Career upgrade: Learn practical AI skills for better jobs and higher pay.
Level up
PracticeVideosBlogFlashcardsEspañol
All Practice Exams

100+ Free Cisco 300-715 SISE Practice Questions

Pass your Implementing and Configuring Cisco Identity Services Engine (300-715 SISE) exam on the first try — instant access, no signup required.

✓ No registration✓ No credit card✓ No hidden fees✓ Start practicing immediately
Cisco does not publish exam pass rates Pass Rate
100+ Questions
100% Free
1 / 100
Question 1
Score: 0/0

An ISE administrator wants to enable TACACS+ device administration on a Policy Service Node. Which license must be applied to that PSN?

A
B
C
D
to track
Same family resources

Explore More Cisco Certifications

Continue into nearby exams from the same family. Each card keeps practice questions, study guides, flashcards, videos, and articles in one place.

CCNA

Practice QuestionsStudy GuideFlashcards
2 videos2 blogs

Cisco CCST Networking

Practice QuestionsStudy Guide
2 blogs

CyberOps Associate

Practice Questions
1 blog

Cisco CCST Cybersecurity

Practice Questions
1 blog

CCIE Enterprise

Practice Questions

CCNP Collaboration

Practice Questions

More From This Family

Videos and articles for deeper review.

VideoBest Cable Testers for Network Technicians in 2026: Klein VDV526-200 vs Fluke vs TRENDnetVideoCCNA 200-301 Study Plan: Pass in 3-5 Months (2026)ArticleCCNA 200-301 Study Plan: Pass in 3-5 Months (2026)15 min readArticleBest Cable Testers for Network Technicians in 2026: Klein VDV526-200 vs Fluke vs TRENDnet14 min readArticleFREE Cisco CCST Cybersecurity (100-160) Exam Guide 2026: Pass First Try20 min readArticleFREE Cisco CCST Networking (100-150) Exam Guide 2026: Pass First Try, Domains, Cost, CCNA Path26 min read
2026 Statistics

Key Facts: Cisco 300-715 SISE Exam

$300

Exam Fee

Per attempt, Pearson VUE

90 min

Time Limit

Pearson VUE delivery

55-65

Questions

Multiple-choice + performance-based

v1.1

Current Blueprint

300-715 SISE exam topics

3 yrs

Validity

CCNP Security recertification cycle

Pearson VUE

Test Delivery

Online proctored or test center

Cisco 300-715 SISE is a 90-minute CCNP Security concentration exam with roughly 55-65 questions delivered through Pearson VUE for $300 USD. The exam validates implementation skills on Cisco Identity Services Engine across architecture, 802.1X and MAB, TrustSec, web auth and guest, BYOD, posture, and TACACS+ device administration. Cisco does not publish a fixed passing score; results show a scaled score and pass/fail. Passing 300-715 (with the 350-701 SCOR core) earns the CCNP Security certification, valid for 3 years.

Sample Cisco 300-715 SISE Practice Questions

Try these sample questions to test your Cisco 300-715 SISE exam readiness. Each question includes a detailed explanation. Start the interactive quiz above for the full 100+ question experience with AI tutoring.

1Which ISE persona is responsible for all configuration and is the single point of administration in a distributed deployment?
A.Monitoring (MnT)
B.Policy Service Node (PSN)
C.Primary Policy Administration Node (PAN)
D.pxGrid
Explanation: The Primary Policy Administration Node (PAN) is the single source of truth for all configuration changes in an ISE deployment. Administrators make changes only on the Primary PAN, which then synchronizes the configuration database to the Secondary PAN and all PSNs. Only one Primary PAN can be active at a time.
2An ISE administrator wants to share contextual session data with a Cisco Firepower Management Center for adaptive network control. Which ISE service should be used?
A.RADIUS proxy
B.pxGrid
C.MnT syslog forwarding
D.REST API for ERS
Explanation: pxGrid (Platform Exchange Grid) is a publish/subscribe protocol used by ISE to share contextual session attributes (user, device, SGT, posture) with Cisco and third-party security platforms such as Firepower, Stealthwatch, and SOC tools. Subscribers receive real-time updates and can issue ANC (Adaptive Network Control) actions back to ISE.
3In a small ISE deployment, what is the maximum number of ISE nodes supported when all personas (PAN, MnT, PSN) run on the same nodes?
A.1 node
B.2 nodes
C.4 nodes
D.8 nodes
Explanation: A small (standalone or basic redundancy) ISE deployment supports up to two nodes, each running all personas (PAN + MnT + PSN). The two nodes operate as a redundant pair, with one Primary PAN/MnT and one Secondary PAN/MnT. Beyond two nodes, personas must be split into a medium or large dedicated-PSN deployment.
4Which ISE 3.x license tier is required to enable TrustSec, BYOD, and Profiler services?
A.Essentials
B.Advantage
C.Premier
D.Device Admin
Explanation: The Advantage license tier (formerly Plus) is required to enable Profiler, BYOD, MDM integration, TrustSec/SGT, and pxGrid. Essentials covers basic AAA, MAB, 802.1X, and guest. Premier adds posture and Threat-Centric NAC on top of Advantage. Device Admin is a separate add-on for TACACS+.
5An ISE administrator wants to enable TACACS+ device administration on a Policy Service Node. Which license must be applied to that PSN?
A.Essentials
B.Advantage
C.Premier
D.Device Admin
Explanation: The Device Admin license is a separate add-on license consumed per Policy Service Node and is required to enable the TACACS+ Device Administration service. It is independent of Essentials/Advantage/Premier and is purchased per PSN that runs the Device Admin service.
6Which two ISE personas can be configured for high availability with automatic failover by default?
A.Primary and Secondary PAN
B.Primary and Secondary MnT
C.Active and Standby PSN cluster
D.Primary and Secondary pxGrid
Explanation: MnT supports an active/standby pair where the Secondary MnT automatically takes over reporting/log collection if the Primary fails — clients are configured to log to both. PAN failover is supported but is manual by default; admins must promote the Secondary PAN. PSNs are load-balanced rather than active/standby.
7Which ISE persona stores all logs, reports, and historical session data?
A.PAN
B.PSN
C.MnT
D.pxGrid
Explanation: The Monitoring (MnT) persona is the logging and reporting engine. PSNs send authentication and authorization log data to MnT in real time, where it powers Live Logs, Live Sessions, reports, and alarms. Disk capacity on MnT determines historical data retention.
8What is the primary benefit of separating the PSN persona onto dedicated nodes in a medium or large ISE deployment?
A.Eliminates the need for a Secondary PAN
B.Allows horizontal scaling of authentication throughput and load-balanced PSN groups
C.Removes the requirement for Advantage licensing
D.Avoids the need to deploy MnT
Explanation: Splitting PSNs onto dedicated nodes lets administrators scale authentication horizontally — adding more PSNs adds more concurrent endpoint capacity and allows the use of RADIUS server groups or a load-balancer to distribute requests. Dedicated PSNs also keep AAA traffic from competing with admin or reporting workloads.
9An organization is deploying ISE for the first time and wants the simplest deployment with redundancy. Which model should they choose?
A.Standalone single node
B.Two-node deployment with all personas on each node (Primary and Secondary)
C.Five-node deployment with dedicated PSNs and PANs
D.Hybrid cloud ISE with virtual PSNs only
Explanation: A two-node deployment is the standard 'small' design: each node runs PAN + MnT + PSN, one as Primary and one as Secondary. It provides PAN redundancy, MnT redundancy, and PSN survivability in a single-pair design — the simplest architecture that still tolerates the loss of one node.
10Which ISE feature supports zero-touch provisioning of newly imaged endpoints by combining DHCP option, profiler, and authorization rules?
A.Auto-Smart Port macro
B.Endpoint profiling with CoA-driven authorization change
C.EAP-Chaining
D.MDM Compliance Sync
Explanation: ISE Profiler classifies an unknown endpoint by combining DHCP, RADIUS, HTTP, SNMP, NMAP, NetFlow, AD, and DNS probe data. When the profile changes, ISE issues a Change of Authorization (CoA) so the endpoint receives the correct authorization (VLAN, dACL, SGT) without manual intervention — the foundation of zero-touch provisioning.

About the Cisco 300-715 SISE Exam

The Cisco 300-715 SISE (Implementing and Configuring Cisco Identity Services Engine v1.1) is a CCNP Security concentration exam that validates skills with Cisco ISE. Candidates demonstrate ISE architecture and persona design (PAN, MnT, PSN, pxGrid), 802.1X and MAB policy enforcement, TrustSec with SGTs, SXP, and SGACLs, web authentication and guest services, BYOD onboarding with the internal CA and Native Supplicant Provisioning, the profiler service with multiple probes, endpoint compliance using AnyConnect / Cisco Secure Client ISE Posture, and TACACS+ device administration with shell profiles and command sets.

Assessment

55-65 multiple-choice and performance-based items covering ISE architecture and deployment, policy enforcement, web auth and guest services, profiler, BYOD, endpoint compliance, and TACACS+ device administration

Time Limit

90 minutes

Passing Score

Cisco does not publish a fixed passing score; score reports list pass/fail with a scaled score (commonly cited 750-825 of 1000)

Exam Fee

$300 USD (Cisco / Pearson VUE)

Cisco 300-715 SISE Exam Content Outline

10%

Architecture and Deployment

ISE personas (PAN, MnT, PSN, pxGrid), small/medium/large distributed deployments, node redundancy, ISE 3.x licensing (Essentials, Advantage, Premier, Device Admin), configuration vs operational backups, performance and scaling

25%

Policy Enforcement

AD/LDAP integration, Identity Source Sequences, 802.1X (EAP-TLS, PEAP-MSCHAPv2, EAP-FAST, TEAP/EAP-Chaining), MAB, phased deployment (Monitor/Low-Impact/Closed), TrustSec SGT/SXP/SGACL, policy sets and conditions, NAD configuration, RADIUS shared secret, CoA UDP 1700/3799

15%

Web Auth and Guest Services

Local Web Auth and Centralized Web Auth (CWA), URL-redirect AV-pair and redirect ACL, hotspot vs self-registered vs sponsored portals, sponsor portal and approval workflow, guest types and account lifecycle, language files

15%

Profiler

Profiler probes (RADIUS, DHCP, HTTP, SNMP Query/Trap, NMAP, NetFlow, AD, DNS), Certainty Factor, profiler feed service, custom profiles, logical profiles, CoA on profile change, Context Visibility

15%

BYOD

Single and dual SSID BYOD, Native Supplicant Provisioning (NSP), MyDevices portal, RegisteredDevices identity group, Internal CA with subordinate CA per PSN, certificate templates, SCEP and external Microsoft NDES, MDM compliance integration

10%

Endpoint Compliance

AnyConnect / Cisco Secure Client ISE Posture module, posture conditions (file, registry, application, service, AV/AS, disk encryption), requirements, remediations, Compliance Module updates, Audit vs Redirect modes, Client Provisioning Policy, TC-NAC, ANC

10%

Network Access Device Administration

TACACS+ Device Administration on TCP/49, Device Admin Policy Sets, Shell Profiles (privilege/idle), Command Sets, IOS AAA method-list configuration, EXEC and command accounting, local fallback, TACACS Live Logs

How to Pass the Cisco 300-715 SISE Exam

What You Need to Know

  • Passing score: Cisco does not publish a fixed passing score; score reports list pass/fail with a scaled score (commonly cited 750-825 of 1000)
  • Assessment: 55-65 multiple-choice and performance-based items covering ISE architecture and deployment, policy enforcement, web auth and guest services, profiler, BYOD, endpoint compliance, and TACACS+ device administration
  • Time limit: 90 minutes
  • Exam fee: $300 USD

Keys to Passing

  • Complete 500+ practice questions
  • Score 80%+ consistently before scheduling
  • Focus on highest-weighted sections
  • Use our AI tutor for tough concepts

Cisco 300-715 SISE Study Tips from Top Performers

1Memorize the ISE persona model — exactly one Primary PAN, exactly one Primary MnT, multiple PSNs, and pxGrid is shared. Know the small (2-node), medium, and large deployment limits.
2Master ISE 3.x licensing nesting: Premier includes Advantage, which includes Essentials. Device Admin is always a separate per-PSN add-on for TACACS+.
3Practice phased 802.1X deployment in this order: Monitor Mode (authentication open) → Low-Impact Mode (pre-auth ACL) → Closed Mode (deny by default).
4Know the canonical RADIUS attributes: Calling-Station-ID = endpoint MAC, NAS-IP-Address = NAD identity, NAS-Port-Type identifies wired vs wireless, and CoA targets UDP 1700 (legacy Cisco) or 3799 (RFC 5176).
5For BYOD, study both single SSID (open + dot1x on the same SSID) and dual SSID (separate onboarding and secure SSIDs) flows, including SCEP delivery from the ISE internal CA.
6For Device Admin, remember TACACS+ is TCP/49, Shell Profile sets the session (privilege level, idle), and Command Sets evaluate per-command authorization. Always configure local fallback to avoid lockout.

Frequently Asked Questions

What is the Cisco 300-715 SISE exam?

The Cisco 300-715 SISE (Implementing and Configuring Cisco Identity Services Engine) is a CCNP Security concentration exam that validates skills implementing and operating Cisco ISE. The exam covers ISE architecture and personas, 802.1X and MAB policy enforcement, TrustSec, web authentication and guest services, BYOD onboarding, the profiler, endpoint posture, and TACACS+ device administration.

How many questions are on the 300-715 SISE exam and how long is it?

The 300-715 SISE exam contains roughly 55 to 65 questions and runs 90 minutes through Pearson VUE. Question types include multiple-choice, drag-and-drop, and performance-based items. Cisco does not publish a fixed number of questions or a fixed passing score; each candidate sees a slightly different blueprint draw.

What is the passing score for the Cisco 300-715 SISE exam?

Cisco does not publish a fixed passing score for the 300-715 SISE. The score report shows a scaled score and a pass/fail result. Industry sources commonly cite a passing scaled score in the 750-825 of 1000 range, but Cisco treats the cut score as a confidential statistical threshold that can be adjusted per exam version.

How much does the Cisco 300-715 SISE exam cost?

The 300-715 SISE exam costs $300 USD per attempt for most regions, paid through Pearson VUE. Cisco partners can use Cisco Learning Credits as vouchers, and Cisco Learning Network Premium subscribers may receive a discount. Retake fees are full price after the standard 5-day wait between attempts.

How is 300-715 used in the CCNP Security certification?

CCNP Security requires the 350-701 SCOR core exam plus one concentration exam. 300-715 SISE is the most popular concentration when the candidate's role focuses on identity, 802.1X, NAC, BYOD, or TrustSec with Cisco ISE. Passing both exams earns CCNP Security, valid for 3 years.

What ISE versions does the 300-715 v1.1 exam target?

The current 300-715 SISE v1.1 blueprint reflects Cisco ISE 3.x. That includes the modern licensing model (Essentials, Advantage, Premier, plus Device Admin add-on), the unified Cisco Secure Client (formerly AnyConnect) Posture module, pxGrid, and Threat-Centric NAC. Specific feature mentions in the blueprint align with ISE 3.0 and later releases.

How should I prepare for the Cisco 300-715 SISE exam?

Prepare by completing Cisco's official SISE training (or self-study with the Cisco Press SISE study guide), building hands-on lab time with ISE 3.x (Cisco dCloud or a personal lab), mastering 802.1X and MAB on Catalyst switches and Cisco WLCs, configuring CWA and BYOD end-to-end, and practicing TACACS+ Device Admin policy with Shell Profiles and Command Sets. Take full practice exams to identify weak topics.