300-715 Exam Dumps - Cisco CCNP Security Questions and Answers

Question # 4

What are two benefits of TACACS+ versus RADIUS for device administration? (Choose two )

Options:

TACACS+ supports 802.1X, and RADIUS supports MAB

TACACS+ uses UDP, and RADIUS uses TCP

TACACS+ has command authorization, and RADIUS does not.

TACACS+ provides the service type, and RADIUS does not

TACACS+ encrypts the whole payload, and RADIUS encrypts only the password.

Buy Now

Question # 5

An engineer is configuring web authentication and needs to allow specific protocols to permit DNS traffic. Which type of access list should be used for this configuration?

Options:

reflexive ACL

extended ACL

standard ACL

numbered ACL

Buy Now

Question # 6

An organization is adding new profiling probes to the system to improve profiling on Oseo ISE The probes must support a common network management protocol to receive information about the endpoints and the ports to which they are connected What must be configured on the network device to accomplish this goal?

Options:

ARP

SNMP

WCCP

ICMP

Buy Now

Question # 7

Which interface-level command is needed to turn on 802 1X authentication?

Options:

Dofl1x pae authenticator

dot1x system-auth-control

authentication host-mode single-host

aaa server radius dynamic-author

Buy Now

Question # 8

What is an advantage of using EAP-TLS over EAP-MS-CHAPv2 for client authentication?

Options:

EAP-TLS uses a username and password for authentication to enhance security, while EAP-MS-CHAPv2 does not.

EAP-TLS secures the exchange of credentials, while EAP-MS-CHAPv2 does not.

EAP-TLS uses a device certificate for authentication to enhance security, while EAP-MS-CHAPv2 does not.

EAP-TLS uses multiple forms of authentication, while EAP-MS-CHAPv2 only uses one.

Buy Now

Question # 9

Refer to the exhibit.

An engineer is configuring a client but cannot authenticate to Cisco ISE During troubleshooting, the show authentication sessions command was issued to display the authentication status of each port Which command gives additional information to help identify the problem with the authentication?

Options:

show authentication sessions

show authentication sessions Interface Gil/0/1 output

show authentication sessions interface Gi1/0/1 details

show authentication sessions output

Buy Now

Question # 10

An engineer is configuring ISE for network device administration and has devices that support both protocols. What are two benefits of choosing TACACS+ over RADUs for these devices? (Choose two.)

Options:

TACACS+ is FIPS compliant while RADIUS is not

TACACS+ is designed for network access control while RADIUS is designed for role-based access.

TACACS+ uses secure EAP-TLS while RADIUS does not.

TACACS+ provides the ability to authorize specific commands while RADIUS does not

TACACS+ encrypts the entire payload being sent while RADIUS only encrypts the password.

Buy Now

Question # 11

An administrator is adding network devices for a new medical building into Cisco ISE. These devices must be in a network device group that is identifying them as "Medical Switch" so that the policies can be made separately for the endpoints connecting through them. Which configuration item must be changed in the network device within Cisco ISE to accomplish this goal?

Options:

Change the device type to Medical Switch.

Change the device profile to Medical Switch.

Change the model name to Medical Switch.

Change the device location to Medical Switch.

Buy Now

Question # 12

Which two components are required for creating a Native Supplicant Profile within a BYOD flow? (Choose two)

Options:

Windows Settings

Connection Type

iOS Settings

Redirect ACL

Operating System

Buy Now

Question # 13

Which two task types are included in the Cisco ISE common tasks support for TACACS+ profiles?

(Choose two.)

Options:

Firepower

WLC

IOS

ASA

Shell

Buy Now

Answer:

B, E

Explanation:

https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_0100010.html

TACACS+ Profile

TACACS+ profiles control the initial login session of the device administrator. A session refers to each individual authentication, authorization, or accounting request. A session authorization request to a network device elicits an ISE response. The response includes a token that is interpreted by the network device, which limits the commands that may be executed for the duration of a session. The authorization policy for a device administration access service can contain a single shell profile and multiple command sets. The TACACS+ profile definitions are split into two components:

Common tasks
Custom attributes

There are two views in the TACACS+ Profiles page (Work Centers > Device Administration > Policy Elements > Results > TACACS Profiles)—Task Attribute View and Raw View. Common tasks can be entered using the Task Attribute View and custom attributes can be created in the Task Attribute View as well as the Raw View.

The Common Tasks section allows you to select and configure the frequently used attributes for a profile. The attributes that are included here are those defined by the TACACS+ protocol draft specifications. However, the values can be used in the authorization of requests from other services. In the Task Attribute View, the ISE administrator can set the privileges that will be assigned to the device administrator. The common task types are:

Shell
WLC
Nexus
Generic

The Custom Attributes section allows you to configure additional attributes. It provides a list of attributes that are not recognized by the Common Tasks section. Each definition consists of the attribute name, an indication of whether the attribute is mandatory or optional, and the value for the attribute. In the Raw View, you can enter the mandatory attributes using a equal to (=) sign between the attribute name and its value and optional attributes are entered using an asterisk (*) between the attribute name and its value. The attributes entered in the Raw View are reflected in the Custom Attributes section in the Task Attribute View and vice versa. The Raw View is also used to copy paste the attribute list (for example, another product's attribute list) from the clipboard onto ISE. Custom attributes can be defined for nonshell services.

Exam Code: 300-715

Exam Name: Implementing and Configuring Cisco Identity Services Engine (SISE) v4.0 (300-715 SISE)

Last Update: Mar 29, 2025

Questions: 243

300-715 PDF

$28.5 ~~$94.99~~

Add to Cart

300-715 Testing Engine

$33 ~~$109.99~~

Add to Cart

300-715 PDF + Testing Engine

$43.5 ~~$144.99~~

Add to Cart

Special Summer Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

certsboard certification exams

Navigation:

300-715 Exam Dumps - Cisco CCNP Security Questions and Answers

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

300-715 PDF

300-715 Testing Engine

300-715 PDF + Testing Engine

Quick Links

Recently New Released Certification Exams

Site Secure