ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 300-715 All Questions

View all questions & answers for the 300-715 exam
Go to Exam

Exam 300-715 topic 1 question 248 discussion

Actual exam question from Cisco's 300-715
Question #: 248
Topic #: 1
[All 300-715 Questions]

An administrator has manually added the MAC address of a wireless device to the Blocklist Identity Group for testing. When the device connects to the wireless network it triggers the Wireless Block List Default rule, but the device is still allowed to access the wireless network. What additional step must be taken to resolve tissue?

  • A. Disable URL redirection on the Authorization Profile.
  • B. Enable SNMP with read and write access on the Cisco WLC.
  • C. Create an ACL named BLOCKHOLE on the Cisco WLC.
  • D. Change the Access Type under the Authorization Profile lo ACCESS_REJECT.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by denverfly at Nov. 17, 2023, 2:06 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Rododendron2
3 weeks ago
Selected Answer: D
D, I didn't found any explanation describing B
upvoted 1 times
...
factmrojas
9 months, 1 week ago
Selected Answer: D
shloud be D
upvoted 1 times
...
NikoTomas
1 year, 2 months ago
For me, correct is D: "Change the Access Type under the Authorization Profile lo ACCESS_REJECT." - - Access Type = drop-down list in Authorization Profile with options ACCESS_ACCEPT or ACCESS_REJECT. https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_authz_polprfls.html#wp1082564 - Question states “device connects to the wireless network it triggers the Wireless Block List Default rule”, which means that authorization policy (and Authorization Profile) is used but apparently with incorrect authorization settings.
upvoted 2 times
...
XBfoundX
1 year, 5 months ago
In this case for me is not B, I do not see any document mentioned by denverfly (maybe I'm wrong, in case please share the link to the documentation). For logic in this case cause I don't see nothing about this I would say that we need to create an ACL to the WLC that will be used as an airspace ACL for the users that are inside the blacklist portal. Let's discuss this in case I'm wrong guys
upvoted 3 times
NikoTomas
1 year, 2 months ago
For me correct is D as I've explained, but C (WLC ACL) would be also possible, but Cisco documentation states that ACL is called BLACKHOLE, not BLOCKHOLE as is in the answer (maybe it's a typo, I don't know...). Cisco documentation: „Review the default Block_Wireless_Access authorization profile (used in Wireless Block List Default authorization policy). The Advanced Attributes Settings should be: • Cisco:cisco-av-pair = url-redirect=https://ip:port/blockedportal/gateway?portal=PortalID • Cisco:cisco-av-pair = url-redirect-acl=BLACKHOLE ” https://www.cisco.com/c/en/us/td/docs/security/ise/3-2/admin_guide/b_ise_admin_3_2/b_ISE_admin_32_basic_setup.html
upvoted 2 times
...
...
denverfly
1 year, 5 months ago
Selected Answer: B
The additional step that must be taken to resolve the issue of the wireless device being allowed to access the wireless network despite being in the Blocklist Identity Group is B. Enable SNMP with read and write access on the Cisco WLC. This is because the Wireless Block List Default rule uses the ANC (Adaptive Network Control) action of QUARANTINE, which requires SNMP communication between the ISE and the WLC to apply the ACL named BLACKHOLE to the wireless device. If SNMP is not enabled or configured correctly on the WLC, the ISE will not be able to send the CoA (Change of Authorization) request to the WLC and the wireless device will not be blocked. The other options are not correct. Option A is not relevant because URL redirection is not used for the Wireless Block List Default rule. Option C is not necessary because the ACL named BLACKHOLE is automatically created on the WLC when the ANC service is enabled on the ISE. Option D is not effective because the Access Type under the Authorization Profile only applies to wired devices, not wireless devices
upvoted 4 times
IETF1
1 year, 5 months ago
Yes B is correct answer.
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago