ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 300-715 All Questions

View all questions & answers for the 300-715 exam
Go to Exam

Exam 300-715 topic 1 question 228 discussion

Actual exam question from Cisco's 300-715
Question #: 228
Topic #: 1
[All 300-715 Questions]

An administrator is configuring MAB and needs to create profiling policies to support devices that do not match the built-in profiles. Which two steps must the administrator take in order to use these new profiles in authorization policies? (Choose two.)

  • A. Edit the authorization policy to give the profiles as a result of the authentication and authorization results
  • B. Use the profiling policies as the matching conditions in each authorization policy
  • C. Modify the endpoint identity group to feed the profiling policies into and match the parent group in the policy
  • D. Configure the profiling policy to make a matching identity group and use the group in the authorization policy
  • E. Feed the profiling policies into a logical profile and use the logical profile in the authorization policy
Show Suggested Answer Hide Answer
Suggested Answer: DE 🗳️
by thol119 at Nov. 3, 2023, 4:41 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
SilentStock8
2 weeks, 6 days ago
Selected Answer: DE
You don't HAVE to do both you could do either or..
upvoted 1 times
...
XBfoundX
1 year, 2 months ago
DE should be fine: When you create a new policy for matching specific rule conditions you can also let this policy create a new identity group that is gonna insert the mac-addresses of the profiled endpoint to that group. After that we need to configure a new authorization policy by using the attribute logical profile and the logical profile is just the policy that inside have the set of rules and conditions for profiling endpoints. so In the authorization policy you have the logical profile and the result, after that policy got a match the endpoint will get a result by the NAD device and the mac-address of this endpoint is set into the identity group specified in the policy
upvoted 3 times
...
Jor466077
1 year, 2 months ago
Selected Answer: DE
Identity groups and logical profiles can be used in authz policies. Profile policies cannot.
upvoted 3 times
NikoTomas
11 months ago
Sure. eBook SISE: “Even though ENDPOINT IDENTITY GROUPS were useful in very early versions of ISE, their use for profiling has been deprecated in favor of using actual ENDPOINT PROFILES or LOGICAL PROFILES directly in the Authorization Policy. ... Today, ENDPOINT IDENTITY GROUPS are used for a different purpose. They are used for a MAC Address Management (MAM) model, where you can create a STATIC LIST of MAC addresses to be authorized specifically (for example, a list of all Apple iPads that are owned by the company so they can be differentiated from personally owned iPads).”
upvoted 2 times
...
...
thol119
1 year, 3 months ago
Should be correct. Two options, one policy or several polices, each option here gives a solution for both.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel