Cisco Exam 300-715 Topic 3 Question 89 Discussion

Actual exam question for Cisco's 300-715 exam

Question #: 89
Topic #: 3

The security team identified a rogue endpoint with MAC address 00:46:91:02:28:4A attached to the network. Which action must security engineer take within Cisco ISE to effectively

restrict network access for this endpoint?

AConfigure access control list on network switches to block traffic.

BCreate authentication policy to force reauthentication.

CAdd MAC address to the endpoint quarantine list.

DImplement authentication policy to deny access.

Show Suggested Answer

Suggested Answer: C

Cisco ISE provides a feature called Adaptive Network Control (ANC) that allows administrators to apply policies to endpoints based on their behavior or status1. One of the ANC policies is Quarantine, which restricts network access for an endpoint by assigning it to a limited-access VLAN or applying an access control list (ACL) on the switch port2. To use the Quarantine policy, the administrator must add the MAC address of the rogue endpoint to the endpoint quarantine list in ISE2. This will trigger a change of authorization (CoA) for the endpoint and apply the Quarantine policy. The other options are not effective for restricting network access for a rogue endpoint, as they do not use the ANC feature of ISE.

by Lea at May 28, 2024, 11:34 PM

Limited Time Offer

25%

Off

Get Premium 300-715 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Latonia

4 months ago

I'm feeling lucky today. Let's go with A) Configure access control list on network switches to block traffic. What could possibly go wrong?

upvoted 0 times

Gianna

3 months ago

User 3: I agree, let's not rush into a decision. We need to make sure we take the right action.

upvoted 0 times

...

Marva

3 months ago

User 2: Are you sure about that? Maybe we should consider other options as well.

upvoted 0 times

...

Dierdre

3 months ago

User 1: I think we should go with option A) Configure access control list on network switches to block traffic.

upvoted 0 times

...

Lemuel

4 months ago

Hmm, I'd go with B) Create authentication policy to force reauthentication. Might as well give the user a chance to explain themselves before denying them outright.

upvoted 0 times