Cisco ISE 300-715 Flashcards | Quizlet https://quizlet.

com/708266610/cisco-ise-300-715-flash-cards/

Cisco ISE 300-715 Study

Other Computer Skills

Cisco ISE 300-715

11 studiers recently Leave the first rating

Terms in this set (88)

What guest services can a Create and manage guest user accounts
receptionist provide who has
an account in the ISE Guest
Serves Sponsor Group?

Service of ISE node to Profiling

identify types of devices
connecting to the network

Default endpoint identity Unknown

group for an endpoint that
does not match any profile in
ISE

What sends the redirect ACL Cisco-au-pair

that is configured in the ISE
Authorization Profile back to
the WLC?

1 of 14 27/09/2023, 11:06 pm
Cisco ISE 300-715 Flashcards | Quizlet https://quizlet.com/708266610/cisco-ise-300-715-flash-cards/

Cisco
What twoISE 300-715
values are 1. User presented certificate compared withStudy
the
compared by the binary AD store certificate
comparison function in 2. Subject alternate name compared with the
authentication based on common name
active directory? What are
two other values?

Cisco ISE is running in an IP mab

phone only environment.
Phones cannot authenticate
via 802.1X, what command is
needed on each switch port
for authentication?

How is PSN redundancy Create a node group

achieved in a deployment?

In an ISE distributed 1. PSN

deployment an engineer 2. Admin
needs to configure network
probes to collect attributes
from endpoints. Which node
can he use to accomplish
this? Which note can he use
to configure this?

What are two guest password 1. Password expiration period

policy requirements to 2. Minimum password length
mitigate brute force attacks?

Two components of posture 1. Conditions

requirement when configuring 2. Remediation actions
ISE posture

2 of 14 27/09/2023, 11:06 pm
Cisco ISE 300-715 Flashcards | Quizlet https://quizlet.com/708266610/cisco-ise-300-715-flash-cards/

Cisco ISE
What is the 300-715
minimum certainty The minimum value threshold that a device Study
must
factor when creating a meet for ISE to consider that device part of that
profiler policy? profile

An employee has been Authentication will fail. Engineer needs to select

configured with an external external identity source
identity store for
authentication. If the engineer
uses the admin portal to
select the internal identity
store as the ID source, what
happens?

What are two methods for a 1. Import - CSV

sponsor to create bulk guest 2. Random - ISE autogenerates the user accounts
accounts from the sponsor
portal?

When configuring web Extended ACL

authentication and do you
want to allow specific
protocols such as permit DNS
traffic, what type of ACL
should you use?

1. Sponsored guest
What are the ISE guest portal
2. Hotspot
types?
3. Self registered guest

What ports need to be open TCP 389 - LDAP

to configure AD has an TCP 445 - MSRPC
external authentication source
for ISE?

3 of 14 27/09/2023, 11:06 pm
Cisco ISE 300-715 Flashcards | Quizlet https://quizlet.com/708266610/cisco-ise-300-715-flash-cards/

Cisco ISE 300-715

In a split deployment which AAA - authentication, authorization, accounting
Study
workload is split between all
of the nodes?

1. Admin
What are the personas of an
2. PSN
ISE node?
3. MnT

What is the method to SGT exchange protocol

transport SGTs throughout the
network?

1. Administration - system - deployment

2. Click the checkbox next to the node and select
Four steps to edit an ISE node
edit
and make it a PAN?
3. Click make primary administration node
4. Click save

What does I SE used to SID

resolve ambiguous AD group
names?

RADIUS attribute to Idle-timeout

dynamically assign an
inactivity timer for MAB
users?

Portal to customize your Client provisioning

settings to login and
download the compliance
module?

4 of 14 27/09/2023, 11:06 pm
Cisco ISE 300-715 Flashcards | Quizlet https://quizlet.com/708266610/cisco-ise-300-715-flash-cards/

Cisco
AdvancedISE 300-715
WLAN option to AAA override Study
enable that will trigger
central web authentication for
wireless users on AirOS
controller?

Portal to prevent lost or Blacklist portal - you can still see info as to why a
stolen items from accessing device was blocked
the network?

Probe to re-profile endpoints DHCP

based only on new requests
of INIT-REBOOT and
SELECTING messages?

ISE configuration requirement If user not found, continue

in authentication policy to
allow central web
authentication?

What are two features 1. New AD user 802.1X authentication

available when PAN is down 2. Posture
and SAN has not yet been
promoted?

What ISE persona needs the Monitoring and troubleshooting (MnT)

largest amount of storage?

What happens when an ISE Only the secondary node restarts

distributed deployment add
to notes and the secondary
node becomes de registered?

5 of 14 27/09/2023, 11:06 pm
Cisco ISE 300-715 Flashcards | Quizlet https://quizlet.com/708266610/cisco-ise-300-715-flash-cards/

Cisco ISE 300-715 1. Unknown Study

2. Registered
What are the default identity
3. Profiled
groups that ISE creates?
4. Blacklist
5. Guest Endpoints

Command to configure web ip http port <port number>

authentication on a switch
using non-standard ports?

Successful authentication of Continue

unknown MAC or identities
requires this configuration on
the ice auth policy?

What is the port for native TCP 8909

supplicant provisioning of a
Windows laptop?

Common permission to AD Search AD to see if a ISE user machine account

join and leave operations? already exists

Two fields of the context of 1. Identity group assignment

his ability page of ISE when 2. Policy assignment
creating an endpoint

What are two ways to classify 1. Static - VLAN

users and end points for 2. Dynamic - 802.1X, MAB, web authentication
TrustSec?

What are two task types of WLC

common tasks support for Shell
TACACS+ profiles?

6 of 14 27/09/2023, 11:06 pm
Cisco ISE 300-715 Flashcards | Quizlet https://quizlet.com/708266610/cisco-ise-300-715-flash-cards/

Cisco ISE
What is the 300-715
command to filter cts role-based enforcement Study
traffic based on SGTs using a
security policy on a routed
interface?

What gives ISE the option to Authorization profile

scan for endpoint
vulnerabilities?

What is the required TCP HTTPS

protocol for BYOD device to
access the BYOD portal?

What are the open ports TCP 8443

needed for posture TCP 8905
configuration between client
and ISE?

To enforce access control SGTs

using tags, what feature of
Cisco ISE can be used in a
scalable manner?

Benefits of TACACS+ over 1. TACACS+ encrypts the whole payload while

RADIUS for device RADIUS only encrypts the password
administration? 2. TACACS+ has command authorization

Low impact mode in an ISE HTTP

phase deployment; what
service access will be denied
when connecting to the
network before auth?

7 of 14 27/09/2023, 11:06 pm
Cisco ISE 300-715 Flashcards | Quizlet https://quizlet.com/708266610/cisco-ise-300-715-flash-cards/

Cisco ISE
What must 300-715
match between Shared secret Study
ISE and the NAD two
successfully authenticate
endpoints?

What is the purpose of the "ip Allows the switch to redirect users for central web
http server" command on a authentication
switch?

What are two required iOS settings

components for the native Operating system
supplicant profile within
BYOD flow?

In a standalone Cisco ISE Admin

deployment, which two PSN
personas can be configured
on a node?

What is the command to 1. show authentication sessions

display all 802.1X and MAB 2. show authentication sessions interface
active sessions on a catalyst <interface>
or legacy switch? What is the
command to display the
active session on a specific
interface?

What supplicant and server Supplicant - AnyConnect NAM

are capable of EAP - Server - Cisco ISE
CHAINING?

8 of 14 27/09/2023, 11:06 pm
Cisco ISE 300-715 Flashcards | Quizlet https://quizlet.com/708266610/cisco-ise-300-715-flash-cards/

Cisco
What are ISE 300-715
the requirements 1. Certificate template is selected Study
when generating a single 2. Common name is entered
certificate in ISE via the
certificate provisioning portal
without generating a CSR?

What is the necessary 802.1X 1. dot1x pae authenticator

authentication command at 2. dot1x system-auth-control
the interface level? What is
the command at the global
level?

What are the two required RADIUS

probes for ARP cache DHCP
function of ISE profiling
service to work?

What is a use case that Endpoint profiling policy gets changed for the
validates a change of authorization policy
authorization?

What are two possible Compliant

endpoint compliance Unknown
statuses?

What profiling probe collects HTTP

the user - agent string?

If CoA is enabled globally for Endpoint profile change from Unknown to

ReAuth, what events could Windows10-Device
trigger a CoA for an Endpoint profile change from Apple-Device to
endpoint? Apple-iPhone

9 of 14 27/09/2023, 11:06 pm
Cisco ISE 300-715 Flashcards | Quizlet https://quizlet.com/708266610/cisco-ise-300-715-flash-cards/

Cisco ISE
ISE service 300-715
to check Posture Study
compliance of end points
before they connect to the
network?

What is the term for the Supplicant

endpoint agent trying to join
a 802.1X network?

What is a requirement of the Cisco ISE has connection to the Internet to

feed service? download the feed update

What occurs when an ISE The internal identity store is queried by ISE, then
administrator logs into a the external identity store is queried
device?

What are the two standard 1700

ports for CoA? 3799

What is required to configure The redirect ACL must be created on the WLC
ISE guest services to allow and referenced in the Cisco ISE policy
wireless devices to access the
network?

What is needed on the WLC Webauth ACL for redirection

to configure wireless guest
access on the network?

10 of 14 27/09/2023, 11:06 pm
Cisco ISE 300-715 Flashcards | Quizlet
Cisco ISEis implementing
An engineer 300-715
Cisco ISE and needs to
configure 802.1X. The port
settings are configured for
port-based authentication.
Which command should be
used to complete this
configuration?
Which protocol's best used
for device administration,
authentication, and
authorization?
What is a feature of TACACS+
authorization?
What two protocols are used
for endpoint authentication
communications between
ANAD and an authentication
server?
What is true of TACACS+
support in Cisco ISE?
What does a TACACS
command set do?
11 of 14
https://quizlet.com/708266610/cisco-ise-300-715-flash-cards/
dot1x system-auth-control (question specifies port
Study
settings are already configured, so not dot1x pae
authenticator)
TACACS+
Each command entered must be authenticated
and then authorized
RADIUS
TACACS+
When enabled, settings will not be populated
across all PSNs
It is not enabled by default
It does not require a plus license
When enabled, all capable devices are not
instantly able to communicate with the server
Enforces a specified list of commands that can be
executed by a device administrator
27/09/2023, 11:06 pm
Cisco ISE 300-715 Flashcards | Quizlet
Cisco ISEallows
What feature 300-715
for similar
device types to share the
same policies?
TACACS regular policy set
consists of:
Two components of the
posture service?
Simple posture conditions
What module contains a list of
fields and attributes that are
provided by OPSWAT that
support posture in Cisco ISE?
Posture operational
deployment modes (3)
Cisco ISE feature that is
responsible for pushing client
agent software to an
endpoint:
First step to supporting client
provisioning?
12 of 14
https://quizlet.com/708266610/cisco-ise-300-715-flash-cards/
Device Groups Study
Authorization rule table
Authentication rule table
Posture Administration Services
Posture Run-time Services
File condition
Registry condition
USB Condition
Compliance module
Audit - client permitted even if security posture is
non compliant
Optional - client is given option to continue to
bypass the posture assessment policy
Mandatory - client is notified of failure and must
take corrective action to comply with policy
Client provisioning
Download the appropriate agents to Cisco ISE
27/09/2023, 11:06 pm
Cisco ISE 300-715 Flashcards | Quizlet
Cisco ISE 300-715
Benefits of BYOD (3)
In a BYOD scenario where
iPads and iPhons will not
connect to a desired SSID,
what is the solution?
After on boarding process
has been completed via the
BYOD portal, what identity
group does the endpoint
belong?
Purposes of a certificate
template for BYOD
deployment (3)?
Guidelines for proper
provisioning of a dual SSID
BYOD solution (3):
How can a certificate be
revoked from an endpoint
should it be stolen?
13 of 14
https://quizlet.com/708266610/cisco-ise-300-715-flash-cards/
Supplicant provisioning on all major platforms
Study
User-based device registration reduces the
burden on IT staff
Certificates can be automatically provisioned to
support both EAP-TLS and PEAP-MSCHAPv2
In the Native Supplicant Profile check the box for
"enable if target network is hidden"
Registered Devices
Define SCEP RA profile to be use for the CA
Define key sizes
Define SAN field options
Policy for employee provisioned endpoints
should come before the policy for unprovisioned
endpoints due to top down processing
Configure a provisioning policy rule to specify
which native supplicant profile to use
Separate provisioning policy rules can be created
to accommodate endpoints with different OS
Users can use the My Devices portal
Admins can do this via standard Cisco ISE GUI
27/09/2023, 11:06 pm
Cisco ISE 300-715 Flashcards | Quizlet https://quizlet.com/708266610/cisco-ise-300-715-flash-cards/

Cisco ISE 300-715 Can be used to automatically discover, locate,

Study
and determine the capabilities of all connected
ISE profiling service
endpoints
characteristics (3):
Option for static profiling
Profiling sensor only runs on PSNs

Two components of the Cisco The sensor

ISE profiling service: The analyzer

What must be done to keep Use the Cisco ISE profiler feed service
profile definitions and OUI
databases up to date?

14 of 14 27/09/2023, 11:06 pm