300-715 Question #53: Real Exam Question with Answer & Explanation

Question

Which two events trigger a CoA for an endpoint when CoA is enabled globally for ReAuth? (Choose two.)

Options

• Aendpoint marked as lost in My Devices Portal
• Baddition of endpoint to My Devices Portal
• Cendpoint profile transition from Apple-device to Apple-iPhone
• Dendpoint profile transition from Unknown to Windows 10-Workstation
• Eupdating of endpoint dACL.

Explanation

When Change of Authorization (CoA) is globally enabled for reauthentication in Cisco ISE, an endpoint's profile transitioning to a more specific or different classification triggers a CoA.

Common mistakes.

• A. Marking an endpoint as lost in My Devices Portal might trigger other administrative actions like quarantine, but it does not directly trigger a CoA for reauthentication based on a profile change.
• B. Adding an endpoint to My Devices Portal is an administrative action and does not, by itself, trigger a CoA for reauthentication unless it also causes a profile change or policy re-evaluation.
• E. Updating of an endpoint's dACL (Dynamic Access Control List) is typically a result of a policy change and subsequent CoA, not an event that triggers the CoA for reauthentication itself.

Concept tested. Cisco ISE Change of Authorization (CoA) triggers

Reference. https://www.cisco.com/c/en/us/td/docs/security/ise/3-1/admin_guide/b_ISE_admin_3_1/m_profiling.html

No community discussion yet for this question.