Cisco 300-715 Dumps
| Exam Code | 300-715 |
| Exam Name | Implementing and Configuring Cisco Identity Services Engine (SISE) v1.1 (300-715 SISE) |
| Update Date | 19 Jul, 2026 |
| Total Questions | 322 Questions Answers With Explanation |
| Exam Code | 300-715 |
| Exam Name | Implementing and Configuring Cisco Identity Services Engine (SISE) v1.1 (300-715 SISE) |
| Update Date | 19 Jul, 2026 |
| Total Questions | 322 Questions Answers With Explanation |
Prepare for the 300-715 certification exam with ITExamsPro’s expertly crafted resources, including authentic 300-715 practice questions and answers, along with comprehensive 300-715 dumps. Our materials are meticulously designed to provide you with everything needed to succeed on your first attempt, giving you the confidence and skills to excel in your certification journey.
Equip yourself with ITExamsPro’s trusted 300-715 practice questions, answers, and dumps to make your certification journey a success. Start preparing with confidence and take the next step toward advancing your IT career!
What are the minimum requirements for deploying the Automatic Failover feature on Administration nodes in a distributed Cisco ISE deployment?
A. a primary and secondary PAN and a health check node for the Secondary PAN
B. a primary and secondary PAN and no health check nodes
C. a primary and secondary PAN and a pair of health check nodes
D. a primary and secondary PAN and a health check node for the Primary PAN
An administrator must provide wired network access to unidentified Cisco devices that fail 802.1X authentication. Cisco ISE profiling services must be configured to gather Cisco Discovery Protocol and LLDP endpoint information from a Cisco switch. These configurations were performed: • configured switches to accept SNMP queries from Cisco ISE • enabled Cisco Discovery Protocol and LLDP on the switches • added the switch as a NAD to Cisco ISE What must be enabled to complete the configuration?
A. SNMP traps on the switch
B. SNMP MIBs in Cisco ISE
C. SNMP Trap probe in Cisco ISE
D. SNMP Query probe in Cisco ISE
An administrator is editing a csv list of endpoints and wants to reprofile some of the devices indefinitely before importing the list into Cisco ISE. Which field and Boolean value must be changed for the devices before the list is reimported?
A. Identity Group Assignment field and Static Assignment field set to the value FALSE
B. Policy Assignment field and Static Assignment field set to the value TRUE
C. Policy Assignment field and Static Assignment field set to the value FALSE
D. Identity Group Assignment field and Static Assignment field set to the value TRUE
A network engineer needs to deploy 802.1x using Cisco ISE in a wired network environment where thin clients download their system image upon bootup using PXE. For which mode must the switch ports be configured?
A. closed
B. restricted
C. monitor
D. low-impact
A network administrator adds network access devices to Cisco ISE. After a security breach, the management team mandates that all network devices must comply with certain standards. All network devices must authenticate through Cisco ISE. Some devices use nondefault CoA ports. What must be configured in Cisco ISE?
A. Network device profile with a port specified
B. Network access manager with a port specified
C. Network device group with a port specified
D. Network device with a port specified
An administrator needs to add a new third party network device to be used with Cisco ISE for Guest and BYOD authorizations. Which two features must be configured under Network Device Profile to achieve this? (Choose two.)
A. dACL
B. TACACS
C. URL Redirect
D. SNMP community
E. CoA Type
An engineer is configuring Central Web Authentication in Cisco ISE to provide guest access. When an authentication rule is configured in the Default Policy Set for the Wired_MAB or Wireless_MAB conditions, what must be selected for the "if user not found" setting?
A. CONTINUE
B. REJECT
C. ACCEPT
D. DROP
An engineer must configure Cisco ISE to provide internet access for guests in which guests are required to enter a code to gain network access. Which action accomplishes the goal?
A. Configure the hotspot portal for guest access and require an access code.
B. Configure the sponsor portal with a single account and use the access code as the password.
C. Configure the self-registered guest portal to allow guests to create a personal access code.
D. Create a BYOD policy that bypasses the authentication of the user and authorizes access codes.
What is a difference between TACACS+ and RADIUS in regards to encryption?
A. TACACS+ encrypts only the password, whereas RADIUS encrypts the username and
password.
B. TACACS+ encrypts the username and password, whereas RADIUS encrypts only the password.
C. TACACS+ encrypts the password, whereas RADIUS sends the entire packet in clear text.
D. TACACS+ encrypts the entire packet, whereas RADIUS encrypts only the password.
An administrator plans to use Cisco ISE to deploy posture policies to assess Microsoft Windows endpoints that run Cisco Secure Client. The administrator wants to minimize the occurrence of messages related to unknown posture profiles if Cisco ISE fails to determine the posture of the endpoint. Secure Client is deployed to all the endpoints. and all the required Cisco ISE authentication, authorization, and posture policy configurations were performed. Which action must be taken next to complete the configuration?
A. Install the latest version of the Secure Client client on the endpoints.
B. Enable Cisco ISE posture on Secure Client configuration.
C. Configure a native supplicant on the endpoints to support the posture policies.
D. Install the compliance module on the endpoints.
An engineer is configuring a new Cisco ISE node. The Cisco ISE must make authorization decisions based on the threat and vulnerability attributes received from the threat and vulnerability adapters. Which persona must be enabled?
A. Policy Service
B. Monitoring
C. pxGrid
D. Administration
A network engineer is in the predeployment discovery phase of a Cisco ISE deployment and must discover the network. There is an existing network management system in the network. Which type of probe must be configured to gather the information?
A. RADIUS
B. NMAP
C. NetFlow
D. SNMP
An engineer needs to configure a Cisco ISE server to issue a CoA for endpoints already authenticated to access the network. The CoA option must be enforced on a session, even if there are multiple active sessions on a port. What must be configured to accomplish this task?
A. the Reauth CoA option in the Cisco ISE system profiling settings enabled
B. an endpoint profiling policy with the No CoA option enabled
C. an endpoint profiling policy with the Port Bounce CoA option enabled
D. the Port Bounce CoA option in the Cisco ISE system profiling settings enabled
An engineer must use Cisco ISE profiler services to provide network access to Cisco IP phones that cannot support 802.1X. Cisco ISE is configured to use the access switch device sensor information system-description and platform-type to profile Cisco IP phones and allow access. Which two protocols must be configured on the switch to complete the configuration? (Choose two.)
A. CDP
B. EAPOL
C. LLDP
D. SNMP
E. STP
An engineer is working with a distributed deployment of Cisco ISE and needs to configure various network probes to collect a set of attributes from the endpoints on the network. Which node should be used to accomplish this task?
A. PSN
B. primary PAN
C. pxGrid
D. MnT
An administrator replaced a PSN in the distributed Cisco ISE environment. When endpoints authenticate to it, the devices are not getting the right profiles or attributes and as a result, are not hitting the correct policies. This was working correctly on the previous PSN. Which action must be taken to ensure the endpoints get identified?
A. Verify that the MnT node is tracking the session.
B. Verify the shared secret used between the switch and the PSN.
C. Verify that the profiling service is running on the new PSN.
D. Verify that the authentication request the PSN is receiving is not malformed.
Which Cisco ISE solution ensures endpoints have the latest version of antivirus updates installed before being allowed access to the corporate network?
A. Threat Services
B. Profiling Services
C. Provisioning Services
D. Posture Services
An engineer is unable to use SSH to connect to a switch after adding the required CLI commands to the device to enable TACACS+. The device administration license has been added to Cisco ISE, and the required policies have been created. Which action is needed to enable access to the switch?
A. The ip ssh source-interface command needs to be set on the switch.
B. 802.1X authentication needs to be configured on the switch.
C. The RSA keypair used for SSH must be regenerated after enabling TACACS+.
D. The switch needs to be added as a network device in Cisco ISE and set to use
TACACS+.
A security administrator is using Cisco ISE to create a BYOD onboarding solution for all employees who use personal devices on the corporate network. The administrator generates a Certificate Signing Request and signs the request using an external Certificate Authority server. Which certificate usage option must be selected when importing the certificate into ISE?
A. RADIUS
B. DLTS
C. Portal
D. Admin
An engineer must organize endpoints in a Cisco ISE identity management store to improve the operational management of IP phone endpoints. The endpoints must meet these requirements: • classify endpoints for finance, sales, and marketing departments • tag each endpoint as profiled Which action organizes the endpoints?
A. Create an endpoint identity group for each department with the IP phone parent group.
B. Create an endpoint identity group for each department with the profiled parent group.
C. Add a tag for the endpoints of each department and add an endpoint to profiled group.
D. Add a tag for the endpoints of each department and use the identity group filter.
0 Review for Cisco 300-715 Exam Dumps