300-715 Question #271: Real Exam Question with Answer & Explanation

The correct answer is B: each PSN. For Cisco ISE to provide central logging and tracking of network device access via Device Admin, the Device Admin service must be enabled on each Policy Service Node (PSN).

Network Access Device Administration

Question

Due to a recent network incident, all access to network devices must be centrally logged and tracked in Cisco ISE. On which nodes must the Device Admin service be enabled?

Options

Aone PAN
Beach PSN
Ceach PAN
Done PSN

Explanation

For Cisco ISE to provide central logging and tracking of network device access via Device Admin, the Device Admin service must be enabled on each Policy Service Node (PSN).

Common mistakes.

A. The PAN (Primary Administration Node) handles administration and database services, but not the runtime TACACS+ services for device administration.
C. PANs do not host the Device Admin (TACACS+) runtime service.
D. While a PSN can host the Device Admin service, enabling it on only one PSN would create a single point of failure and limit scalability for handling all network device access requests across the network.

Concept tested. Cisco ISE Device Admin (TACACS+) service placement

Reference. https://www.cisco.com/c/en/us/td/docs/security/ise/3-0/admin_guide/b_ISE_admin_3_0/b_ISE_admin_3_0_chapter_011.html

Topics

#Cisco ISE#Device Administration#TACACS+#PSN

Community Discussion

No community discussion yet for this question.

Full 300-715 Practice Browse All 300-715 Questions