nerdexam
Exams300-715Questions#174
CiscoCisco

300-715 · Question #174

300-715 Question #174: Real Exam Question with Answer & Explanation

The correct answer is B: Cisco ISE Role SECONDARY configuration with Administration disabled, Monitoring enabled, Policy Service enabled with Session Services, Profiling Service, and Passive Identity Service.. For the remaining three Cisco ISE nodes to exclusively handle RADIUS/TACACS+ authentication, identity lookups, and policy evaluation as dedicated PSNs, they need to be configured with the Policy Service enabled, including Session Services, Profiling Service, and the Passive Ident

Architecture and Deployment

Question

An engineer builds a five-node distributed Cisco ISE deployment. The first two deployed nodes are responsible for the primary and secondary administration and monitoring personas. Which persona configuration is necessary to have the remaining three Cisco ISE nodes serve as dedicated nodes in the Cisco ISE cube that is responsible only for handling the RADIUS and TACACS+ authentication requests, identity lookups, and policy evaluation? A. B. C. D.

Options

  • ACisco ISE Role SECONDARY configuration with Administration disabled, Monitoring enabled, Policy Service enabled with Session Services, Profiling Service, and Device Admin Service.
  • BCisco ISE Role SECONDARY configuration with Administration disabled, Monitoring enabled, Policy Service enabled with Session Services, Profiling Service, and Passive Identity Service.
  • CCisco ISE Role SECONDARY configuration with Administration disabled, Monitoring enabled, Policy Service enabled with Session Services, Profiling Service, and Threat Centric NAC Service.
  • DCisco ISE Role SECONDARY configuration with Administration disabled, Monitoring enabled, Policy Service enabled with Session Services and Profiling Service.

Explanation

For the remaining three Cisco ISE nodes to exclusively handle RADIUS/TACACS+ authentication, identity lookups, and policy evaluation as dedicated PSNs, they need to be configured with the Policy Service enabled, including Session Services, Profiling Service, and the Passive Identity Service.

Common mistakes.

  • A. While Device Admin Service handles TACACS+ device administration, the explicit mention of 'identity lookups' in the requirements makes Passive Identity Service a more direct and essential inclusion, and Session Services generally covers general TACACS+ authentication.
  • C. Threat Centric NAC Service is not explicitly mentioned as a required function for these dedicated nodes responsible for authentication, identity lookups, and policy evaluation.
  • D. This option only includes Session Services and Profiling Service, omitting the critical Passive Identity Service required for explicit 'identity lookups' mentioned in the question.

Concept tested. Cisco ISE Distributed Deployment Personas

Reference. https://www.cisco.com/c/en/us/td/docs/security/ise/3-0/admin_guide/b_ise_admin_guide_30/b_ise_admin_guide_30_chapter_01000.html#concept_AD3F4B5421734362846DF7BF003C647D

Topics

#Cisco ISE deployment#Cisco ISE personas#Policy Service Node (PSN)#Authentication

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 300-715 PracticeBrowse All 300-715 Questions