Implementing and Configuring Cisco Identity Services Engine (300-715 SISE) v1.0
Question 1
What should be configured on the Cisco ISE authentication policy for unknown MAC addresses/identities for successful authentication?
- A. continue
- B. pass
- C. drop
- D. reject
Answer : A
Question 2
Which command displays all 802.1X/MAB sessions that are active on the switch ports of a Cisco Catalyst switch?
- A. show authentication sessions interface Gi1/0/x output
- B. show authentication sessions
- C. show authentication sessions output
- D. show authentication sessions interface Gi 1/0/x
Answer : D
Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/s1/sec-s1-xe-3se-3850-cr-book/sec-s1-xe-3se-3850-cr- book_chapter_01.html#wp3404908137
Question 3
What are two requirements of generating a single certificate in Cisco ISE by using a certificate provisioning portal, without generating a certificate signing request?
(Choose two.)
- A. Enter the IP address of the device.
- B. Enter the common name.
- C. Choose the hashing method.
- D. Locate the CSV file for the device MAC.
- E. Select the certificate template.
Answer : BE
Reference:
https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/200534-ISE-2-0-Certificate-Provisioning-Portal.html
Question 4
Refer to the exhibit. Which command is typed within the CLI of a switch to view the troubleshooting output?
- A. show authentication sessions mac 000e.84af.59af details
- B. show authentication registrations
- C. show authentication interface gigabitethernet2/0/36
- D. show authentication sessions method
Answer : A
Question 5
What gives Cisco ISE an option to scan endpoints for vulnerabilities?
- A. authentication policy
- B. authorization profile
- C. authentication profile
- D. authorization policy
Answer : B
Reference:
https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/admin_guide/b_ise_admin_guide_22/b_ise_admin_guide_22_chapter_010100.html
Question 6
Which two values are compared by the binary comparison function in authentication that is based on Active Directory?
- A. user-presented certificate and a certificate stored in Active Directory
- B. MS-CHAPv2 provided machine credentials and credentials stored in Active Directory
- C. user-presented password hash and a hash stored in Active Directory
- D. subject alternative name and the common name
Answer : D
Reference:
https://www.cisco.com/c/en/us/td/docs/security/ise/1-3/ISE-ADIntegrationDoc/b_ISE-ADIntegration.html
Question 7
What happens when an internal user is configured with an external identity store for authentication, but an engineer uses the Cisco ISE admin portal to select an internal identity store as the identity source?
- A. Authentication is redirected to the internal identity source.
- B. Authentication is granted.
- C. Authentication fails.
- D. Authentication is redirected to the external identity source.
Answer : D
Question 8
Which two actions occur when a Cisco ISE server device administrator logs in to a device? (Choose two.)
- A. The Cisco ISE server queries the internal identity store.
- B. The device queries the external identity store.
- C. The device queries the Cisco ISE authorization server.
- D. The device queries the internal identity store.
- E. The Cisco ISE server queries the external identity store.
Answer : BE
Question 9
An engineer is configuring a guest password policy and needs to ensure that the password complexity requirements are set to mitigate brute force attacks.
Which two requirements should be included in this policy? (Choose two.)
- A. active username limit
- B. password expiration period
- C. access code control
- D. username expiration date
- E. minimum password length
Answer : BE
Question 10
An engineer is using the low-impact mode for a phased deployment of Cisco ISE and is trying to connect to the network prior to authentication.
Which access will be denied in this deployment?
- A. DNS
- B. DHCP
- C. EAP
- D. HTTP
Answer : D
Question 11
An administrator needs to connect ISE to Active Directory as an external authentication source and allow the proper ports through the firewall.
Which two ports should be opened to accomplish this task? (Choose two.)
- A. TELNET: 23
- B. HTTPS: 443
- C. HTTP: 80
- D. LDAP: 389
- E. MSRPC:445
Answer : DE
Question 12
An engineer is implementing Cisco ISE and needs to configure 802.1X. The port settings are configured for port-based authentication.
Which command should be used to complete this configuration?
- A. aaa authentication dot1x default group radius
- B. dot1x system-auth-control
- C. authentication port-control auto
- D. dot1x pae authenticator
Answer : B
Question 13
DRAG DROP -
An organization wants to implement 802.1X and is debating whether to use PEAP-MSCHAPv2 or PEAP-EAP-TLS for authentication. Drag the characteristics on the left to the corresponding protocol on the right.
Select and Place:
Answer : 
Question 14
DRAG DROP -
Drag the descriptions on the left onto the components of 802.1X on the right.
Select and Place:
Answer : 
Authenticator ג€" device that controls physical access to the network based on the authentication status
Supplicant - software on the endpoint that communicates with EAP at layer 2
Authentication server ג€" device that validates the identity of the endpoint and provides results to another device
Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_8021x/configuration/xe-3se/3850/sec-user-8021x-xe-3se-3850-book/config-ieee-802x- pba.html
Question 15
A network engineer is configuring Cisco TrustSec and needs to ensure that the Security Group Tag is being transmitted between two devices.
Where in the Layer 2 frame should this be verified?
- A. payload
- B. 802.1 AE header
- C. CMD field
- D. 802.1Q field
Answer : C
Reference:
https://www.cisco.com/c/dam/en/us/solutions/collateral/borderless-networks/trustsec/C07-730151-00_overview_of_trustSec_og.pdf