Share your SISE Experience

Hello everybody,

What occurs when a Cisco ISE distributed deployment has two nodes and the secondary node is deregistered?
A. The primary node restarts
B. The secondary node restarts.
C. The primary node becomes standalone
D. Both nodes restart.

What is correct answer ? B or D ? Please add an explaination in your reply.

—————————————————————————-

Which two components are required for creating a Native Supplicant Profile within a BYOD flow? (Choose two)
A. Windows Settings
B. Connection Type
C. iOS Settings
D. Redirect ACL
E. Operating System

What is correct answer ? B&E or C&E ? Please add an explaination in your reply.

—————————————————————————-

Which two features are available when the primary admin node is down and the secondary admin node has not been promoted? (Choose two)

A. hotspot
B. new AD user 802 1X authentication
C. BYOD
D. guest AUP

Could you confirm that the correct answer are A & D with an explaination please?

—————————————————————————-

In which scenario does Cisco ISE allocate an Advanced license?
A. guest services with dACL enforcement
B. endpoint authorization using SGA enforcement
C. dynamic device profiling
D. high availability Administrator nodes

Could you confirm that the correct answer is C ? I’m unsure with the answer B.

—————————————————————————-

Which two actions occur when a Cisco ISE server device administrator logs in to a device? (Choose two.)

A. The device queries the internal identity store.
B. The Cisco ISE server queries the internal identity store.
C. The device queries the internal identity store.
D. The Cisco ISE server queries the external identity store.
E. The device queries the Cisco ISE authorization server.

As per documentation, the correct answers are B & D. Someone can confirm ?
https://www.cisco.com/c/en/us/td/docs/security/ise/2-7/admin_guide/b_ise_27_admin_guide/b_ISE_admin_27_device_admin.html#concept_9B1DD5A7AD9C445AAC764722E6E7D32A

—————————————————————————-

what happen when an internal user is configured with an external identity store for authentication but an engineer uses the cisco ise admin portal to select an internal identity store as the identity source?
A. Authentication is granted
B. Authentication failed
C. Authentication is redirected to an external identity store
D. Authentication is redirected to an external identity store

Not sure about this question. If someone have the correct answer with explaination please.

—————————————————————————-

A network engineer is implementing cisco ISE and needs to configure 802.1x. the ports settings are configured for port-based authentication. which command should be used to complete this configuration?
A. aaa authentication dot1x default group radius
B. dot1x system-auth-control
C. authentication port-control auto
D. dot1x pae authenticator

Not sure about the correct answer, either A or B ? Someone can confirm ?

I guess that te most actual dump have 112q.

Anyone got this one ?

@YARA <—-

What occurs when a Cisco ISE distributed deployment has two nodes and the secondary node is deregistered?
A. The primary node restarts
B. The secondary node restarts.
C. The primary node becomes standalone
D. Both nodes restart.

answer D

explanation here
https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ISE_admin_guide_24/m_setup_cisco_ise.html#ID193

Hi @Kati,

I read this explaination but I’m not sure that answer D is correct because in Cisco documentation it’s said : When you make any of the following changes to a node in a Cisco ISE ISE, that node restarts, which causes a delay

-Deregister a node (Secondary to Standalone)

It’s use “that node restarts”, not both nodes restart. To conclude, the answer D can’t be the correct answer. I will said answer B.
Do you tested the deregistration node in a lab ?

Are you agree with my logic ?

Hi @Yara,

You are right!

After the deresgistration of the second node we need to click on “MAKE STANDALONE” button on primary ISE.

So the application restart on primary node too.

The question did not mention those steps.

The article bellow is about the configuation of Primary/Secondary ISE nodes.

Adding a Secondary ISE Node
https://bluenetsec.com/adding-a-secondary-ise-node/

I passed yesterday. There was about 5 questions I’d not seen before.

What occurs when a Cisco ISE distributed deployment has two nodes and the secondary node is deregistered?
A. The primary node restarts
B. The secondary node restarts.
C. The primary node becomes standalone
D. Both nodes restart.

What is correct answer ? B or D ? Please add an explaination in your reply.

Good answer is D ! I test in a lab, application server service reboot on both nodes after the deregistration of the

secondary node.

—————————————————————————-

Which two components are required for creating a Native Supplicant Profile within a BYOD flow? (Choose two)
A. Windows Settings
B. Connection Type
C. iOS Settings
D. Redirect ACL
E. Operating System

What is correct answer ? B&E or C&E ? Please add an explaination in your reply.

Good answers are B & E, Operating System & Connection type (Wireless or Wired) !

—————————————————————————-

Which two features are available when the primary admin node is down and the secondary admin node has not been promoted?

(Choose two)

A. hotspot
B. new AD user 802 1X authentication
C. BYOD
D. guest AUP
E. posture

Could you confirm that the correct answer are A & D with an explaination please?

Good answers are B & E, New AD user 802.1x authentication & Posture service !
https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ISE_admin_guide_24/m_setup_cisco_ise.html#ID59
—————————————————————————-

In which scenario does Cisco ISE allocate an Advanced license?
A. guest services with dACL enforcement
B. endpoint authorization using SGA enforcement
C. dynamic device profiling
D. high availability Administrator nodes

Could you confirm that the correct answer is C ? I’m unsure with the answer B.

Good answer is C !
https://community.cisco.com/t5/network-access-control/understand-ise-licensing/td-p/2283944

—————————————————————————-

Which two actions occur when a Cisco ISE server device administrator logs in to a device? (Choose two.)

A. The device queries the internal identity store.
B. The Cisco ISE server queries the internal identity store.
C. The device queries the internal identity store.
D. The Cisco ISE server queries the external identity store.
E. The device queries the Cisco ISE authorization server.

As per documentation, the correct answers are B & D. Someone can confirm ?
https://www.cisco.com/c/en/us/td/docs/security/ise/2-

7/admin_guide/b_ise_27_admin_guide/b_ISE_admin_27_device_admin.html#concept_9B1DD5A7AD9C445AAC764722E6E7D32A

Good answers are B and D !

The device administrator performs the task of setting up a device to communicate with the Cisco ISE server. When a device

administrator logs on to a device, the device queries the Cisco ISE server, which in turn queries an internal or external

identity store, to validate the details of the device administrator. When the validation is done by the Cisco ISE server,

the device informs the Cisco ISE server of the final outcome of each session or command authorization operation for

accounting and auditing purposes.

—————————————————————————-

what happen when an internal user is configured with an external identity store for authentication but an engineer uses the

cisco ise admin portal to select an internal identity store as the identity source?
A. Authentication is granted
B. Authentication failed
C. Authentication is redirected to an external identity store
D. Authentication is redirected to an external identity store

Not sure about this question. If someone have the correct answer with explaination please.

I think the correct answer is A.

—————————————————————————-

A network engineer is implementing cisco ISE and needs to configure 802.1x. the ports settings are configured for port-based

authentication. which command should be used to complete this configuration?
A. aaa authentication dot1x default group radius
B. dot1x system-auth-control
C. authentication port-control auto
D. dot1x pae authenticator

Not sure about the correct answer, either A or B ? Someone can confirm ?

Good answer is B ! To enable 802.1x run the command dot1x system-auth-control. Then configure the port-based authentication

on interface.

—————————————————————————-

A network engineer needs to ensure that the access credentials are not exposed during the 802.1X authentication among

components.
Which two protocols should be configured to accomplish this task? (Choose two.)
A. PEAP
B. EAP-TLS
C. EAP-MD5
D. EAP-TTLS
E. LEAP

Correct answers are A & D !
https://www.portnox.com/blog/what-is-802-1x-eap/

—————————————————————————-

1. Which Cisco ISE node does not support automatic failover?
A. Inline Posture node
B. Monitoring node
C. Policy Services node
D. Admin node

Correct answer is B !

https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ISE_admin_guide_24/m_setup_cisco_ise.html#ID59

Cisco ISE allows you to have a maximum of two nodes with this persona that can take on primary or secondary roles for high

availability. Both the primary and secondary MnT nodes collect log messages. If the primary MnT goes down, the primary PAN

points to secondary node to gather monitoring data. But the secondary node will not be promoted to primary automatically.

This should be done by manually modifying the Monitoring and Troubleshooting (MnT) role.

Automatic Failover in MnT Nodes

MnT nodes do not offer high availablity, but do offer active standby. The PSN copies operational audit data to both the

primary and secondary MnT nodes

To manually convert the secondary node to a primary node, see promote the secondary node to a primary role. If the primary

node comes back up after the secondary node was promoted, it takes the secondary role. If the secondary node was not

promoted, the primary MnT node resumes the primary role, after it comes back up.

Hope the answers will help the people who learn this certification.

Does anyone know if spoto dump is good enough to pass?

Anyone can share the vail dump

Hi anyone has latest dump pls share ,TQ

@SOC

Congrats !!!

Which dump did you use ?

@YARA
Thanks for share yours thoughts !

Hey guys

I have passed the Cisco SISE 300-715 exam with almost 1000!!

In the next comments, I will put every question I practiced as long as the questions I can remember from my exam.

Best of luck guys!

OLD BUT GOOD QUESTIONS:

What occurs when a Cisco ISE distributed deployment has two nodes and the secondary node is deregistered?
A. The primary node restarts
B. The secondary node restarts.
C. The primary node becomes standalone
D. Both nodes restart.
Answer: B
—————————————————————————-
Which two components are required for creating a Native Supplicant Profile within a BYOD flow? (Choose two)
A. Windows Settings
B. Connection Type
C. iOS Settings
D. Redirect ACL
E. Operating System
Answer: B,E
—————————————————————————-
Which two features are available when the primary admin node is down and the secondary admin node has not been promoted? (Choose two)
A. hotspot
B. new AD user 802 1X authentication
C. BYOD
D. guest AUP
E. Posture
Answer: B,E
—————————————————————————-
In which scenario does Cisco ISE allocate an Advanced license?
A. guest services with dACL enforcement
B. endpoint authorization using SGA enforcement
C. dynamic device profiling
D. high availability Administrator nodes
Answer: C
—————————————————————————-
Which two actions occur when a Cisco ISE server device administrator logs in to a device? (Choose two.)
A. The device queries the internal identity store.
B. The Cisco ISE server queries the internal identity store.
C. The device queries the internal identity store.
D. The Cisco ISE server queries the external identity store.
E. The device queries the Cisco ISE authorization server.
Answer: B,E
—————————————————————————-
what happen when an internal user is configured with an external identity store for authentication but an engineer uses the cisco ise admin portal to select an internal identity store as the identity source?
A. Authentication is granted
B. Authentication failed
C. Authentication is redirected to an external identity store
D. Authentication is redirected to an external identity store
Answer: B
—————————————————————————-
A network engineer is implementing cisco ISE and needs to configure 802.1x. the ports settings are configured for port-based authentication. which command should be used to complete this configuration?
A. aaa authentication dot1x default group radius
B. dot1x system-auth-control
C. authentication port-control auto
D. dot1x pae authenticator
Answer: B
—————————————————————————-
A network engineer needs to ensure that the access credentials are not exposed during the 802.1X authentication among
components.
Which two protocols should be configured to accomplish this task? (Choose two.)
A. PEAP
B. EAP-TLS
C. EAP-MD5
D. EAP-TTLS
E. LEAP
Answer: A,D
—————————————————————————-
1. Which Cisco ISE node does not support automatic failover?
A. Inline Posture node
B. Monitoring node
C. Policy Services node
D. Admin node
Answer: B
—————————————————————————-
In a Cisco ISE split deployment model, which load is split between the nodes?
A. AAA
B. network admission
C. log collection
D. device admission
Answer: A
—————————————————————————-
An engineer is working with a distributed deployment of cisco ise and needs to configure various network probes to collect a set of attributes from the endpoints on the network. which node should be used to accomplish this task?
A. Policy service
B. Monitoring
C. Primary policy administrator
D. PxGrid
Answer: A
—————————————————————————-
A network engineers configuring the switch to accept downloadable ACLs from a Cisco ISC server. Which two commands should be run to complete the configuration? (Choose two)
A. AAA authorization auth-proxy default group radius
B. radius server vsa sand authentication
C. radius-server attribute 8 include-in-access-req
D. IP device tracking
E. dot1x system-auth-control
Answer: D,E
—————————————————————————-
If there is a firewall between Cisco ISE and an Active Directory external identity store, which port does NOT need to be open?
A. UDP/TCP 389
B. UDP123
C. TCP 21
D. TCP 445
E. TCP 88
Answer: C
—————————————————————————-
What should be considered when configuring certificates for BYOD?
A. An endpoint certificate is mandatory for the Cisco ISE BYOD
B. An Android endpoint uses EST whereas other operation systems use SCEP for enrollment
C. The CN field is populated with the endpoint host name.
D. The SAN field is populated with the end user name
Answer: A
—————————————————————————-
During BYOD flow, from where does a Microsoft Windows PC download the Network Setup
Assistant?
A. Cisco App Store
B. Microsoft App Store
C. Cisco ISE directly
D. Native OTA functionality
Answer: C
—————————————————————————-
What allows an endpoint to obtain a digital certificate from Cisco ISE during a BYOD flow?
A. Network Access Control
B. My Devices Portal
C. Application Visibility and Control
D. Supplicant Provisioning Wizard
Answer: D
—————————————————————————-
Which protocol must be allowed for a BYOD device to access the BYOD portal?
A. HTTP
B. SMTP
C. HTTPS
D. SSH
Answer: C
—————————————————————————-
What is the custom condition that a cisco ISE authorisation policy cant match?
A. Company Contact
B. Custom
C. Time
D. Device type
e. Posture
Answer: B
—————————————————————————-
Which command displays all 802 1X/MAB sessions that are active on the switch ports of a Cisco Catalyst switch?
A. show authentication sessions output
B. show authentication sessions interface Gi1/0/x output
C. Show authentication sessions
D. show authentication sessions interface Gi 1/0/x
Answer: C
—————————————————————————-
What gives Cisco ISE an option to scan endpoints for vulnerabilities?
A. authorization policy
B. authentication policy
C. authentication profile
D. authorization profile
Answer: D
—————————————————————————-
Which interface-level command is needed to turn on 802 1X authentication?
A. aaa server radius dynamic-author
B. dot1x system-auth-control
C. authentication host-mode single-host
D. dot1x pae authenticator
Answer: D
—————————————————————————-
Client provisioning resources can be added into the Cisco ISE Administration node from which three of these? (Choose three.)
A. TFTP
B. local disk
C. Posture Agent Profile
D. www-cisco.com
E. FTP
Answer: B,C,D
—————————————————————————-
How is policy services node redundancy achieved in a deployment?
A. by enabling VIP
B. by utilizing RADIUS server list on the NAD
C. by creating a node group
D. by deploying both primary and secondary node
Answer: B
—————————————————————————-
What allows an endpoint to obtain a digital certificate from Cisco ISE during a BYOD flow?
A. Network Access Control
B. My Devices Portal
C. Application Visibility and Control
D. Supplicant Provisioning Wizard
Answer: D
—————————————————————————-
Which port does Cisco ISE use for native supplicant provisioning of a Windows laptop?
A. TCP 8905
B. CUDP 1812
C. TCP 443
D. TCP 8909
Answer: A
—————————————————————————-
Which two responses from the RADIUS server to NAS are valid during the authentication
process? (Choose two )
A. access-response
B. access-request
C. access-reserved
D. access-challenge
E. access-accept
Answer: D,E
—————————————————————————-
An administrator is adding a switch to a network that is running Cisco ISE and is only for IP Phones. The phones do not have the
ability to auto switch port for authentication?
A. enable bypass-MAC
B. dot1x system-auth-control
C. enable network-authentication
D. mab
Answer: D
—————————————————————————-
An engineer is working with a distributed deployment of Cisco ISE and needs to configure various network probes to collect a set of attributes from the used to accomplish this task?
A. monitoring
C. pxGrid
C. primary policy administrator
D. policy service
Answer: D
—————————————————————————-
Which term refers to an endpoint agent that tries to join an 802 1X-enabled network?
A. EAP server
B. supplicant
C. client
D. authenticator
Answer: B
—————————————————————————-
A user reports that the RADIUS accounting packets are not being seen on the Cisco ISE server. Which command is the user missing in the switch’s configuration?
A. radius-server vsa send accounting
B. aaa accounting network default start-stop group radius
C. aaa accounting resource default start-stop group radius
D. aaa accounting exec default start-stop group radios
Answer: B
—————————————————————————-
Which two features must be used on Cisco ISE to enable the TACACS+
feature? (Choose two.)
A. Command Sets
B. Server Sequence
C. Device Administration License
D. External TACACS Servers
E. Device Admin Service
Answer: C,E
—————————————————————————-
What is the minimum certainty factor when creating a profiler policy?
A. the minimum number that a predefined condition provides
B. the maximum number that a predefined condition provides
C. the minimum number that a device certainty factor must reach to become a member of the profile
D. the maximum number that a device certainty factor must reach to become a member of the profile
Answer: C
—————————————————————————-
What is needed to configure wireless guest access on the network?
A. endpoint already profiled in ISE
B. WEBAUTHACL for redirection
C. Captive Portal Bypass turned on
D. valid user account in Active Directory
Answer: B

NEW QUESTIONS:

1. DRAG & DROP: EAP-TLS (Use certifictes for authentication , x509 format , auto-enrollment) vs EAP-MSCHAPv2
—————————————————————————-
2. IMAGE: TACACS Shell Profile
Answer: Default: 1 , Max.Privilege: 15
—————————————————————————-
3. GUEST Question 1: A company is having a conference and it ended 2 days earlier. How can the ISE admin remove the guest accounts?
Answer: From sponsor portal suspend the guest accounts.
—————————————————————————-
4. GUEST Question 2: How can the ISE admin provide guest access if the SSID dont have any password?
Answer: Access Code on the AUP page
—————————————————————————-
5. ANCHOR WLC: Which port must open when it behind a firewall (Choose two)?
Answer: RADIUS 1812 UDP , I chose UDP 514 (syslog) not sure about this one…
—————————————————————————-
6. Question about authentication mode. If you want to allow 1 data domain and 1 voice data per switch port, which auth method should you choose?
Answer: authentication host-mode multi-domain
—————————————————————————-
7. A Cisco ISE administrator wants to authenticate endpoints from MAB to 802.1X and the operation needs to be performed during the day. How can he do it without a big impact on the network?
Answer: Session Reauthentication – CoA Reauth
—————————————————————————-
8. You have two ISE nodes deployed. What is the name of your environment?
Answer: Distributed
—————————————————————————-
9. You need to have at least one admin node always available to add configurations. What do you need?
Answer: 1 Primary admin node and 1 Secondary admin node

61 questions
1 Drang and Drop
60 Single/Multiple Choice

I had a few more new questions but I can’t remember them exactly… They are easy, you just need to think a little bit!

Check this file (Remove spaces): h tt p s:// vce plus. com/ exam -300 -715 /

Like I said, I took almost 1000 on my exam, so you can trust on my answers. There are a lot of dumps with wrong questions, dont trust them!

I work with ISE almost everyday and I have studied a lot for this exam. On the link above, all the answer that are not the same as mine, are wrong!

Good luck to you all!

Hi Pipi94 (french guys ?)

Thank for your comment but I have question about some answers.

What occurs when a Cisco ISE distributed deployment has two nodes and the secondary node is deregistered?
A. The primary node restarts
B. The secondary node restarts.
C. The primary node becomes standalone
D. Both nodes restart.
Answer: B

Are you sure about this answer ? I tested a deregistrered node in a lab, as result Application server service restart on both nodes when the secondary node is deregistered.
I’m not agree with your answer.

—————————————————————————-
Which two actions occur when a Cisco ISE server device administrator logs in to a device? (Choose two.)
A. The device queries the internal identity store.
B. The Cisco ISE server queries the internal identity store.
C. The device queries the internal identity store.
D. The Cisco ISE server queries the external identity store.
E. The device queries the Cisco ISE authorization server.
Answer: B,E

As per cisco documentation, https://www.cisco.com/c/en/us/td/docs/security/ise/2-7/admin_guide/b_ise_27_admin_guide/b_ISE_admin_27_device_admin.html#concept_9B1DD5A7AD9C445AAC764722E6E7D32A

The device administrator performs the task of setting up a device to communicate with the Cisco ISE server. When a device

administrator logs on to a device, the device queries the Cisco ISE server, which in turn queries an internal or external

identity store, to validate the details of the device administrator. When the validation is done by the Cisco ISE server,

the device informs the Cisco ISE server of the final outcome of each session or command authorization operation for

accounting and auditing purposes.

For me, answer B/D and E are correct. Why you select internal identity store as anwser rather than external identity store ?

—————————————————————————-
—————————————————————————-
What is the custom condition that a cisco ISE authorisation policy cant match?
A. Company Contact
B. Custom
C. Time
D. Device type
e. Posture
Answer: B

Are you sure about Custom answer ?

—————————————————————————-
How is policy services node redundancy achieved in a deployment?
A. by enabling VIP
B. by utilizing RADIUS server list on the NAD
C. by creating a node group
D. by deploying both primary and secondary node
Answer: B

Why the correct answer isn’t C. Node group is used for session redundancy between PSN.

A network engineers configuring the switch to accept downloadable ACLs from a Cisco ISC server. Which two commands should be run to complete the configuration? (Choose two)
A. AAA authorization auth-proxy default group radius
B. radius server vsa sand authentication
C. radius-server attribute 8 include-in-access-req
D. IP device tracking
E. dot1x system-auth-control
Answer: D,E
I think this answer “E” is wrong, Based on cisco document the correct should be “B” and “D”

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_8021x/configuration/xe-3se/3850/sec-user-8021x-xe-3se-3850-book/sec-802x-acl-support.html

i guess Pipi94 is another spammer trying to sell invalid dump with tons of wrong answers.
beware !!!

Yara and wil are bringing the right answers

Hi all, pls b careful with spammers who put up high scores & lure you to their sites.

@Kati & @Careful

I don’t know if Pipi94 is a spammer or not. I hope not but I never won’t be.

What is the custom condition that a cisco ISE authorisation policy cannot match?
A. Company Contact
B. Custom
C. Time
D. Device type
e. Posture
Answer: B

Do you know the correct answer ? Is it company contact ?
On ISE 2.4, I found posture, device type and time attribute but not custom or company contact.

Hi @Wil,

Yes, I confirm that the correct answers are B & D.

A network engineers configuring the switch to accept downloadable ACLs from a Cisco ISC server. Which two commands should be run to complete the configuration? (Choose two)
A. AAA authorization auth-proxy default group radius
B. radius server vsa sand authentication
C. radius-server attribute 8 include-in-access-req
D. IP device tracking
E. dot1x system-auth-control
Answer: D,E
I think this answer “E” is wrong, Based on cisco document the correct should be “B” and “D”

Hello everybody, has someone tha valid dump ? I didn´t pass the exam this week. I saw a lot of dump, with different answers, now I´m little bit confused, what ist correct.

Thanks a lot

@ISE

sorry to hear that, I hope that you will succeed next time.

Which dump do you use? How many question in file ?

thanks

@KATI

I had dumps, where was 82Q, the exam was really hard and a lot of new questions. For example, new image with Privileges, new drag and drop, i think 2 questions was something with conference.

I saw a lot of dumps, butthere is so much wrongs replies, i don´t know, if i can believe.

@ISE

there are two version of dump for this exam

One from April’20 with 84q and other from December’20 with 103q

Both are outdated.

There are a new dump with 112q, but i did not found to download yet.

If i found i’ll share with you all

Even the most recent dump have wrong answers, so its very important to check every question with official documentation.

Unfortunately some questions are tricky and very hard to find the right answer.

@Anonymus yes you are right.

It will be great, and i will be you thankfull.

I don’t want to lose again 314 Euro.

Thank you again

@Anonymous

can you please tell us which dump did you use ?

112 from lead2pass i passleader are from december
103 from lead4pass is from january
so outofdate

@ISE

Can you please verify if all new questions what you saw in the test are the same Pipi94 put here ?

Thanks.

@wil

Exactly These question had I at Monday. They were absolut New for me.

@ISE,

Ok ISE, you had the question that Pipi94 shared in the exam test.
Could you tell us which answers did you have reply for each questions please ?

Regards.

@ISE,

What is your score when you passed the exam ?

Regards.

@Yara i did not Pass the exam. 755 had I, was needed 825

I have dump 102q and 66q chinese , can someone validate if valid? I believe the 66q is march 24 update

@DUTERTE

If you can, share with us. Its the the best way to see if que questions are up-to-date.

@Yara
I can not all remember, the question regarding conference was, how can you blocked the users, the possibilities was something with AUP policy

Image die to privilige Mode Tacacs , possibilities was 0 15, 4 15,1 15

One more question with conference,

New drag and drop due tu EAP and Eap-Mschapv2, 6 possibilities, for every were 3 correct.

Sorry more i can not remember

Found the link with 66q.

its a chinese forum, remove spaces bellow

bbs. hh010. com/ thread-604292-1-1. html

I tried to register, but i got error.

if anyone get access, please share with us.

according from the post, the guy pass using this file on March 31th,2021

Can someone help us with others Possibilities?

DRAG & DROP: EAP-TLS vs MSCHAPv2
Possibilities:

1. Use certificates for authentication
2. x509 format
3. auto-enrollment
4. more secure

Best regards.

Is dump 65q is the valid dump

@kati,

The website bbs. hh010. com is only for China users and require a China phone number only. I sent a email to know if we can use a workaround.

Precautions

The forum is only open to registration for users with mobile phone numbers in mainland China, and does not support 170/171 numbers. If you cannot receive SMS, please check whether SMS blocking is enabled. If you cannot register, please contact the forum customer service

Notice

The forum is only open for users with mobile phone numbers in mainland China,Users in other regions please connect to us

Email: {email not allowed}

@Kati

Here the reply of the support by email:

Please pay 80 USD to the PayPal account( service @ hh010 . com )，after paying you will be the forum lifetime super vip and can download attachments no need points,when you payed sending your register information (username,password,email) to service @ hh010 . com

As you can see, the registration isn’t free for all other people in the world :/

@Anonymus you are liar, you Want the money from People, but you give a wrong, and not actual dump, all what you Want is only money from People.

LIAR LIAR LIAR LIAR LIAR LIAR LIAR

@admin please Block this User.

Do not trust HIM, no short URL sites

Thank you regardd

@ISE or Kati, or other people,

As Kati said, there is a dump on these website :

https : //bbs . hh010 . com/ thre ad-604 292-1- 1.html

But to create and register an account, we have to use a China phone number.

https : // bbs . hh010 . com / member . php?mod =register

The solution could be to use a china phone number website like this -> https : //receive-sms . cc/China- Phone-Number/

I tried to create an account but I’m blocked when I tried to send a sms verification code. I entered the verification code but when I click on submit I received an error occured:sending failed.

Someone can test and tell us if he success the registration ?

Regards.

@Kati, ISE and other people,

I tried to create an account on bbs. hh010. com/ thread-604292-1-1. html but i’m blocked when I want to send the sms verification code, an error occur.

You can find a china phone number in searching on google website.

Coud you test if it’s work for you ?

Hi Friends !

@YARA

I got the same reply from the chinese forum, pay $80 to access the forum.

I tried too use any online sms site with china number but i got the error on form like you said.

For now, the best file is the 103q plus some news questions that were posted here.

If i got any news i’ll share with you guys.

Regards.

Perhaps spoto dump has the correct answers? not sure i`m thinking to purchase it from them.

@Yara

I tried it, do not work.

@Kati, @ISE,

I’m trying to get the dump with the friend’s help.

I will keep you informed.

Regards.

fake marks posted & bring to their websites with fake/invalid dumps.such as like above asking us to remove aaaa,dddd,eeee etc.

Careful guys.spammers using our urgency/ desperations for dumps for their gains.

who will take exam? I would want to share 66q chinese dumb drop your email

@Duterte

Can you please share with us the dump

Lydiahricova at Gmail dot com

Hi DUTERTE,

This is the last chinese dump ? If yes, could you send me at :

ha hi he 75 at hotmail dot fr please

Regards.

do you have telegram? I can send it out there

Passed today with score 950 all questions from 66q dump

@MMM,

Could you share the 66q dump please ?

Regards.

@DUTERTE,

I don’t have telegram. Please send me an email.

Regards

hi, if dont mind pls share 66q dump, tq

@MMN

Cool, congrats !

Where did you get the 66q file ?

If you can, share with us.

@Duterte

I did not receiver. Please try again

Lydiahricova @ Gmail. com

Remove spaces

Can you please send me the Dumb to this address : EstherGomez2015 at gmail . com

Hi everybody

Did you receive the dump from ‘DUTERTE’ ?

regards

@ISE , @Kati , @Yara or @Duterte.

Can you please send me the Dumb to this address EstherGomez2015 at gmail . com

Remove spaces.

@DUTERTE @ISE @ Yara
Kindly send me file manih99 at yahoo dot com
Thanks for your efforts

Im selling the valid 66q dumb for only $20

@Mh,

For the moment, neither me, neither ISE/Kati have the dump.

Only DUTERTE and MMM apparently but we are still waiting for the sharing by DUTERTE and MMM.

Regards.

An engineer is tasked with placing a guset access anchor controller in the DMZ. which two ports must be opened up on the firewall to accomplishe this task?
udp port 1812 radius
tcp port 116
tcp 514
udp 79
ud 16666
?

An engineer is tasked with placing a guset access anchor controller in the DMZ. which two ports must be opened up on the firewall to accomplishe this task?
udp port 1812 radius
tcp port 161
tcp 514
udp 79
udp 16666
?

an engineer is testing cisco ise policies in a lab environment with no support for a deployment server. in order to push supplicant profiles to the workstations for testing, firewall ports will need to be opened. from which cisco ise persona should this traffica be originated?
monitoring
policy service
administration
authentication
?

@Quest,

Could you share all questions do you have please ?

For first question: answer 1812 & 514

UDP 161 and 162 for SNMP
UDP 69 for TFTP
TCP 80, 443 and 8443 for HTTP, or HTTPS for GUI access
TCP 23 or 22 for Telnet, or SSH for CLI access
UDP 123 for NTP
TCP 514 for Syslog
UDP 1812 and 1813 RADIUS

https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-1/Enterprise-Mobility-8-1-Design-Guide/Enterprise_Mobility_8-1_Deployment_Guide/WirelessNetwork_GuestAccessService.html

For second question: policy service

Update to the first question :

Correct answers are :
– UDP port 16666 for inter-WLC communication
– IP protocol ID 97 Ethernet in IP for client traffic

https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-1/Enterprise-Mobility-8-1-Design-Guide/Enterprise_Mobility_8-1_Deployment_Guide/WirelessNetwork_GuestAccessService.html

http://what-when-how.com/deploying-and-troubleshooting-cisco-wireless-lan-controllers/centralized-traffic-flow-with-guest-access-cisco-wireless-lan-controllers-part-1/

https://community.cisco.com/t5/wireless/guest-anchor-dmz-firewall-rule-changes/td-p/2785285

What is correct ?

An administrator is adding a switch to a network that is running Cisco ISE and is only for IP Phones. The phones do not
have the ability to auto switch port for authentication?
A. enable bypass-MAC
B. dot1x system-auth-control
C. mab
D. enable network-authentication

advanget EAP-TLS over EAP ms chapv2

eap tls uses a username and password for authentication , eap ms chap doesnt
eap tls secures the exchange of credentials, eap ms chapv2 doesnt
eap tls uses a device certificate fo authentication to enhance secuurity , eap ms chapv2 doesnt
eap tls uses multiple forms of authentication , eap ms chapv2 only one
?

@ISE good answer is C “MAB”.

@Quest good answer is “eap tls uses a device certificate fo authentication to enhance secuurity , eap ms chapv2 doesnt”

I found these questions in a new dump. Someone has already see this question in the exam ?

What is a function of client provisioning?

A. Client provisioning checks the existence, date, and versions of the file on a client.
B. Client provisioning ensures that endpoints receive the appropriate posture agents.
C. Client provisioning checks a dictionary attribute with a value.
D. Client provisioning ensures an application process is running on the endpoint.
Answer: D (be careful, I think the answer is bad)

For me, B & C answers are correct.

Here Cisco doc:
Client Provisioning Overview

Cisco Identity Services Engine (ISE) looks at various elements when classifying the type of login session through which users access the internal network, including:

•Client machine operating system and version

•Client machine browser type and version

•Group to which the user belongs

•Condition evaluation results (based on applied dictionary attributes)

After Cisco ISE classifies a client machine, it uses client provisioning resource policies to ensure that the client machine is set up with an appropriate agent version, up-to-date compliance modules for antivirus and antispyware vendor support, and correct agent customization packages and profiles, if necessary.

What is the deployment mode when two Cisco ISE nodes are configured in an environment?

A. standard
B. active
C. distributed
D. standalone

Answer: C (verified by me)

A network security engineer needs to configure 802.1X port authentication to allow a singlehost to be authenticated for data and another single host to be authenticated for voice. Whichcommand should the engineer run on the interface to accomplish this goal?

A. authentication host-mode multi-domain
B. authentication host-mode multi-auth
C. authentication host-mode multi-host
D. authentication host-mode single-host

Answer: A (verified by me)

@Yara, yes it was on exam

admin is attpempting to replace the build-in self-signed cert on ISE appliance. CA is request some information about the appliance in order to sing the nwe certificate. what must be done in order to provide the ca this informwation?

install the root ca and intermediate CA
generate csr
donwload the intermediate server certificate
download the ca server certificate
?
imo generate crs

Hello everybody,

Today I passed, score 850/1000.

@Yara – exactly this questions had i.

A network security engineer needs to configure 802.1X port authentication to allow a singlehost to be authenticated for data and another single host to be authenticated for voice. Whichcommand should the engineer run on the interface to accomplish this goal?

A. authentication host-mode multi-domain
B. authentication host-mode multi-auth
C. authentication host-mode multi-host
D. authentication host-mode single-host

admin is attpempting to replace the build-in self-signed cert on ISE appliance. CA is request some information about the appliance in order to sing the nwe certificate. what must be done in order to provide the ca this informwation?

install the root ca and intermediate CA
generate csr
donwload the intermediate server certificate
download the ca server certificate

An administrator is adding a switch to a network that is running Cisco ISE and is only for IP Phones. The phones do not
have the ability to auto switch port for authentication?
A. enable bypass-MAC
B. dot1x system-auth-control
C. mab
D. enable network-authentication

What is the deployment mode when two Cisco ISE nodes are configured in an environment?

A. standard
B. active
C. distributed
D. standalone

I have one dump, if anyone interested is, write me mail

@ISE,

Thank for your experience.

Could you send me your dump please ?

my mailbox -> hahihe75 at hotmail dot fr

Dumb sent to your respective emails 66q and 102q,

Please Confirm if valid

To answer to your exam questions @ISE, here the correct answers:

A network security engineer needs to configure 802.1X port authentication to allow a singlehost to be authenticated for data and another single host to be authenticated for voice. Whichcommand should the engineer run on the interface to accomplish this goal?

A. authentication host-mode multi-domain

admin is attpempting to replace the build-in self-signed cert on ISE appliance. CA is request some information about the appliance in order to sing the nwe certificate. what must be done in order to provide the ca this informwation?

generate csr

An administrator is adding a switch to a network that is running Cisco ISE and is only for IP Phones. The phones do not
have the ability to auto switch port for authentication?

C. mab

What is the deployment mode when two Cisco ISE nodes are configured in an environment?

C. distributed

@YARA

“1. Which Cisco ISE node does not support automatic failover?
A. Inline Posture node
B. Monitoring node
C. Policy Services node
D. Admin node

Correct answer is B !

https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ISE_admin_guide_24/m_setup_cisco_ise.html#ID59

Cisco ISE allows you to have a maximum of two nodes with this persona that can take on primary or secondary roles for high

availability. Both the primary and secondary MnT nodes collect log messages. If the primary MnT goes down, the primary PAN

points to secondary node to gather monitoring data. But the secondary node will not be promoted to primary automatically.

This should be done by manually modifying the Monitoring and Troubleshooting (MnT) role.

Automatic Failover in MnT Nodes

MnT nodes do not offer high availablity, but do offer active standby. The PSN copies operational audit data to both the

primary and secondary MnT nodes

To manually convert the secondary node to a primary node, see promote the secondary node to a primary role. If the primary

node comes back up after the secondary node was promoted, it takes the secondary role. If the secondary node was not

promoted, the primary MnT node resumes the primary role, after it comes back up.

Hope the answers will help the people who learn this certification.”

correct is C, cant be MnT

https://www.cisco.com/c/en/us/td/docs/security/ise/2-7/admin_guide/b_ise_27_admin_guide/b_ISE_admin_27_deployment.html#ID616

If you have two MnT nodes in a deployment, you can configure a primary-secondary pair for automatic failover to avoid downtime in the Cisco ISE Monitoring service. A primary-secondary pair ensures that a secondary MnT node automatically provides monitoring should the primary node fail.

1. Which Cisco ISE node does not support automatic failover?
A. Inline Posture node
B. Monitoring node
C. Policy Services node
D. Admin node
Answer: B

cant be B

If you have two MnT nodes in a deployment, you can configure a primary-secondary pair for automatic failover to avoid downtime in the Cisco ISE Monitoring service. A primary-secondary pair ensures that a secondary MnT node automatically provides monitoring should the primary node fail.

@ISE

great news, congrats !!!

Could you send me your dump too ?

my mailbox -> kati443cz at protonmail dot com

best wishes

@Quest, You are wrong.

MnT nodes do not offer high availablity, but do offer active standby. The PSN copies operational audit data to both the

primary and secondary MnT nodes

To manually convert the secondary node to a primary node, see promote the secondary node to a primary role.

Correct answer is Mnt node.

@DUTERTE@YARA@KATI

pls share the dumps 66q & 102q to : peacekriston007 at gmail dot com

TQ

An administrator is configuring posture with cisco ise and wants to check that specific service are present on the workstations that are attempting to access to network. what must be configured to accomplish this goal?

A. Create a Registry posture condition using a non-OPSWAT API version
B. Create an application posture condition using a OPSWAT API Version.
D. Create a service posture condition using a non-OPSWAT API Version.

I think the correct answer is D. wha is the correct answer for you ?

@Wil

D. Create a service posture condition using a non-OPSWAT API Version.

correct

Not sure about the answers of this question :

What must be configured on the WLC to configure Central Web Authentication using Cisco ISE and a WLC?
A. Set the NAC State option to SNMP NAC.
B. Set the NAC State option to RADIUS NAC.
C. Use the radius-server vsa send authentication command.
D. Use the ip access-group webauth in command.
Answer: C
For me the correct answer is B.
https://www.cisco.com/c/en/us/td/docs/wireless/controller/7-4/configuration/guides/consolidated/b_cg74_CONSOLIDATED/b_cg74_CONSOLIDATED_chapter_010101111.html

@YARA

in my opinion also B
B. Set the NAC State option to RADIUS NAC.

@ISE

Kindly share the 66q with 120q at manih99 at yahoo dot com

Hi Guys!
please help with 300-715 for exam preparation.
thanks

Hi Guys!
please help with 300-715 for exam preparation.
thanks
sikirubolaji @ gmail . com

There are new dumps from braindump on the google drive folder. If you don’t have the link you can find it in a YouTube video that was uploaded 5 days ago. It’s the first search result.

Tomorrow I will post some questions that I believe are wrong so we can discuss!

Which scenario does not support Cisco ISE guest services?

A.
wired NAD with local WebAuth

B.
wirelessLAN controllerwith central WebAuth

C.
wirelessLAN controller with local WebAuth

D.
wired NAD with central WebAuth

what is the correct answer for you ?

hi WIL

for me its A. wired NAD with local WebAuth

Question how do you guys study for this exam? The Cisco press book alone is 2542 pages wtf.

@Kyleman,

We read the Cisco press book, it’s very long !

I passed the exam yesterday with succes. All the question are in the 66Q and 102Q Chinese.dumps. No new question.

Question: Is anybody want to take the PCNSA certification (Palo Alto) soon ?

Regards.

@ Congrats Yara

Could you share the dumps with corrected answer at manih at yahoo . com
Next week my exam is schedule

Regards.

@DUTERTE
Can you share the chinese dumb with me please ed . go at live . com ?

@DUTERTE @YARA @KATI

pls share the dumps 66q & 102q ed . go at live . com ?

@YARA @Duterte @Kati can you send the 66 and 102q to me wetlordkilla at gmail . com