in an environment?
- A. standard
- B. distributed
- C. active
- D. standalone
正解: B
質問 132
Drag and Drop Question
Drag the Cisco ISE node types from the left onto the appropriate purposes on the right.
正解:
解説:
Explanation:
Monitoring = provides advanced monitoring and troubleshooting tools that you can use to effectively manage your network and resources Policy Service = provides network access, posture, guest access, client provisioning, and profiling services. This persona evaluates the policies and makes all the decisions.
Administration = manages all system-related configuration and configurations that relate to functionality such as authentication, authorization, auditing, and so on pxGrid = shares context-sensitive information from Cisco ISE to subscribers
https://www.cisco.com/c/en/us/td/docs/security/ise/1-
4/admin_guide/b_ise_admin_guide_14/b_ise_admin_guide_14_chapter_011.html#ID57
質問 133
A Cisco ISE server sends a CoA to a NAD after a user logs in successfully using CWA Which action does the CoA perform?
- A. It applies the downloadable ACL provided in the CoA
- B. It applies new permissions provided in the CoA to the client session.
- C. It triggers the NAD to reauthenticate the client
- D. It terminates the client session
正解: A
解説:
https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732-central-web-auth-00.html
https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/113362-config-web-auth-ise-00.html
質問 134
Drag the steps to configure a Cisco ISE node as a primary administration node from the left into the correct order on the night.
正解:
解説:
質問 135
An engineer is implementing Cisco ISE and needs to configure 802.1X. The port settings are configured for port-based authentication. Which command should be used to complete this configuration?
- A. dot1x system-auth-control
- B. authentication port-control auto
- C. aaa authentication dot1x default group radius
- D. dot1x pae authenticator
正解: D
質問 136
Which two task types are included in the Cisco ISE common tasks support for TACACS+ profiles?
(Choose two.)
- A. WLC
- B. ASA
- C. IOS
- D. Firepower
- E. Shell
正解: A,E
解説:
Reference:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_0100010.html TACACS+ Profile TACACS+ profiles control the initial login session of the device administrator. A session refers to each individual authentication, authorization, or accounting request. A session authorization request to a network device elicits an ISE response. The response includes a token that is interpreted by the network device, which limits the commands that may be executed for the duration of a session. The authorization policy for a device administration access service can contain a single shell profile and multiple command sets. The TACACS+ profile definitions are split into two components:
Common tasks
Custom attributes
There are two views in the TACACS+ Profiles page (Work Centers > Device Administration > Policy Elements > Results > TACACS Profiles)-Task Attribute View and Raw View. Common tasks can be entered using the Task Attribute View and custom attributes can be created in the Task Attribute View as well as the Raw View.
The Common Tasks section allows you to select and configure the frequently used attributes for a profile. The attributes that are included here are those defined by the TACACS+ protocol draft specifications. However, the values can be used in the authorization of requests from other services. In the Task Attribute View, the ISE administrator can set the privileges that will be assigned to the device administrator. The common task types are:
Shell
WLC
Nexus
Generic
The Custom Attributes section allows you to configure additional attributes. It provides a list of attributes that are not recognized by the Common Tasks section. Each definition consists of the attribute name, an indication of whether the attribute is mandatory or optional, and the value for the attribute. In the Raw View, you can enter the mandatory attributes using a equal to (=) sign between the attribute name and its value and optional attributes are entered using an asterisk (*) between the attribute name and its value. The attributes entered in the Raw View are reflected in the Custom Attributes section in the Task Attribute View and vice versa. The Raw View is also used to copy paste the attribute list (for example, another product's attribute list) from the clipboard onto ISE. Custom attributes can be defined for nonshell services.
質問 137
A user is attempting to register a BYOD device to the Cisco ISE deployment, but needs to use the onboarding policy to request a digital certificate and provision the endpoint. What must be configured to accomplish this task?
- A. A native supplicant provisioning policy to redirect them to the BYOD portal for onboarding
- B. The BYOD flow to ensure that the endpoint will be provisioned prior to registering
- C. The posture provisioning policy to give the endpoint all necessary components prior to registering
- D. The Cisco AnyConnect provisioning policy to provision the endpoint for onboarding
正解: A
質問 138
Which Cisco ISE node does not support automatic failover?
- A. Inline Posture node
- B. Admin node
- C. Policy Services node
- D. Monitoring node
正解: B
質問 139
An administrator needs to give the same level of access to the network devices when users are logging into them using TACACS+ However, the administrator must restrict certain commands based on one of three user roles that require different commands How is this accomplished without creating too many objects using Cisco ISE?
- A. Create multiple shell profiles and multiple command sets.
- B. Create one shell profile and multiple command sets.
- C. Create multiple shell profiles and one command set
- D. Create one shell profile and one command set.
正解: B
解説:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_0100010.html
https://www.youtube.com/watch?v=IlZwB71Szog&ab_channel=JasonMaynard
質問 140
What is a valid guest portal type?
- A. My Devices
- B. Sponsored-Guest
- C. Sponsor
- D. Captive-Guest
正解: B
解説:
Section: Web Auth and Guest Services
Explanation/Reference: https://www.cisco.com/c/en/us/td/docs/security/ise/1-3/admin_guide/b_ise_admin_guide_13/ b_ise_admin_guide_sample_chapter_01111.html
質問 141
Client provisioning resources can be added into the Cisco ISE Administration node from which three of these? (Choose three.)
- A. local disk
- B. Posture Agent Profile
- C. TFTP
- D. FTP
- E. www-cisco.com
正解: A,B,E
質問 142
Which two default endpoint identity groups does Cisco ISE create? (Choose two )
- A. profiled
- B. unknown
- C. block list
- D. allow list
- E. endpoint
正解: A,B
解説:
Explanation
https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide Default Endpoint Identity Groups Created for EndpointsCisco ISE creates the following five endpoint identity groups by default: Blacklist, GuestEndpoints, Profiled, RegisteredDevices, and Unknown. In addition, it creates two more identity groups, such as Cisco-IP-Phone and Workstation, which are associated to the Profiled (parent) identity group. A parent group is the default identity group that exists in the system.
Cisco ISE creates the following endpoint identity groups:
* Blacklist-This endpoint identity group includes endpoints that are statically assigned to this group in Cisco ISE and endpoints that are block listed in the device registration portal. An authorization profile can be defined in Cisco ISE to permit, or deny network access to endpoints in this group.
* GuestEndpoints-This endpoint identity group includes endpoints that are used by guest users.
* Profiled-This endpoint identity group includes endpoints that match endpoint profiling policies except Cisco IP phones and workstations in Cisco ISE.
* RegisteredDevices-This endpoint identity group includes endpoints, which are registered devices that are added by an employee through the devices registration portal. The profiling service continues to profile these devices normally when they are assigned to this group. Endpoints are statically assigned to this group in Cisco ISE, and the profiling service cannot reassign them to any other identity group.
These devices will appear like any other endpoint in the endpoints list. You can edit, delete, and block these devices that you added through the device registration portal from the endpoints list in the Endpoints page in Cisco ISE. Devices that you have blocked in the device registration portal are assigned to the Blacklist endpoint identity group, and an authorization profile that exists in Cisco ISE
* redirects blocked devices to a URL, which displays "Unauthorised Network Access", a default portal page to the blocked devices.
* Unknown-This endpoint identity group includes endpoints that do not match any profile in Cisco ISE.
In addition to the above system created endpoint identity groups, Cisco ISE creates the following endpoint identity groups, which are associated to the Profiled identity group:
* Cisco-IP-Phone-An identity group that contains all the profiled Cisco IP phones on your network.
* Workstation-An identity group that contains all the profiled workstations on your network.
質問 143
In a standalone Cisco ISE deployment, which two personas are configured on a node? (Choose two )
- A. subscriber
- B. publisher
- C. policy service
- D. administration
- E. primary
正解: C,D
解説:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-0/admin_guide/b_ise_admin_guide_20/b_ise_admin_guide_20_chapter_010.html
質問 144
A company is attempting to improve their BYOD policies and restrict access based on certain criteri a. The company's subnets are organized by building. Which attribute should be used in order to gain access based on location?
- A. device registration status
- B. static group assignment
- C. MAC address
- D. IP address
正解: B
解説:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_010100.html#ID1353
質問 145
A policy is being created in order to provide device administration access to the switches on a network. There is a requirement to ensure that if the session is not actively being used, after 10 minutes, it will be disconnected. Which task must be configured in order to meet this requirement?
- A. set attribute as
- B. session timeout
- C. monitor
- D. idle time
正解: B
解説:
Reference:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ISE_admin_guide_24/m_admin_accesspolicy_settings.html#reference_0E24B8FBFAB248219E1194435670347F
質問 146
......
300-715問題集には100%厳密検証された問題と解答で合格保証もしくは全額返金:https://jp.fast2test.com/300-715-premium-file.html
合格させるCisco 300-715試験には練習テスト問題集豪華お試しセット:https://drive.google.com/open?id=1wuplOC7d9IhZ1qXa7M7F4n7CzkBiFHzR