Share your SISE Experience

please help in finding question.

@SysAdmin could you please share some of the questions you may remember from you experience?

@Jony & Anonymous please share the latest dump with new question

I´m doing my exam in a couple of days, I’ve already study all the material I’ve found on this site.

Unfortunately the dumps don’t seems to be enough to pass.

Does somebody have newer ones?

@Mint if u get smthing please share if i het smthing i wi def share. Seems passleader 173 is tje valid one and i habe not seen it as yet

Someone some days ago posted here that Passleader was valid dumps. However, the comment was deleted.

I was doing some reasearch on passleader, and it does not seem to have any updated version of the exam. I may be wrong.

@SysAdmin shared that almost half of the question in real exam were new and heavily focused on posture.

I guess the best we can do is: or study heavily on posture (which I am doing to have better chance to pass) or wait @SysAdmin or someone else to share the experience/questions

A network administrator is configuring a secondary cisco ISE node from the backup configuration of the primary cisco ISE node to create a high availability pair. The Cisco ISE CA certificates and keys must be manually backed up from the primary Cisco ISE
and copied into the secondary Cisco ISE. Which command most be issued for this to work?

A. copy certificate Ise
B. application configure Ise*********************
C. certificate configure Ise
D. Import certificate Ise

Answer: B

Export and Import Internal CA Store
To export Cisco ISE CA certificates and keys from the primary Administration Node (PAN) to be able to import them to the secondary Administration Node in case of a PAN failure, use the application configure command in EXEC mode.

When you promote your secondary Administration Node to become the primary Administration Node (PAN), you must import the Cisco ISE CA certificates and keys that you have exported from the original PAN.

To export a copy of the Cisco ISE CA certificates and keys, use option 7 in the application configure ise command.

To import a copy of the Cisco ISE CA certificates and keys, use option 8 in the application configure ise command.

https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/cli_guide/b_ise_CLIReferenceGuide_24/b_ise_CLIReferenceGuide_24_chapter_01.html#wp1286764740

QUESTION 155
An employee logs on to the My Devices portal and marks a currently on-boarded device as `Lost’. Which option is correct?

A. Certificates provisioned to the device are not revoked*************************
B. BYOD Registration status is updated to No
C. The device access has been denied**************************************
D. BYOD Registration status is updated to Unknown.
E. The device status is updated to Stolen

Answer: A, C

EP status changed to Lost by owner or admin. When you identify a device as lost, when you identify a device as stolen, the system prevents the device from connecting to the network. Once reinstated, the status will revert to previous state prior to reporting as Lost. Devices reported as Lost are assigned to the Blacklist Identity Group.

BYOD issued certificates can be revoked by end user via MDP when the endpoint is marked as stolen. However, as ISE admin user, one can login to the Admin GUI and also manage the endpoint certificates as well as monitor the status of the certificates. To revoke certificates from the admin console, go to Administration > System > Certificates > Certificate Authority > Issued Certificates, select the certificate to be revoked and click Revoke. The revoked certificate cannot be undone and if the endpoint needs to get certificate re-issued, the user has to go through the BYOD flow again.

@Fer where are u getting these questions from… Please share

QUESTION 166
A network engineer has been tasked with enabling a switch to support standard web authentication for Cisco ISE.
This must include the ability to provision for URL redirection on authentication.
Which two commands must be entered to meet this requirement? (Choose two)

A. Ip http secure-authentication
B. Ip http server**********************
C. Ip http redirection
D. Ip http secure-server******************
E. Ip http authentication

Answer: B, D

https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_sw_cnfg.html

Ensure you include the following command lines in your switch configuration to enable standard Web Authenticating functions for Cisco ISE, including provisions for URL redirection upon authentication.

ip classless
ip route 0.0.0.0 0.0.0.0 10.1.2.3
ip http server
! Must enable HTTP/HTTPS for URL-redirection on port 80/443
ip http secure-server

@Anonymous

These questions were posted by someone in previous comments.. I am just helping out correcting the answers.

Where have yall gotten dumps from ? Looking to test out in the next 3 weeks

Did anyone recently take the ISE exam? Please share your feedback.

Guys i want to study SISE 300-715 does it have a Premium as SCOR. Please help with link

Anyone has comment on the answer of this question:

QUESTION 172
An administrator is configuring RADIUS on a Cisco switch with a key set to Cisc403012128 but is receiving the error “Authentication failed: 22040 Wrong password or invalid shared secret.”.
What must be done to address this issue?

A. Add the network device as a NAD inside Cisco ISE using the existing key
B. Configure the key on the Cisco ISE instead of the Cisco switch
C. Use a key that is between eight and ten characters
D. Validate that the key is correct on both the Cisco switch as well as Cisco ISE

A and D seem correct. what is most accurate? let’s share some thoughts!!

D is correct

User Authentication Failed
Symptoms or Issue

Authentications report failure reason: “Authentication failed: 22040 Wrong password or invalid shared secret”

Conditions

Click the magnifying glass icon in Authentications to view the steps in the authentication report that should display a brief series of messages as follows:

•24210 Looking up User in Internal Users IDStore – test-radius

•24212 Found User in Internal Users IDStore

•22040 Wrong password or invalid shared secret

Possible Causes

The user or device may not be supplying the correct credentials or RADIUS key to match with the external authentication source.

Resolution

Verify that the user credentials that are entered on the client machine are correct, and verify that the RADIUS server shared secret is correctly configured in both the NAD and Cisco ISE (they should be the same).

https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_troubleshooting.html

Thanks @mms for you input!

Let’s discuss some other questions:

QUESTION 161
An engineer is creating a new TACACS* command set and cannot use any show commands after togging into the device with this command set authorization. Which configuration is causing this issue?

A. Question marks are not allowed as wildcards for command sets.
B. The command set is allowing all commands that are not in the command list
C. The wildcard command listed is in the wrong format**************************
D. The command set is working like an ACL and denying every command.

In previous comment in this forum, I shared a link about this question and topic. After thinking about what is the “most accurate answer” for me is C

If you have a different opinion, please let me know your thoughts.

QUESTION 162
An organization is migrating its current guest network to Cisco ISE and has 1000 guest users in the current database. There are no resources to enter this information into the Cisco ISE database manually.
What must be done to accomplish this task effciently?

A. Use a CSV file to import the guest accounts*********
B. Use SOL to link me existing database to Ctsco ISE
C. Use a JSON fie to automate the migration of guest accounts
D. Use an XML file to change the existing format to match that of Cisco ISE

For this question, I understand we can just export the database in a CVS file and the import it into ISE, which reduce the burden of creating each account manually. With this logic, answer A seems correct. Let know your thoughts as well… not sure what kind of automation would do this task easier.

QUESTION 163
MacOS users are complaining about having to read through wordy instructions when remediating their workstations to gam access to the network. Which alternate method should be used to tell users how to remediate?

A. URL link
B. message text
C. executable
D. file distribution

The only familiar answer to me in the list option is “message text”. which is reading to “instructions on how to solve the issue”.. so in this question I don’t what option to choose.

QUESTION 153
An organization is adding new profiling probes to the system to improve profiling on Oseo ISE. The probes must support a common network management protocol to receive information about the endpoints and the ports to which they are connected.
What must be configured on the network device to accomplish this goal?

A. ARP
B. SNMP*************
C. WCCP
D. ICMP

This question, my idea to answer is… the only protocol of the list to be CONFIGURED on a network device is actually SNMP. I would choose “B”

QUESTION 167
An engineer is configuring a dedicated SSID for onboarding devices.
Which SSID type accomplishes this configuration?

A. dual*******************************
B. hidden
C. broadcast
D. guest

This one is also confusing because usually is the guest SSID the one used for onboarding devices. But the reality is that is can be any SSID. Dual does not sound like a type of SSID, but I would choose “Dual”.

QUESTION 168
An engineer is implementing network access control using Cisco ISE and needs to separate the traffic based on the network device ID and use the IOS device sensor capability.
Which probe must be used to accomplish this task?

A. HTTP probe
B. NetFlow probe
C. network scan probe
D. RADIUS probe

Any input on this one? I think it could be RADIUS…. but also HTTP… if I need to choose I would choose RADIUS :)

QUESTION 169
An administrator is trying to collect metadata information about the traffic going across the network to gam added visibility into the hosts. This Information will be used to create profiling policies for devices us mg
Cisco ISE so that network access policies can be used. What must be done to accomplish this task?

A. Configure the RADIUS profiling probe within Cisco ISE
B. Configure NetFlow to be sent to me Cisco ISE appliance
C. Configure SNMP to be used with the Cisco ISE appliance
D. Configure the DHCP probe within Cisco ISE

No clue either :(

@Fer where are you getting this questions from ? I am looking for practice questions.

I will have a look at the ones you posted and feedback.

NEW QUESTION 161
An administrator needs to give the same level of access to the network devices when users are
logging into them using TACACS+. However, the administrator must restrict certain commands
based on one of three user roles that require different commands. How is this accomplished without
creating too many objects using Cisco ISE?
A. Create one shell profile and multiple command sets.***********
B. Create multiple shell profiles and multiple command sets.
C. Create one shell profile and one command set.
D. Create multiple shell profiles and one command set

Answer is A

Shell profile defines the privilege level. Command set defines the allow/deny commands.

More info here: https://community.cisco.com/t5/security-documents/cisco-ise-device-administration-prescriptive-deployment-guide/ta-p/3738365

NEW QUESTION 156
A Cisco ISE administrator needs to ensure that guest endpoint registrations are only valid for one
day. When testing the guest policy flow, the administrator sees that the Cisco ISE does not delete
the endpoint in the Guest Endpoints identity store after one day and allows access to the guest
network after that period. Which configuration is causing this problem?
A. The Endpoint Purge Policy is set to 30 days for guest devices.
B. The RADIUS policy set for guest access is set to allow repeated authentication of the same
device.
C. The length of access is set to 7 days in the Guest Portal Settings
D. The Guest Account Purge Policy is set to 15 days

My thoughts:
Option A: This endpoint purge schedule is enabled by default. Cisco ISE, by default, deletes endpoints and registered devices that are older than 30 days. This is not necessary a guest flow feature.

Option B: This answer does not make sense for this question.

Option C: The length of access of a Guest account is configured on Sponsor portal

Option D: This option configures purge policy for expired guest accounts. If account if expired access should not be allowed.

I would say the the most accurate answer is C. Because there is an option when using self-registered guest portal to configure “Account valid for:” which by default is 1 day. However, it has a max of 5 days.. and the answer shows 7 days.

Any thoughts?

Hi all, I need to buy a dump, which website sells valid?

@Fer
NEW QUESTION 156
I agree with you, the most accurate answer is C as purge policy applies to expired accounts and once accounts are expired, they no longer have access on the network

Hello everyone.
Pass exam today. I got 50% questions from dump. Most from 152 to 172 questions. It was not possible to write or screenshot questions.

What answer of questions from 152-172 did you use?
they are all wrong in the dumps.

Thanks

@Fer
I don’t know correct my answers or not. New questions was easier then questions 152-172

A network administrator is configuring a secondary cisco ISE node from the backup configuration of the primary cisco ISE node to create a high availability pair. The Cisco ISE CA certificates and keys must be manually backed up from the primary Cisco ISE
and copied into the secondary Cisco ISE. Which command most be issued for this to work?

A. copy certificate Ise
B. application configure Ise*********************
C. certificate configure Ise
D. Import certificate Ise

QUESTION 166
A network engineer has been tasked with enabling a switch to support standard web authentication for Cisco ISE.
This must include the ability to provision for URL redirection on authentication.
Which two commands must be entered to meet this requirement? (Choose two)

A. Ip http secure-authentication
B. Ip http server**********************
C. Ip http redirection
D. Ip http secure-server******************
E. Ip http authentication

QUESTION 161 In question was image with command set

An engineer is creating a new TACACS* command set and cannot use any show commands after togging into the device with this command set authorization. Which configuration is causing this issue?

A. Question marks are not allowed as wildcards for command sets.
B. The command set is allowing all commands that are not in the command list
C. The wildcard command listed is in the wrong format**************************
D. The command set is working like an ACL and denying every command.

QUESTION 162
An organization is migrating its current guest network to Cisco ISE and has 1000 guest users in the current database. There are no resources to enter this information into the Cisco ISE database manually.
What must be done to accomplish this task effciently?

A. Use a CSV file to import the guest accounts*********
B. Use SOL to link me existing database to Ctsco ISE
C. Use a JSON fie to automate the migration of guest accounts
D. Use an XML file to change the existing format to match that of Cisco ISE

MacOS users are complaining about having to read through wordy instructions when remediating their workstations to gam access to the network. Which alternate method should be used to tell users how to remediate?

A. URL link****************
B. message text
C. executable
D. file distribution

QUESTION 167
An engineer is configuring a dedicated SSID for onboarding devices.
Which SSID type accomplishes this configuration?

A. dual
B. hidden
C. broadcast
D. guest*******************

An administrator is trying to collect metadata information about the traffic going across the network to gam added visibility into the hosts. This Information will be used to create profiling policies for devices us mg
Cisco ISE so that network access policies can be used. What must be done to accomplish this task?

A. Configure the RADIUS profiling probe within Cisco ISE
B. Configure NetFlow to be sent to me Cisco ISE appliance**********
C. Configure SNMP to be used with the Cisco ISE appliance
D. Configure the DHCP probe within Cisco ISE

NEW QUESTION 161
An administrator needs to give the same level of access to the network devices when users are
logging into them using TACACS+. However, the administrator must restrict certain commands
based on one of three user roles that require different commands. How is this accomplished without
creating too many objects using Cisco ISE?
A. Create one shell profile and multiple command sets.**************
B. Create multiple shell profiles and multiple command sets.
C. Create one shell profile and one command set.
D. Create multiple shell profiles and one command set

NEW QUESTION 156
A Cisco ISE administrator needs to ensure that guest endpoint registrations are only valid for one
day. When testing the guest policy flow, the administrator sees that the Cisco ISE does not delete
the endpoint in the Guest Endpoints identity store after one day and allows access to the guest
network after that period. Which configuration is causing this problem?
A. The Endpoint Purge Policy is set to 30 days for guest devices.***************
B. The RADIUS policy set for guest access is set to allow repeated authentication of the same
device.
C. The length of access is set to 7 days in the Guest Portal Settings
D. The Guest Account Purge Policy is set to 15 days

If you guys read the previous comments in this forum you will find the questions. I advise you to look for Kati’s comments and dumps. Also questions from 152 to 172.
This covers almost 75% of the questions of the exam now a days. However do not rely on the answes.. go an investigate and make a conclusion for correct answers. Some guys here have shared valuable insights and logical analysis for correcting the answers of dumps. Great job.

There are several questions that I never saw before any where. But if you really study the material you can make it. They are not impossible questions.

I believe the two topic more asked and more difficult in the exam are: prosture and profiling.

Good luck everyone

Study group. First of all thanks to this forum. For anyone taking the exam soon, my advice:

1. Look for Kati’s comment and suggestions in previous comments.
2. In the comments you will find the questions and a lot of useful advices.
3. DO NOT rely on the answer of the dumps. Questions are helpful to study, but there are many wrong answers.
4. The most difficult topic on the exam in my opinion was PROFILING.
5. Dumps that you find in this forum cover around 75% of the questions of the exam.
6. The question that are not in dumps are not impossible to answer

Good luck!!

If you have a doubt with an answer of a question, shoot here and let’s all help to conclude with best answer.

Study group. Look for Kati’s comments you’ll find material to study
Also latest question shared in previous comments. Do not rely on answer. Many of them are wrong.
New questions are not impossible if you studied.

Thanks for all the help in this community!

I just passed SISE exam. Where can one check the overall pass score?

@Oooh
TYou can look at your exam score report when you log on pearsonvue.

how was the report. anything interesting you wanna share. Is the exam very difficult. Any hints for those who are writing soon. Any valid dumps you used.

QUESTION 155
An employee logs on to the My Devices portal and marks a currently on-boarded device as `Lost’. Which option is correct?

A. Certificates provisioned to the device are not revoked
B. BYOD Registration status is updated to No
C. The device access has been denied
D. BYOD Registration status is updated to Unknown.
E. The device status is updated to Stolen

Answer: A, B

https://www.cisco.com/c/en/us/td/docs/security/ise/2-6/admin_guide/b_ISE_26_admin_guide/b_ISE_admin_26_byod.html

Lost: The user logs on to the My Devices portal, and marks a currently onboarded device as Lost that causes the following actions:

The device is assigned to Blacklist identity group.
Certificates provisioned to the device are not revoked.
The device status is updated to Lost.
BYODRegistration status is updated to No.

A lost device still has network access unless you create an authorization policy to block lost devices.

what is the correct answer?

What is a requirement for Feed Service to work-?
A. TCP port 3080 must be opened between Cisco ISE and the feed server
B. Cisco ISE has a base license.
C. Cisco ISE has access to an internal server to download feed update
D. Cisco ISE has Internet access to download feed update

what is the correct answer?

A network engineer needs to ensure that the access credentials are not exposed during the 802.1x authentication among components. Which two protocols should complete this task? (Choose two.)
A. PEAP
B. EAP-MD5
C. LEAP
D. EAP-TLS
E. EAP-TTLS

@Anonymous

What is a requirement for Feed Service to work-?
A. TCP port 3080 must be opened between Cisco ISE and the feed server
B. Cisco ISE has a base license.
C. Cisco ISE has access to an internal server to download feed update
D. Cisco ISE has Internet access to download feed update >>> Correct

A network engineer needs to ensure that the access credentials are not exposed during the 802.1x authentication among components. Which two protocols should complete this task? (Choose two.)
A. PEAP
B. EAP-MD5
C. LEAP
D. EAP-TLS
E. EAP-TTLS

This one I am not sure. Some says A and E others but I will choose A and D

Hi,
Is securitytut offering all q&a for this exam like 350-701 exam?

hi,

just pass the exam with a narrow margin. there were at-lease 15-20 questions that are new. i saw them during the exam. i recommend make your preparation before planning exam sit in.

hi, mms can you help me with new questions. I am going to give exam very soon. Help me guyz if you have valid dumps

Hi guys. I just passed the exam. I am unsure of my score as they only provide the percentage on each section. There are maybe 10 to 15 new questions and I got three drag and drop (802.1x components, TACACS+ vs RADIUS, MSCHAP vs EAP-TLS). As you can see on my score report, profiling is the most difficult.

Please read @Fer comment on December 14th, 2021.

Section Analysis
Architecture and Deployment 83%
Policy Enforcement 93%
WebAuth and Guest Services 89%
Profiler 78%
BYOD 100%
Endpoint Compliance 100%
Network Access Device Administration 100%

Hi Guyz, failed exam few days ago but remember few questions…please help with answer and send me latest questions if you have any.

Q. cisco ise deployment use external identity source to remember username and password
Q. an administrator is configuring a new profile policy in cisco ise for a printer type that is missing from the profiler feed. the logical profile printers must be used in the authorization rule and the rule must be hit. what must be done to ensure that this configuration will be successful ?

Q. device cannot obtain ip address in cisco after successfull mab authentication
Q. Cisco ISE a network administrator notices that after a company-wide shut down, many users cannot connect their laptop to the corporate SSID. what must be done to permit access in a timely manner ?
Q. an engineer is using profiling to determine what access an endpoint must receive. after configuring both cisco ise and the network devices for the 802.1x and profiling, the endpoint do not profile prior to authentication. what are the reason this is happening ?
Q.an organization has a fully distributed cisco ise deployment. how to scan for unknown endpoints to learn the ip-to-mac address bindings ?

Q. an engineer deploys cisco ise and must configure active directory to then use information from active directory in an authorization policy. How to accomplish this /

Q. an administrator adds a new network device to the cisco ise configuration to authenticate endpoints to the network. the radius test fails after the administrator configures all of the settings in cisco ise and adds the proper configuration to the switch. what is the issue ?

Q. a cisco ise server sends a coa to a nad after a user logs in successfully using CWA ?
A.It applies the downloadable ACL provided in the CoA
Q. which two external identity stores support EAP-TLS and PEAP-TLS in cisco ISE?
AD and LDAP
Q. what is the function of client provisioning
an administrator adds a new network device
Q. an engineer tests cisco ise posture services on the network and must configure the compliance module to automatically download and install on the endpoints. which action accomplish this task for VPN users ?
Q. An administrator is trying to collect metadata information about the traffic going across the network to gam added visibility into the hosts. This Information will be used to create profiling policies for devices us mg Cisco ISE so that network access policies can be used. What must be done to accomplish this task?
Configure NetFlow to be sent to me Cisco ISE appliance

@Trina – what are your answers for dot1x drag and drop: my answers are below: let me know what you guyz think ?
supplicant: software on the endpoint that communicate with EAP at layer 2
authenticator: device that control physical access to the network based on the endpoint authentication status
authentication server: device that validate the identity of the endpoint and provides results to another device

@Jackie. Yes your answers are correct

• Supplicant: Endpoint 802.1X-compliant software service. It communicates with NAD Authenticators to request network access.
• Authenticator: Controls access to the network, based on client authentication status. The objective here is for endpoints to authenticate to the Authentication server via some Extensible Authentication Protocol (EAP). NAD authenticators act as an intermediary (proxy) between client and authentication server. They communicate with endpoint supplicants via 802.1X, to request identity information. Then they communicate with the Authentication Server via RADIUS to verify that information. They relay authentication server responses back to the client. The authenticator acts as a RADIUS client, encapsulating, and de-encapsulating EAP frames. .
• Authentication server: This role performs client authentication. The authentication server validates client identity and notifies NAD authenticators of client authorization status. Because the authenticator acts as the proxy, the authentication service is transparent to the client. Cisco ISE acts as the authentication server.

@Jackie your answers are same as mine and should be correct

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_8021x/configuration/xe-3se/3850/sec-user-8021x-xe-3se-3850-book/config-ieee-802x-pba.html

Reference link is not for ISE but should be the same

@Jackie. I am so sorry to hear that. Unfortunately I cannot remember the choices and what my answers were except for below

Q. what is the function of client provisioning
Ans: ensures that endpoints receive the appropriate posture agents.

Q. An administrator is trying to collect metadata information about the traffic going across the network to gam added visibility into the hosts. This Information will be used to create profiling policies for devices us mg Cisco ISE so that network access policies can be used. What must be done to accomplish this task?
Configure NetFlow to be sent to me Cisco ISE appliance >>> this was also my answer as it says “traffic going across the network” and I think netflow probe can accomplish that

Q. a cisco ise server sends a coa to a nad after a user logs in successfully using CWA ?
A.It applies the downloadable ACL provided in the CoA >>> same answer

Q. which two external identity stores support EAP-TLS and PEAP-TLS in cisco ISE?
AD and LDAP >>> same answer

https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_01101.html

@Jackie I am so sorry to hear that. I also got most if not all of these questions unfortunately I cannot remember the choices

Q. which two external identity stores support EAP-TLS and PEAP-TLS in cisco ISE?
AD and LDAP >>> same answer should be correct
https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_01101.html

Q. what is the function of client provisioning
Ans: ensures that endpoints receive the appropriate posture agents.

@Jackie
Q. An administrator is trying to collect metadata information about the traffic going across the network to gam added visibility into the hosts. This Information will be used to create profiling policies for devices us mg Cisco ISE so that network access policies can be used. What must be done to accomplish this task?
Ans: Configure NetFlow to be sent to me Cisco ISE appliance

This was also my answer cos it states “traffic going across the network” and I think netflow probe can do that

Thanks Trina for quick reply. Anyone remember answer to my questions I posted yesterday. Any help will be appreciated.
thanks

Hi Guyz, need help with below questions. what to do you think is correct answer ? Trina and Fer pls help.

Refer to the exhibit.
A network engineers configuring the switch to accept downloadable ACLs from a Cisco ISC server. Which two commands should be run to complete the configuration?(Choose two)
A. AAA authorization auth-proxy default group radius
B. radius server vsa sand authentication
C. radius-server attribute 8 include-in-access-req
D. IP device tracking
E. dot1x system-auth-control

Answer: BD

Hello Dear Friends
I hope everyone is doing well, Can anyone please share the study materials. or study resources ..

Many Thanks

Hi, guyz I have another question as well : I will go for c option as it says there is no way to do this manually otherwise I would have chosen A. let me know your opinion
An organization is migrating its current guest network to Cisco ISE and has 1000 guest users in the current database There are no resources to enter this information into the Cisco ISE database manually. What must be done to accomplish this task effciently?
A.Use a CSV file to import the guest accounts
B.Use SOL to link me existing database to Ctsco ISE
C.Use a JSON fie to automate the migration of guest accounts
D.Use an XML file to change the existing format to match that of Cisco ISE

what are your input for below question ? I will go with A option.

Q.An administrator is configuring TACACS+ on a Cisco switch but cannot authenticate users with Cisco ISE. The configuration contains the correct key of Cisc039712287. but the switch is not receiving a response from the Cisco ISE instance What must be done to validate the AAA configuration and identify the problem with the TACACS+ servers?
A.Check for server reachability using the test aaa group tacacs+ admin legacy command.
B.Test the user account on the server using the test aaa group radius server CUCS user admin pass legacy command
C.Validate that the key value is correct using the test aaa authentication admin legacy command.
D.Confirm the authorization policies are correct using the test aaa authorization admin drop legacy command.

@Jackie
Question about migrating I answered A

https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/sponsor_guide/b_spons_SponsorPortlUserGuide_22/b_spons_SponsorPortlUserGuide_22_chapter_01.html#task_A34947B69A6642E48D62EF0FA9D64793

Question about TACACS+ authc, A should be correct

@Youki

There is a compilation of questions shared last July, I think. You can go through the comments. However, please note that the answers are mostly wrong so please research. For official study, I used below.

CISCO training Implementing and Configuring Cisco Identity Services Engine (SISE) v3.0
Oreilly CCNP Security Cisco Identify Services Engine SISE 300-715
SISE 300-715 Official Cert Guide

@Trina
Thank you for your reply, actually i am looking for study guide shared more than Q & A. I have checked July’s posts but all are deployments guides. nothing about study guide. I appreciate of anyone has the study guide to share with me

Thank you & wish you a wonderful day

@Trina
Thank you for your reply, July posts has no study guide links. i am looking for study guide more than Q & A. I appreciate if anyone can share the study guide

Thank you & wish you a wonderful day

@Youki. You can always use the official cert guide which you can download from the internet, just search for it. I believe others have shared youtube videos as well, you can also read through the previous comments. For me, I used official CISCO training and Oreilly videos.

https://learning.oreilly.com/videos/ccnp-security-cisco/9780136677208/9780136677208-SISE_00_00_00/

https://www.cisco.com/c/en/us/training-events/training-certifications/training/training-services/courses/implementing-and-configuring-cisco-identity-services-engine-sise.html

Thanks Trina, Youki: start with watching youtube videos on topics of ISE. Buy cisco press book as it is the most important book or attend cisco official training and you will get cisco official student guide and also will able to practice labs – this is the shorted method to learn as trainer will be there to make you understand and last thing before exam is to come here and check people’s experience and input on QnA. Last thing is free but rest all have some price.

@Trina
Thank you dear for the provided information.

Wish you a good day

@Youki
You are welcome :). I will be monitoring this page to help as much as I can

hi Thanks Trina.
Youki: fastest way spend some money on training – you will get official cisco student guide and will learn from the trainer quickly along with practicing labs.
longest way: No money required – watch youtube videos on cisco ise topics, ensure to cover all 7 sections. read cisco white paper on each section.book cisco dcloud labs to practice free labs. watch ciscolive videos on cisco ise and reach docs. everything is free.

Exam: finally visit securitytut.com to check people’s opinion on exam. remember most important thing is to study from cisco official guide to get perfect knowledge so if you go with longest way option you have to really work hard on collecting enough knowledge to clear exam.

If you have money to invest go with fasted way option – my personal recommendation. I don’t have money but investing time which is good as well as learning hardway sometimes gives you more insight :)

Thank Trina. Youki: don’t look for shortcut for studies – get the cisco official training so that you can learn from experience trainer and practice labs. Exam is 100% from official student guide only. Even if you have dumps and questions are not from dumps but if you go through student guide carefully you can still pass the exam. All the best.

finally cleared SISE exam on my second attempt…Thanks Trina, Fer and everyone. Summary : study cisco official curriculum, understand what cisco want from you :) exam language is tricky, probably for me as English is my second language. All the best.

@Anonymous please which Dumps do you use?

any body share dump file,I have solid knowlodge in ISE I can easly write correct answer the upload again to share with you

@Anonymous I can share it to you, please help to check the dump is valid or not. thanks

hey akira,
please sent an dump file,I will solved and upload for you,No proble,It takes 1 or 2 hours for me
please uploaded anywhere and share link from here,you have to use dat intead of .

I have forgot add to message

I have just failed,I have ever never seen this kind of exam all questions are changed,oh my godness

how do i buy the SISE Premium Membership, i cant seem to get it write.

Can anyone share the dumps ?

Hi guys. Anyone here has a pdf copy of the OCG? Appreciate if someone can share thanks!

Hi colleagues, can somebody share with actual dumps? Or give advice how or where I can find?

Hi, anyone bought SISE dump recently and passed? Can you share from what site you get it.

Can anyone share the official cert guide pdf with us?
Thanks

anyone tried the exam? Are there any lab or just multiple choice and drag and drops?

Anyone know where I can get dumps, willing to pay

How to get premium dumps SISE?

I will buy from spoto who wants to divide with me amount for buying?

I’m planning to pass in one week who divide with me amount I’ll share with him dumps

How much is the Spoto cost? chinese dumps vs Spoto which one is good

spoto 220 usd

spoto give guaranty to pass

@SB Thank you very much for the information.

@Nash I’m planning to b u y, if you want we can divide c o s t.

I’m planning to get, if you want I can shere

Hi, anyone went on the exam recently? what is you experience?

QUESTION 161
An engineer is creating a new TACACS* command set and cannot use any show commands after togging into the device with this command set authorization. Which configuration is causing this issue?

A. Question marks are not allowed as wildcards for command sets.
B. The command set is allowing all commands that are not in the command list
C. The wildcard command listed is in the wrong format
D. The command set is working like an ACL and denying every command.

It looks that with this question goes a picture.
www . lead4pass . com / dumps / 300-715 / pdf-a.pdf

and looking the picture correct answer is
A. Question marks are not allowed as wildcards for command sets.
You could say it is wrong format because “sho?” would allow show commands while “sho??” does not.
With “sho??” you are allowing commands that starts with “sho” and must have 5 characters, but this is not wildcard command, but question mark.

B is wrong because you can see that this option is not checked
C is wrong because there is no wildcard command.
D is wrong because “deny any” is not denying all commands, but denying command “any”. Command “any” doesn’t exist and even if does, you are denying only this command and not all of them. Similarity between command set and acl is that while acl has ‘deny any any’ at the end like that command set is denying all that you haven’t listed, that is why you have an option “permit any command that is not listed below”, but i wolud say they are refering to the “deny any”.

QUESTION 159
A Cisco ISE server sends a CoA to a NAD after a user logs in successfully using CWA. Which action does the CoA
perform?
A. It terminates the client session
B. It applies the downloadable ACL provided in the CoA
C. It applies new permissions provided in the CoA to the client session.
D. It triggers the NAD to reauthenticate the client

not sure that answer B is correct. I would say that CoA does not provides an ACL.
Your status has changed and CoA just initialize new authorization. You than match new authZ policy with authZ profile who provides DACL.

by that logic i would says D is correct
D. It triggers the NAD to reauthenticate the client

for example search google for “ISE Posture Flow in ISE 2.2 Compared to Earlier ISE Versions” and look at Figure 1-4

step 28 COA request / COA ACK
step 29 RADIUS authentication
step 30 Authorization policy selection

or

“After the user logs in successfully, ISE sends a RADIUS CoA and the WLC performs re-authentication. This time, the first authorization rule is matched (as endpoint becomes part of defined endpoint identity group) and the user gets Permit_internet authorization Profile.”

or

“The RADIUS CoA provides a mechanism to change the attributes of an AAA session after it is authenticated.
When policy changed on user or user group in RADIUS server, administrators can initiate RADIUS CoA
process from RADIUS server to re-authenticate or re-authorize new policy”

CoA just trigers re-authentication or re-authorization inside the same RADIUS session.

Which file do you Speak, Anonymous??

1. What is the maximum number of PSN nodes supported in a medium-size deployment
eight
two
three
five

2. Which two external identity stores support EAP-TLS and PEAP-TLS
ldap
Internal Database
RADIUS Token
RSA Secure ID
Active Didectory

3. In a Cisco ISE split deployment model which load is split between the nodes?
AAA
device admission
network admission
log collection

I have valid bought dump for passing ISE, I already passed. Who wants to write me to rimasvb AT gmail.com

ACL.
Your status has changed and CoA just initialize new authorization. You than match new authZ policy with authZ profile who provides DACL.

by that logic i would says D is correct
D. It triggers the NAD to reauthenticate the client

for example search google for “ISE Posture Flow in ISE 2.2 Compared to Earlier ISE Versions” and look at Figure 1-4

step 28 COA request / COA ACK
step 29 RADIUS authentication
step 30 Authorization policy selection

or

“After the user logs in successfully, ISE sends a RADIUS CoA and the WLC performs re-authentication. This time, the first authorization rule is matched (as endpoint becomes part of defined endpoint identity group) and the user gets Permit_internet authorization Profile.”

or

“The RADIUS CoA provides a mechanism to change the attributes of an AAA session after it is authenticated.
When policy changed on user or user group in RADIUS server, administrators can initiate RADIUS CoA
process from RADIUS server to re-authenticate or re-authorize new policy”

CoA just trigers re-

Hi, can some share pls the pdf with q?

Can some on pass on a link to the dump? Thanks in advance!

MacOS users are complaining about having to read through wordy instructions when remediating their workstations to gain access to the network. Which alternate method should be used to tell users how to remediate?
URL link
message text
executable
file distribution

A network administrator notices that after a company-wide shut down, many users cannot connect their laptop to the corporate SSID. What must be done to permit access in a time?
Allow authentication for expired certificates whitin the EAP-TLS section under the allowed protocols.
Add a certificate issue form the CA server revoke the expired certificate and add the new certificate in system.
Connect the system as a guest user and then redirect the web auth protocol to log in to the network.
Authenticate the user’s system to the secondary Cisco ISE node and move this user to the primary with the renewed certificate.

An administrator adds a new network device to the Cisco ISE configuration to authenticate endpoints to the network. The RADIUS test fails after the administrator configures all of the settings in Cisco ISE and adds the proper configurations to the switch. What is the issue?
The shared secret is incorrect on the switch or on Cisco ISE.
The endpoint does not have the appropriate credentials for network access.
The endpoint profile is showing as “unknow”.
The certificate on the switch is self-signed, not a CA-provided certificate.

A network administrator must configure Cisco SE Personas in the company to share sessions information via syslog. Which Cisco ISE personas must be added to syslog receivers to accomplish this goal?
Admin
pxGrid
Policy services
monitor

A network administrator is configuring a secondary cisco ISE node from the backup configuration of the primary cisco ISE node to create a high availability pair. The Cisco ISE CA certificates and keys must be manually backed up from the primary Cisco ISE and copied into the secondary Cisco ISE. Which command most be issued for this to work?
copy certificate ise
application configure ise
certificate configure ise
import certificate ise

An engineer is implementing network access control using Cisco ISE and needs to separate the traffic based on the network device ID and use the IOS device sensor capability. Which probe must be used to accomplish this task?
HTTP probe
NetFlow probe
network scan probe
RADIUS probe

A network engineer has been tasked with enabling a switch to support standard web authentication for Cisco ISE. This must include the ability to provision for URL redirection on authentication. Which two commands must be entered to meet this requirement? (Choose two)
ip http secure-authentication
ip http server
ip http redirection
ip http secure-server
ip http authentication