Cisco 300-715 Free Certification Exam Questions Answer Jan 2026 update

Refer to the exhibit.

Which two configurations are needed on a catalyst switch for it to be added as a network access device in a Cisco ISE that is being used for 802 1X authentications? (Choose two )

Option A

Option B

Option C

Option D

Option E

Question # 42

A network administrator is configuring a new access switch to use with Cisco ISE for network access control. There is a need to use a centralized server for the reauthentication timers. What must be configured in order to accomplish this task?

Configure Cisco ISE to replace the switch configuration with new timers.

Configure Cisco ISE to block access after a certain period of time.

Issue the authentication timer reauthenticate server command on the switch.

Issue the authentication periodic command on the switch.

Question # 43

There are several devices on a network that are considered critical and need to be placed into the ISE database and a policy used for them. The organization does not want to use profiling. What must be done to accomplish this goal?

Enter the MAC address in the correct Endpoint Identity Group.

Enter the MAC address in the correct Logical Profile.

Enter the IP address in the correct Logical Profile.

Enter the IP address in the correct Endpoint Identity Group.

Question # 44

An engineer deploys Cisco ISE and must configure Active Directory to then use information from Active Directory in an authorization policy. Which two components must be configured, in addition to Active Directory groups, to achieve this goat? (Choose two )

Active Directory External Identity Sources

Library Condition for External Identity. External Groups

Identity Source Sequences

LDAP External Identity SourcesE Library Condition for Identity Group: User Identity Group

Question # 45

What must be configured on the Cisco ISE authentication policy for unknown MAC addresses/identities for successful authentication?

pass

reject

drop

continue

Question # 46

Which two task types are included in the Cisco ISE common tasks support for TACACS+ profiles?

(Choose two.)

Firepower

WLC

IOS

ASA

Shell

Explanation:

https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_0100010.html

TACACS+ Profile

TACACS+ profiles control the initial login session of the device administrator. A session refers to each individual authentication, authorization, or accounting request. A session authorization request to a network device elicits an ISE response. The response includes a token that is interpreted by the network device, which limits the commands that may be executed for the duration of a session. The authorization policy for a device administration access service can contain a single shell profile and multiple command sets. The TACACS+ profile definitions are split into two components:

Common tasks

Custom attributes

There are two views in the TACACS+ Profiles page (Work Centers > Device Administration > Policy Elements > Results > TACACS Profiles)—Task Attribute View and Raw View. Common tasks can be entered using the Task Attribute View and custom attributes can be created in the Task Attribute View as well as the Raw View.

The Common Tasks section allows you to select and configure the frequently used attributes for a profile. The attributes that are included here are those defined by the TACACS+ protocol draft specifications. However, the values can be used in the authorization of requests from other services. In the Task Attribute View, the ISE administrator can set the privileges that will be assigned to the device administrator. The common task types are:

Shell

WLC

Nexus

Generic

The Custom Attributes section allows you to configure additional attributes. It provides a list of attributes that are not recognized by the Common Tasks section. Each definition consists of the attribute name, an indication of whether the attribute is mandatory or optional, and the value for the attribute. In the Raw View, you can enter the mandatory attributes using a equal to (=) sign between the attribute name and its value and optional attributes are entered using an asterisk (*) between the attribute name and its value. The attributes entered in the Raw View are reflected in the Custom Attributes section in the Task Attribute View and vice versa. The Raw View is also used to copy paste the attribute list (for example, another product's attribute list) from the clipboard onto ISE. Custom attributes can be defined for nonshell services.

Question # 47

An engineer is configuring ISE for network device administration and has devices that support both protocols. What are two benefits of choosing TACACS+ over RADUs for these devices? (Choose two.)

TACACS+ is FIPS compliant while RADIUS is not

TACACS+ is designed for network access control while RADIUS is designed for role-based access.

TACACS+ uses secure EAP-TLS while RADIUS does not.

TACACS+ provides the ability to authorize specific commands while RADIUS does not

TACACS+ encrypts the entire payload being sent while RADIUS only encrypts the password.

Question # 48

A network engineer must configure a policy rule to check the endpoint. The policy must ensure disk encryption is enabled and the appropriate antivirus software version is installed. Which configuration must the engineer apply to the rule?

dictionary simple condition

simple posture condition

dictionary compound condition

compound posture condition

Question # 49

An administrator is editing a csv list of endpoints and wants to reprofile some of the devices indefinitely before importing the list into Cisco ISE. Which field and Boolean value must be changed for the devices before the list is reimported?

Identity Group Assignment field and Static Assignment field set to the value FALSE

Policy Assignment field and Static Assignment field set to the value TRUE

Policy Assignment field and Static Assignment field set to the value FALSE

Identity Group Assignment field and Static Assignment field set to the value TRUE

Question # 50

An administrator is configuring RADIUS on a Cisco switch with a key set to Cisc403012128 but is receiving the error “Authentication failed: 22040 Wrong password or invalid shared secret. “what must be done to address this issue?

Add the network device as a NAD inside Cisco ISE using the existing key.

Configure the key on the Cisco ISE instead of the Cisco switch.

Use a key that is between eight and ten characters.

Validate that the key is correct on both the Cisco switch as well as Cisco ISE.

New Year Sale Special - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sntaclus

Free Practice Questions for Cisco 300-715 Exam

The Answer Is:

The Answer Is:

The Answer Is:

The Answer Is:

The Answer Is:

Explanation:

The Answer Is:

Explanation:

The Answer Is:

The Answer Is:

The Answer Is:

The Answer Is: