ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 300-715 All Questions

View all questions & answers for the 300-715 exam
Go to Exam

Exam 300-715 topic 1 question 253 discussion

Actual exam question from Cisco's 300-715
Question #: 253
Topic #: 1
[All 300-715 Questions]

A network engineer has recently configured a remote branch router to authenticate to a centralized Cisco ISE server behind the corporate firewall using TACACS+. After making this configuration change, the engineer opened another SSH session to the router in order to verity that login attempts are now being sent to Cisco ISE, however that login attempt was unsuccessful. There are no connection attempts showing in the TACACS live log in Cisco ISE and the firewall administrator has verified that they see syslog and SNMP traffic destinated for the IP address of Cisco ISE, but no TACACS+ traffic. Which misconfiguration is the cause of the failed login?

  • A. The router is missing a route to the Cisco ISE server.
  • B. The tacacs source-interface command on the router references the wrong interface.
  • C. No hosts have been defined under the aaa server group on the router.
  • D. The shared secret entered on the router for the Cisco ISE server is incorrect.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by thol119 at Nov. 2, 2023, 6:45 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
TiberiuszSun
3 months, 1 week ago
Selected Answer: C
the firewall administrator has verified that they see syslog and SNMP traffic destinated for the IP address of Cisco ISE, but no TACACS+ traffic (in the firewall logs, there wasn't any TACACS related traffic.
upvoted 2 times
...
SecEntu
5 months ago
Does anyone took the exam recently ? These questions are valid ?
upvoted 1 times
Kr4M
4 months, 4 weeks ago
Yeah took it today and passed, but there were at least 10/15 new questions who were not on this site.
upvoted 1 times
SecEntu
4 months, 4 weeks ago
Thanks Kr4M, Did you remember the topics of those questions ?
upvoted 1 times
...
...
...
Korndal
5 months, 1 week ago
Selected Answer: B
It's Clearly B. No Router or firewall has just one interface. Therefor you need to tell the device which interface is the source for RADIUS and TACACS.
upvoted 2 times
zyxzyx123
1 month, 3 weeks ago
wrong, the source interface only has relevance for the return traffic. People who are watching the firewall would see the initial tcp syn if it was that issue. Its the routing table (usually def route) that defines which port the traffic exits with.
upvoted 1 times
...
...
NullNull88
10 months, 3 weeks ago
B is correct
upvoted 1 times
...
daffy11
1 year, 1 month ago
Selected Answer: C
Think C is the right answer. Even if the configured source interface is mismatched with IP of NAD in ISE, FW should see TACACS+ traffic. And the traffic should be reached to ISE and ISE just drop it because the source IP is not in its DB.
upvoted 3 times
NikoTomas
11 months ago
For me B) is correct - issue with source-interface for TACACS+. As question states that "configured a remote branch router to authenticate to a centralized Cisco ISE server", we can suppose that at least IP address of AAA server had been set. I don't think that C is answer (no server in aaa server group configured).
upvoted 1 times
...
...
Jor466077
1 year, 2 months ago
Selected Answer: C
The device is not added in ISE.
upvoted 1 times
...
IETF1
1 year, 2 months ago
B (the source interface IP is different than the default IP that is added in ISE)
upvoted 2 times
...
thol119
1 year, 2 months ago
Should be B
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago