700-765 Question #139: Real Exam Question with Answer & Explanation

The correct answer is B: TACACS+Device Administration. ISE TACACS+ Device Administration is the specific feature that enables role-based access control, command-level authorization, and session logging for network device administration auditing.

Cisco Security Product Solutions

Question

Which feature of ISE provides role-based access control and command level authorization with logging for auditing?

Options

APlatform exchange grid
BTACACS+Device Administration
CContext-aware access
DCentralized policy management

Explanation

ISE TACACS+ Device Administration is the specific feature that enables role-based access control, command-level authorization, and session logging for network device administration auditing.

Common mistakes.

A. Platform Exchange Grid (pxGrid) is a context-sharing framework that allows ISE to publish session data to third-party security products, not a device administration or command authorization feature.
C. Context-aware access uses identity and contextual attributes (posture, location, device type) to enforce network access policies, but does not provide command-level authorization or device administration auditing.
D. Centralized policy management is a broad ISE capability describing its unified policy engine, not a specific feature tied to command-level authorization and TACACS+-based device administration logging.

Concept tested. ISE TACACS+ device administration and RBAC

Reference. https://www.cisco.com/c/en/us/td/docs/security/ise/2-7/admin_guide/b_ise_27_admin_guide/b_ISE_admin_27_device_admin.html

Topics

#ISE#TACACS+#device administration#role-based access control

Community Discussion

No community discussion yet for this question.

Full 700-765 Practice