Exam 300-715 topic 1 question 255 discussion

Please refer to the chart on page 10 of https://www2-realm.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ISE_admin_guide_24/m_ise_devices_byod.pdf

Horrible question, could be A and D. If you use the Default, you do not have to: 1-Create endpoint groups (Registered Enpointd) 2- Customize device portal (Defaul my device portal ) 3- Deploy client provisioning portal (This is not even an option for BYOD, only Posture). External identity source is a must for BYOD, you have to add somithing to ISE: AD, LDAP, CERTS, etc + Policy services must be enabled as well. https://www.cisco.com/c/en/us/td/docs/security/ise/3-0/admin_guide/b_ISE_admin_3_0/b_ISE_admin_30_byod.html Client Provisioning Portal Employees do not access this portal directly, but are redirected to it. The Client Provisioning system provides posture assessments and remediations for devices that are attempting to gain access to your corporate network. When employees request network access using their devices, you can route them to a Client Provisioning portal and require them to first download the posture agent. The posture agent scans the device for compliance, such as verifying that virus protection software is installed on it and that its operating system is supported.

Task -> BYOD Portal Enable Policy Services -> Required Create Endpoint Identity Groups -> Required Customize Device Portals -> Optional Create External Identity Sources -> Not Required Create a Client Provisioning Portal -> Not applicable https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/reorg/b_byod_2_4.html#concept_CF5913020FEF4A899B47F9F875E20D8B

B and C you need to customize the portal and create endpoint id groups

https://www2-realm.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ISE_admin_guide_24/m_ise_devices_byod.pdf

It's in my real exam. I chose C E but BYOD is 67% in my socre report, dont fully trust me. (2023/12/28)

Answer for me is A and D. B is not needed: Employees can add and manage new devices by entering the MAC address for the device. When employees add devices using the My Devices portal, Cisco ISE adds the devices to the Endpoints window (Administration > Context Visibility > Endpoints) as members of the RegisteredDevices endpoint identity group (unless already statically assigned to a different endpoint identity group). The devices are profiled like any other endpoint in Cisco ISE and go through a registration process for network access. C is not a must you don't need to customize the BYOD portal for let it work properly. D is not a must, you only need to use .exe provisioned by ISE for automatically download the certificate E for me is a must because you need to configure the client provisioning portal correctly without it the clients will not get the certificate having pushed down the file that can be downloaded to the BYOD portal.

Cisco ISE end-user web portals depend on the Administration, Policy Services, and Monitoring personas to provide configuration, session support, and reporting. https://www.cisco.com/c/en/us/td/docs/security/ise/3-1/admin_guide/b_ise_admin_3_1/b_ISE_admin_31_byod.html#concept_94C0C7873E48486F9E24A2F947409E82

CD User must authenticate, so identity source is required. Also configure web portal with at least 1 authorization policies

Client Provisioning Portal is for posture, not BYOD. I would say customize portal and enable external id src for 802.1x cert authentication after nsp provision. But not sure if costumize portal is a MUST, typical Cisco question