300-715 · Question #187
300-715 Question #187: Real Exam Question with Answer & Explanation
The correct answer is A: Add each MAC address manually to a blocklist identity group and create a policy denying access. To accomplish this task, the Cisco ISE administrator must follow these steps: - Create a blocklist identity group. - Add each MAC address of the endpoints that must be restricted from accessing the network to the blocklist identity group. - Create a policy that denies access to t
Question
A Cisco ISE administrator must restrict specific endpoints from accessing the network while in closed mode. The requirement is to have Cisco ISE centrally store the endpoints to restrict access from. What must be done to accomplish this task?
Options
- AAdd each MAC address manually to a blocklist identity group and create a policy denying access
- BCreate a logical profile for each device's profile policy and block that via authorization policies.
- CCreate a profiling policy for each endpoint with the cdpCacheDeviceld attribute.
- DAdd each IP address to a policy denying access.
Explanation
To accomplish this task, the Cisco ISE administrator must follow these steps: - Create a blocklist identity group. - Add each MAC address of the endpoints that must be restricted from accessing the network to the blocklist identity group. - Create a policy that denies access to the blocklist identity group. - Apply the policy to the network access devices.
Topics
Community Discussion
No community discussion yet for this question.