Curious about Actual Cisco CCNP (300-715) Exam Questions?

Here are sample Cisco Implementing and Configuring Cisco Identity Services Engine (300-715) Exam questions from real exam. You can get more Cisco CCNP (300-715) Exam premium practice questions at TestInsights.

Page: 1 /
Total 244 questions

Want more questions? Get Premium Access.

Question 1

An engineer is configuring static SGT classification. Which configuration should be used when authentication is disabled and third-party switches are in use?

AVLAN to SGT mapping

BIP Address to SGT mapping

CL3IF to SGT mapping

DSubnet to SGT mapping

Correct : B

https://community.cisco.com/t5/security-knowledge-base/segmentation-strategy/ta-p/3757424: 'The method of sending out IP to SGT mappings from ISE is particularly useful if the access switch does not support TrustSec'

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

AVLAN to SGT mapping

BIP Address to SGT mapping

CL3IF to SGT mapping

DSubnet to SGT mapping

0 / 1500

Question 2

What is a restriction of a standalone Cisco ISE node deployment?

AOnly the Policy Service persona can be disabled on the node.

BThe domain name of the node cannot be changed after installation.

CPersonas are enabled by default and cannot be edited on the node.

DThe hostname of the node cannot be changed after installation.

Correct : C

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

AOnly the Policy Service persona can be disabled on the node.

BThe domain name of the node cannot be changed after installation.

CPersonas are enabled by default and cannot be edited on the node.

DThe hostname of the node cannot be changed after installation.

0 / 1500

Question 3

An administrator is attempting to join a new node to the primary Cisco ISE node, but receives the error message "Node is Unreachable". What is causing this error?

AThe second node is a PAN node.

BNo administrative certificate is available for the second node.

CThe second node is in standalone mode.

DNo admin privileges are available on the second node.

Correct : B

https://www.ciscopress.com/articles/article.asp?p=2812072

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

AThe second node is a PAN node.

BNo administrative certificate is available for the second node.

CThe second node is in standalone mode.

DNo admin privileges are available on the second node.

0 / 1500

Question 4

An engineer is starting to implement a wired 802.1X project throughout the campus. The task is for failed authentication to be logged to Cisco ISE and also have a minimal impact on the users. Which command must the engineer configure?

Aauthentication open

Bpae dot1x enabled

Cauthentication host-mode multi-auth

Dmonitor-mode enabled

Correct : D

In the context of a wired 802.1X deployment with Cisco ISE, the requirement is to log failed authentications while minimizing user impact. Let's analyze each option:

A) authentication open - This command configures the port to allow network access regardless of the authentication state. It's useful in situations where specific devices can't perform 802.1X authentication but should still be allowed network access. However, it doesn't specifically address the logging of failed authentications.

B) pae dot1x enabled - PAE (Port Access Entity) refers to the entity on a network device that enforces access control. This command enables 802.1X on the port, which is a prerequisite for implementing 802.1X, but doesn't directly relate to logging failed authentication attempts.

C) authentication host-mode multi-auth - This command configures the port to allow multiple authenticated sessions. This mode is used when multiple devices are connected to the same port (like in a conference room). While it's relevant for 802.1X environments, it doesn't specifically cater to logging failed authentications or minimizing user impact.

D) monitor-mode enabled - This command is used in the context of 802.1X to enable Monitor Mode on a port. Monitor Mode allows a port to grant limited network access to endpoints without 802.1X capabilities. It's often used to ease the deployment of 802.1X by monitoring the authentication status without fully enforcing access control, thereby minimizing user impact. It also helps in logging authentication attempts, including failures.

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

Aauthentication open

Bpae dot1x enabled

Cauthentication host-mode multi-auth

Dmonitor-mode enabled

0 / 1500

Question 5

An engineer is working on a switch and must tag packets with SGT values such that it learns via SXP. Which command must be entered to meet this requirement?

Aip source guard

Bip dhcp snooping

Cip device tracking maximum

Dip arp inspection

Correct : C

The ip device tracking maximum command is used to configure the maximum number of IP-to-SGT bindings that can be learned via SXP on a switch1. This command also enables the switch to tag packets with SGT values based on the bindings learned from SXP peers. The other commands are not related to SGT tagging or SXP learning.

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

Aip source guard

Bip dhcp snooping

Cip device tracking maximum

Dip arp inspection

0 / 1500

Page: 1 / 49
Total 244 questions

Unlock Full
300-715 Exam Features

In Just $49 You can Access

All Official Question Types
Interactive Web-Based Practice Test Software
No Installation or 3rd Party Software Required
Customize your practice sessions (Free Demo)
24/7 Customer Support

Get Full Access Now

Marked Questions
300-715 Exam

300-715 Exam Question 1
300-715 Exam Question 2
300-715 Exam Question 3
300-715 Exam Question 4
300-715 Exam Question 5

Download PDF File Demo

Try Web-Based Exam Practice Software Demo

Commenting

In order to participate in the comments you need to be logged-in.
You can sign-up or login