CiscoCisco
300-715 · Question #32
300-715 Question #32: Real Exam Question with Answer & Explanation
The correct answer is D: active scans. Cisco ISE gathers profiling data from passive network sources like RADIUS, HTTP, SNMP, Netflow, and DNS, but it does not primarily rely on active network scans for profiling.
Profiler
Question
Which of these is not a method to obtain Cisco ISE profiling data?
Options
- ARADIUS
- BHTTP
- CSNMP query
- Dactive scans
- ENetflow
- FDNS
Explanation
Cisco ISE gathers profiling data from passive network sources like RADIUS, HTTP, SNMP, Netflow, and DNS, but it does not primarily rely on active network scans for profiling.
Common mistakes.
- A. RADIUS authentication and accounting messages provide valuable endpoint attributes, such as calling-station-ID and service-type, for profiling.
- B. HTTP User-Agent strings, hostnames, and HTTP application attributes collected via HTTP probes contribute to endpoint profiling.
- C. SNMP queries to network devices can provide information about connected endpoints, such as MAC addresses, interface descriptions, and host details, for profiling.
- E. Netflow records provide traffic patterns and details about applications and protocols used by endpoints, which can be used to identify device types and behavior for profiling.
- F. DNS requests and responses reveal hostname information which is crucial for identifying endpoints and their operating systems for profiling.
Concept tested. Cisco ISE Profiling Data Sources
Reference. https://www.cisco.com/c/en/us/td/docs/security/ise/3-1/admin_guide/b_ISE_admin_3_1/m_profiling.html
Topics
#Cisco ISE Profiling#Profiling Methods#Endpoint Data Collection#ISE Probes
Community Discussion
No community discussion yet for this question.