300-715 Question #269: Real Exam Question with Answer & Explanation

Question

An administrator must enable scanning for specific endpoints when they attempt to access the network. The scanning must be triggered as a result of successful authentication. Which action accomplishes this task?

Options

• AModify the authorization policy to send init_endpoint_scan as a result to the authenticator.
• BCreate an authorization profile with scanning enabled and add it to the authorization policy that
• CAdd an entry in the authentication conditions to allow only scanned endpoints access, then
• DConfigure the endpoint scanning probe to profile the endpoint correctly and assign it a risk score.

Explanation

To trigger endpoint scanning after successful authentication, an authorization profile with scanning enabled must be configured and then assigned as a result in the relevant authorization policy.

Common mistakes.

• A. init_endpoint_scan is not a standard authorization result to be sent to an authenticator for initiating a scan directly; scanning is typically controlled via authorization profiles.
• C. Adding an entry to authentication conditions to allow only scanned endpoints would prevent initial access for unscanned endpoints, which contradicts the goal of triggering scanning after successful authentication.
• D. Configuring the endpoint scanning probe is part of the setup, but it doesn't trigger the scan itself as a result of successful authentication; the authorization policy determines when the scan is initiated.

Concept tested. Cisco ISE posture assessment trigger via authorization policy

Reference. https://www.cisco.com/c/en/us/td/docs/security/ise/3-0/admin_guide/b_ISE_admin_3_0/b_ISE_admin_3_0_chapter_0100.html

No community discussion yet for this question.