300-715 · Question #149
300-715 Question #149: Real Exam Question with Answer & Explanation
The correct answer is D: dynamic access list within the authorization profile. {"question_number": 5, "correct_answer": "D", "explanation": "To eliminate static ACLs on switch ports and have Cisco ISE dynamically communicate what access a client should receive, Downloadable ACLs (dACLs) are configured within the ISE Authorization Profile. When a client auth
Question
An organization wants to standardize the 802.1X configuration on their switches and remove static ACLs on the switch ports while allowing Cisco ISE to communicate to the switch what access to provide. What must be configured to accomplish this task?
Options
- Asecurity group tag within the authorization policy
- Bextended access-list on the switch for the client
- Cport security on the switch based on the client's information
- Ddynamic access list within the authorization profile
Explanation
{"question_number": 5, "correct_answer": "D", "explanation": "To eliminate static ACLs on switch ports and have Cisco ISE dynamically communicate what access a client should receive, Downloadable ACLs (dACLs) are configured within the ISE Authorization Profile. When a client authenticates via 802.1X, ISE sends the dACL as a RADIUS attribute (Cisco-AV-pair) to the switch, which dynamically applies it to that port session. This removes the need for pre-configured static ACLs on each switch port. The dACL is defined in ISE under Policy > Policy Elements > Results > Authorization > Authorization Profiles.", "generated_by": "claude-sonnet", "llm_judge_score": 4}
Topics
Community Discussion
No community discussion yet for this question.