Exam 300-715 topic 1 question 234 discussion

Actual exam question from Cisco's 300-715

Question #: 234
Topic #: 1

An organization has a SGACL locally configured on a switch port, but when a user in the Executives group connects to the network, they receive a different level of network access than expected. When Cisco ISE pushes SGACLs to the switch after the authorization phase, how does the switch decide which access to grant the user?

A. Dynamically downloaded policies override local policies in all cases.
B. Local policies override dynamically downloaded policies in all cases.
C. The policies are merged, but local policies receive priority.
D. The policies are merged, but dynamically downloaded policies receive priority.

Show Suggested Answer

Suggested Answer: A 🗳️

by IETF1 at Nov. 8, 2023, 2:58 p.m.

Comments

Submit Cancel

G0909

1 year, 1 month ago

Selected Answer: D

Only conflicting policies are overridden.

upvoted 1 times

...

Jor466077

1 year, 7 months ago

Selected Answer: A

An SGACL policy downloaded dynamically from the Cisco Secure ACS or a Cisco ISE will override any conflicting locally-defined policy. https://content.cisco.com/chapter.sjs?uri=%2Fsearchable%2Fchapter%2Fcontent%2Fen%2Fus%2Ftd%2Fdocs%2Fswitches%2Flan%2Fcatalyst9500%2Fsoftware%2Frelease%2F16-11%2Fconfiguration_guide%2Fcts%2Fb_1611_cts_9500_cg%2Fm9-1611-trustsec-sgacl-policies.html.xml&platform=Cisco%20Catalyst%209500%20Series%20Switches&release=IOS%20XE%20Gibraltar%2016.11.x#concept_wrg_5pl_2gb

upvoted 4 times

IETF1

1 year, 7 months ago

A is stating in "all cases" but the document states any conflicting policies which means it will not affect any existing local policies that are not conflicting.

upvoted 3 times

4004aa3

1 year ago

the is no merging

upvoted 1 times

...

IETF1

1 year, 8 months ago

D: An SGACL policy downloaded dynamically from the Cisco Secure ACS or a Cisco ISE will override any conflicting locally-defined policy.

upvoted 4 times

...