nerdexam
Exams300-715Questions#337
CiscoCisco

300-715 · Question #337

300-715 Question #337: Real Exam Question with Answer & Explanation

The correct answer is C: Configure a profiling logical profile.. To fully leverage Active Directory attributes for profiling, the administrator must configure a profiling logical profile to combine AD attributes and define custom profiling conditions. These actions allow Cisco ISE to correctly classify endpoints based on the AD-Join-Point and

Profiler

Question

An administrator must configure Cisco ISE profiling services and the Cisco switch device sensor feature to provide user access using the AD-Join-Point and AD-Operating-System attributes from the Active Directory Probe. These configurations were performed: - configured all the required Cisco Wireless LAN Controller configurations - enabled Active Directory probes - configured a custom profiling policy - joined Cisco ISE to Active Directory - configured the authorization rule with full access permission Which two actions complete the configuration? (Choose two.)

Options

  • AConfigure an identity group for endpoints.
  • BEnable the SNMP probe.
  • CConfigure a profiling logical profile.
  • DConfigure custom profiling conditions.
  • EEnable the RADIUS probe.

Explanation

To fully leverage Active Directory attributes for profiling, the administrator must configure a profiling logical profile to combine AD attributes and define custom profiling conditions. These actions allow Cisco ISE to correctly classify endpoints based on the AD-Join-Point and AD-Operating-System attributes provided by the Active Directory probe.

Common mistakes.

  • A. Configuring an identity group for endpoints is a step in organizing endpoints after they are profiled, but it doesn't directly complete the profiling configuration for using specific AD attributes.
  • B. Enabling the SNMP probe is not directly required for using AD attributes, as the question specifies using attributes from the Active Directory Probe.
  • E. The RADIUS probe primarily gathers information from RADIUS authentication/accounting messages, not Active Directory specific attributes, making it irrelevant for this specific requirement.

Concept tested. Cisco ISE profiling with Active Directory attributes

Reference. https://www.cisco.com/c/en/us/td/docs/security/ise/3-1/admin_guide/b_ise_admin_guide_31/m_manage_endpoint_profiling.html#concept_E7762C8C38064F9D9F80327D48079B0A

Topics

#Cisco ISE Profiling#Active Directory Probe#Logical Profiles#Profiling Conditions

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 300-715 PracticeBrowse All 300-715 Questions