300-715 Free Practice Test

Refer to the exhibit

Which component must be configured to apply the SGACL?

1. A. egress router
2. B. host
3. C. secure server
4. D. ingress router

Correct Answer: A
https://www.cisco.com/c/en/us/td/docs/switches/lan/trustsec/configuration/guide/trustsec/arch_over.html#52796

An engineer tests Cisco ISE posture services on the network and must configure the compliance module to automatically download and install on endpoints Which action accomplishes this task for VPN users?

1. A. Create a Cisco AnyConnect configuration and Client Provisioning policy within Cisco ISE.
2. B. Configure the compliance module to be downloaded from within the posture policy.
3. C. Push the compliance module from Cisco FTD prior to attempting posture.
4. D. Use a compound posture condition to check for the compliance module and download if needed.

Correct Answer: A

Which two fields are available when creating an endpoint on the context visibility page of Cisco IS? (Choose two)

1. A. Policy Assignment
2. B. Endpoint Family
3. C. Identity Group Assignment
4. D. Security Group Tag
5. E. IP Address

Correct Answer: AC

An engineer is unable to use SSH to connect to a switch after adding the required CLI commands to the device to enable TACACS+. The device administration license has been added to Cisco ISE, and the required policies have been created. Which action is needed to enable access to the switch?

1. A. The ip ssh source-interface command needs to be set on the switch
2. B. 802.1X authentication needs to be configured on the switch.
3. C. The RSA keypair used for SSH must be regenerated after enabling TACACS+.
4. D. The switch needs to be added as a network device in Cisco ISE and set to use TACACS+.

Correct Answer: D

An organization wants to implement 802.1X and is debating whether to use PEAP-MSCHAPv2 or
PEAP-EAP-TLS for authentication. Drag the characteristics on the left to the corresponding protocol on the right.

Solution:


Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A