300-715 Question #148: Real Exam Question with Answer & Explanation

Question

An administrator is configuring new probes to use with Cisco ISE and wants to use metadata to help profile the endpoints. The metadata must contain traffic information relating to the endpoints instead of industry- standard protocol information. Which probe should be enabled to meet these requirements?

Options

• ANetFlow probe
• BDNS probe
• CDHCP probe
• DSNMP query probe

Explanation

To profile endpoints using traffic information rather than standard protocol details, the DHCP probe should be enabled. This probe gathers specific configuration data like IP addresses, MACs, hostnames, and DHCP options.

Common mistakes.

• A. The NetFlow probe provides flow statistics such as source/destination IP, ports, and protocols, which is more about network traffic patterns and 'industry-standard protocol information' rather than endpoint-specific configuration or identity details.
• B. The DNS probe collects DNS query and response data to gather hostname-to-IP mappings, which is a form of 'industry-standard protocol information' and not primarily focused on endpoint traffic configuration metadata.
• D. The SNMP query probe gathers information from SNMP-enabled network devices about their status, interfaces, and connected devices, which provides network infrastructure data, not typically endpoint-specific traffic metadata for profiling.

Concept tested. Cisco ISE Profiling Probes DHCP

Reference. https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/admin_guide/b_ise_admin_guide_23/b_ise_admin_guide_23_chapter_0110.html#concept_AC4E81DD10824E38AE16B610931B2B39

No community discussion yet for this question.