cisco 300-715 practice test

Implementing and Configuring Cisco Identity Services Engine (SISE)


Question 1 Topic 7

Topic 7
What are two benefits of TACACS+ versus RADIUS for device administration? (Choose two.)

  • A. TACACS+ has command authorization, and RADIUS does not.
  • B. TACACS+ uses UDP, and RADIUS uses TCP.
  • C. TACACS+ supports 802.1X, and RADIUS supports MAB.
  • D. TACACS+ provides the service type, and RADIUS does not.
  • E. TACACS+ encrypts the whole payload, and RADIUS encrypts only the password.
Answer:

A E

Discussions

Question 2 Topic 7

Topic 7
Refer to the exhibit.

A network engineer is configuring the switch to accept downloadable ACLs from a Cisco ISE server.
Which two commands should be run to complete the configuration? (Choose two.)

  • A. radius-server attribute 8 include-in-access-req
  • B. ip device tracking
  • C. dot1x system-auth-control
  • D. radius server vsa send authentication
  • E. aaa authorization auth-proxy default group radius
Answer:

A D

Discussions

Question 3 Topic 7

Topic 7
What is a characteristic of the UDP protocol?

  • A. UDP can detect when a server is down.
  • B. UDP can detect when a server is slow.
  • C. UDP offers best-effort delivery.
  • D. UDP offers information about a non-existent server.
Answer:

C

Discussions

Question 4 Topic 7

Topic 7
Which two responses from the RADIUS server to NAS are valid during the authentication process? (Choose two.)

  • A. access-challenge
  • B. access-accept
  • C. access-request
  • D. access-reserved
  • E. access-response
Answer:

A B

Discussions

Question 5 Topic 7

Topic 7
A user reports that the RADIUS accounting packets are not being seen on the Cisco ISE server.
Which command is the user missing in the switchs configuration?

  • A. aaa accounting resource default start-stop group radius
  • B. radius-server vsa send accounting
  • C. aaa accounting network default start-stop group radius
  • D. aaa accounting exec default start-stop group radius
Answer:

B

Explanation:
Reference: https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_sw_cnfg.pdf

Discussions

Question 6 Topic 7

Topic 7
Which are two characteristics of TACACS+? (Choose two.)

  • A. It separates authorization and authentication functions.
  • B. It combines authorization and authentication functions.
  • C. It uses UDP port 49.
  • D. It encrypts the password only.
  • E. It uses TCP port 49.
Answer:

A E

Explanation:
Reference: https://www.cisco.com/c/en/us/support/docs/security-vpn/remote-authentication-dial-user-service-radius/13838-
10.html

Discussions

Question 7 Topic 7

Topic 7
Which two features must be used on Cisco ISE to enable the TACACS+ feature? (Choose two.)

  • A. Command Sets
  • B. Server Sequence
  • C. Device Administration License
  • D. External TACACS Servers
  • E. Device Admin Service
Answer:

C E

Discussions

Question 8 Topic 7

Topic 7
What are two benefits of TACACS+ versus RADIUS for device administration? (Choose two.)

  • A. TACACS+ has command authorization, and RADIUS does not.
  • B. TACACS+ uses UDP, and RADIUS uses TCP.
  • C. TACACS+ supports 802.1X, and RADIUS supports MAB.
  • D. TACACS+ provides the service type, and RADIUS does not.
  • E. TACACS+ encrypts the whole payload, and RADIUS encrypts only the password.
Answer:

A E

Discussions

Question 9 Topic 7

Topic 7
Which two task types are included in the Cisco ISE common tasks support for TACACS+ profiles? (Choose two.)

  • A. ASA
  • B. Firepower
  • C. Shell
  • D. WLC
  • E. IOS
Answer:

C D

Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/ise/2--
1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_0100010.html

Discussions

Question 10 Topic 6

Topic 6
When planning for the deployment of Cisco ISE, an organization's security policy dictates that they must use network access
authentication via RADIUS. It also states that the deployment needs to provide an adequate amount of security and visibility
for the hosts on the network.
Why should the engineer configure MAB in this situation?
A. The Cisco switches only support MAB.
B. MAB provides the strongest form of authentication available.
C. MAB provides user authentication.
D. The devices in the network do not have a supplicant.

Answer:

D
Topic 7, Network Access Device Administration

Discussions
To page 2