Questions for the 300-715 were updated on : Dec 25 ,2025
What is the difference between how RADIUS and TACACS+ handle encryption?
C
A user misplaces a personal phone and wants to blacklist the device from accessing the company
network. The company uses Cisco ISE for corporate and BYOD device authentication. Which action
must the user take in Cisco ISE?
C
Which platform does a Windows-based device download the Network Assistant Manager from?
D
The security engineer for a company has recently deployed Cisco ISE to perform centralized
authentication of all network device logins using TACACS+ against the local AD domain. Some of the
other network engineers are having a hard time remembering to enter their AD account password
instead of the local admin password that they have used for years. The security engineer wants to
change the password prompt to "Use Local AD Password:" as a way of providing a hint to the
network engineers when logging in. Under which page in Cisco ISE would this change be made?
A
An administrator must provide network access to legacy Windows endpoints with a specific device
type and operating system version using Cisco ISE profiler services. The ISE profiler services and
access switches must be configured to identify endpoints using the dhcp-class-identifier and
parameters-request-list attributes from the DHCP traffic. These configurations were performed:
enabled the DHCP probe in Cisco ISE
configured the Cisco ISE PSN interface to receive DHCP packets
configured the attributes in custom profiling conditions
configured a custom profiling policy
configured an authorization rule with permit access
Which action completes the configuration?
A
A Cisco ISE administrator must authenticate users against Microsoft Active Directory. The solution
must meet these requirements:
Users and computers must be authenticated.
User groups must be retrieved during authentication.
Which protocol must be added to the allowed protocols on the policy to authenticate the users?
D
An engineer must configure guest access on Cisco ISE for company visitors. Which step must be taken
on the Cisco ISE PSNs before a guest portal is configured?
D
Which action must be taken before configuring the Secure Client Agent profile when creating the
Secure Client configuration for ISE posture services?
D
An engineer is configuring a new Cisco ISE node. The Cisco ISE must make authorization decisions
based on the threat and vulnerability attributes received from the threat and vulnerability adapters.
Which persona must be enabled?
C
An administrator must configure Cisco ISE to send CoA requests to a Cisco switch using SNMP. These
configurations were already performed:
enabled SNMP on the switch
added the switch to Cisco ISE
configured a network device profile
configured the NAD port detection method
configured the operation to be performed on the switch port
configured an authorization profile
Which two configurations must be performed to send the CoA requests? (Choose two.)
A, E
A network engineer must configure BYOD using Cisco ISE. In the deployment, the users must be able
to submit CSR through the end devices. Which two features must be enabled to meet the
requirement?
(Choose two.)
C, D
Which CLI command must be configured on the switchport to immediately run the MAB process if a
non-802.1X capable endpoint connects to the port?
A
An administrator is editing a csv list of endpoints and wants to reprofile some of the devices
indefinitely before importing the list into Cisco ISE. Which field and Boolean value must be changed
for the devices before the list is reimported?
C
An engineer must use Cisco ISE profiler services to provide network access to Cisco IP phones that
cannot support 802.1X. Cisco ISE is configured to use the access switch device sensor information
system-description and platform-type to profile Cisco IP phones and allow access. Which two
protocols must be configured on the switch to complete the configuration? (Choose two.)
A, C
What is the default port used by Cisco ISE for NetFlow version 9 probe?
A