300-715無料問題集「Cisco Implementing and Configuring Cisco Identity Services Engine」

質問 1

An engineer must configure a posture policy with Cisco Temporal Agent workflow. Which two configurations must the engineer apply to meet the requirement? (Choose two.)

（A）Create the posture condition.

（B）Configure the Secure Client Posture module.

（C）Configure client provisioning resources.

（D）Configure the client provisioning policy.

（E）Create the posture requirements.

正解：A、E 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 2

An administrator is configuring a new profiling policy within Cisco ISE. The organization has several endpoints that are the same device type and all have the same Block ID in their MAC address. The profiler does not currently have a profiling policy created to categorize these endpoints, therefore a custom profiling policy must be created.
Which condition must the administrator use in order to properly profile an ACME Al Connector endpoint for network access with MAC address <MAC ADDRESS>?

（A）Radius Called Station-ID STARTSWITH <MACADDRESS>

（B）MAC_OUI_STARTSWITH_<MACADDRESS>

（C）CDP_cdpCacheDevicelD_CONTAINS_<MACADDRESS>

（D）MAC_MACAddress_CONTAINS_<MACADDRESS>

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 3

A user is attempting to register a BYOD device to the Cisco ISE deployment, but needs to use the onboarding policy to request a digital certificate and provision the endpoint.
What must be configured to accomplish this task?

（A）The posture provisioning policy to give the endpoint all necessary components prior to registering

（B）A native supplicant provisioning policy to redirect them to the BYOD portal for onboarding

（C）The BYOD flow to ensure that the endpoint will be provisioned prior to registering

（D）The Cisco AnyConnect provisioning policy to provision the endpoint for onboarding

正解：B 解答を投票する

質問 4

What are two requirements of generating a single signing in Cisco ISE by using a certificate provisioning portal, without generating a certificate request? (Choose two )

（A）Choose the hashing method

（B）Enter the IP address of the device

（C）Location the CSV file for the device MAC

（D）Select the certificate template

（E）Enter the common name

正解：D、E 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 5

An administrator is configuring sponsored guest access using Cisco ISE Access must be restricted to the sponsor portal to ensure that only necessary employees can issue sponsored accounts and employees must be classified to do so. What must be done to accomplish this task?

（A）Create an authorization rule using the Guest Flow condition to authorize the administrators

（B）Edit the sponsor portal to only accept members from the selected groups

（C）Configure an identity-based access list in Cisco ISE to restrict the users allowed to login

（D）Modify the sponsor groups assigned to reflect the desired user groups

正解：D 解答を投票する

質問 6

An administrator must configure Cisco ISE to authenticate the administrative superuser to manage a Cisco Adaptive Security Appliance firewall. The solution must meet the requirements:
- The user must be authenticated against Microsoft AD.
- The user must have full management administrative access to the Cisco Adaptive Security Appliance firewall.
- The user must not use the enable command.
The configurations were performed:
- joined Cisco ISE to AD and retrieved AD groups
- added the Cisco Adaptive Security Appliance firewall
- enabled Device Admin Service in Cisco ISE
- configured TACACS command sets
- configured a TACACS profile
- configured an authorization policy
- configured the Cisco Adaptive Security Appliance firewall for
authentication and authorization
Which two actions must be performed in Cisco ISE? (Choose two.)

（A）Set Default Privilege to 1 and Maximum Privilege to 15 in the TACACS profile.

（B）Add all authorized admin commands to the TACACS profile.

（C）Configure an authentication profile on Cisco ISE.

（D）Select "Permit any command that is not listed below" in the TACACS profile.

（E）Set Default Privilege to 15 and Maximum Privilege to 15 in the TACACS profile.

正解：A、B 解答を投票する

質問 7

An engineer is implementing Cisco ISE and needs to configure 802.1X. The port settings are configured for port-based authentication.
Which command should be used to complete this configuration?

（A）aaa authentication dot1x default group radius

（B）dot1x pae authenticator

（C）authentication port-control auto

（D）dot1x system-auth-control

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 8

An engineer is configuring web authentication and needs to allow specific protocols to permit DNS traffic. Which type of access list should be used for this configuration?

（A）numbered ACL

（B）extended ACL

（C）standard ACL

（D）reflexive ACL

正解：B 解答を投票する

質問 9

What occurs when a Cisco ISE distributed deployment has two nodes and the secondary node ,s deregistered?

（A）The primary node becomes standalone

（B）The primary node restarts

（C）The secondary node restarts.

（D）Both nodes restart.

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 10

An administrator has added a new Cisco ISE PSN to their distributed deployment.
Which two features must the administrator enable to accept authentication requests and profile the endpoints correctly, and add them to their respective endpoint identity groups? (Choose two )

（A）Profiling Services

（B）Radius Service

（C）Endpoint Attribute Filter

（D）Session Services

（E）Posture Services

正解：A、D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 11

During BYOD flow, from where does a Microsoft Windows PC download the Network Setup Assistant?

（A）Cisco ISE directly

（B）Native OTA functionality

（C）Cisco App Store

（D）Microsoft App Store

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 12

Refer to the exhibit. In which scenario does this switch configuration apply?

（A）when preventing users with hypervisor

（B）when passing IP phone authentication

（C）when allowing multiple IP phones to be connected

（D）when allowing a hub with multiple clients connected

正解：D 解答を投票する

質問 13

A customer requires a Cisco ISE deployment where quests must log in to a webpage with unique credentials in the form username. User1 and Password: A463646808. Which deployment should the customer use?

（A）hotspot portal authentication

（B）captcha protection self-registration

（C）single credentials login to guest portal

（D）mobile number field using the guest page

正解：C 解答を投票する

質問 14

A network engineer must enable a profiling probe. The profiling must take details through the Active Directory. Where in the Cisco ISE interface would the engineer enable the probe?

（A）Policy > Deployment > System > Profiling

（B）Administration > Deployment > System > Profiling

（C）Administration > System > Deployment > Profiling

（D）Policy > Policy Elements > Profiling

正解：C 解答を投票する

質問 15

A Cisco ISE engineer is creating certificate authentication profile to be used with machine authentication for the network. The engineer wants to be able to compare the user-presented certificate with a certificate stored in Active Directory. What must be done to accomplish this?

（A）Use MS-CHAPv2 since it provides machine credentials and matches them to credentials stored in Active Directory.

（B）Add the subject alternative name and the common name to the CAP

（C）Enable the option for performing binary comparison.

（D）Configure the user-presented password hash and a hash stored in Active Directory for comparison.

正解：C 解答を投票する

質問 16

A network administrator must restrict sponsor account privileges for managing guest accounts on Cisco ISE for a new account that is being created. Sponsor groups currently exist for each business unit. The new sponsor that is being added must be restricted to only managing guest accounts created by sponsors from the same sponsor group. In which group must the new sponsor account be configured?

（A）ALL_ ACCOUNTS

（B）OWN_ACCOUNTS

（C）ALL_EMPLOYEES

（D）GROUP_ACCOUNTS

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 17

Which advanced option within a WLAN must be enabled to trigger Central Web Authentication for Wireless users on AireOS controller?

（A）override Interface ACL

（B）DHCP server

（C）static IP tunneling

（D）AAA override

正解：D 解答を投票する

300-715 無料問題集「Cisco Implementing and Configuring Cisco Identity Services Engine」

弊社を連絡する

関連リンク

トップ試験