300-715 · Question #170
300-715 Question #170: Real Exam Question with Answer & Explanation
The correct answer is C: Ensure that access to port 8444 is allowed within the ACL.. {"question_number": 3, "correct_answer": "C", "explanation": "In Cisco ISE, when an endpoint is placed in the Blacklist (BlockedList) endpoint identity group, ISE uses a redirect authorization result to send the device to the Blacklist portal. This portal runs on TCP port 8444. F
Question
A laptop was stolen and a network engineer added it to the block list endpoint identity group. What must be done on a new Cisco ISE deployment to redirect the laptop and restrict access?
Options
- ASelect DenyAccess within the authorization policy.
- BEnsure that access to port 8443 is allowed within the ACL.
- CEnsure that access to port 8444 is allowed within the ACL.
- DSelect DROP under If Auth fail within the authentication policy.
Explanation
{"question_number": 3, "correct_answer": "C", "explanation": "In Cisco ISE, when an endpoint is placed in the Blacklist (BlockedList) endpoint identity group, ISE uses a redirect authorization result to send the device to the Blacklist portal. This portal runs on TCP port 8444. For the redirect to function correctly, the ACL applied at the network access device (NAD) must explicitly permit traffic to port 8444 so the endpoint's browser can reach the ISE portal and display the blocked-access page. Port 8443 is used for other ISE portals such as the Guest or Sponsor portals. Simply applying DenyAccess or DROP would cut off the session without presenting a redirect, and port 8443 alone would not serve the Blacklist portal.", "generated_by": "claude-sonnet", "llm_judge_score": 4}
Topics
Community Discussion
No community discussion yet for this question.