Exam 300-715 topic 1 question 38 discussion

The answer is A & E. It is not C, because the question uses the words 'logs in' and option C uses the term authorization. Logging in is Authentication, not Authorization

Could be A,C and E. The device queries ISE and ISE can use an internal or external identity store. https://www.cisco.com/c/en/us/td/docs/security/ise/2-7/admin_guide/b_ise_27_admin_guide/b_ISE_admin_27_device_admin.html#concept_9B1DD5A7AD9C445AAC764722E6E7D32A The device administrator performs the task of setting up a device to communicate with the Cisco ISE server. When a device administrator logs on to a device, the device queries the Cisco ISE server, which in turn queries an internal or external identity store, to validate the details of the device administrator. When the validation is done by the Cisco ISE server, the device informs the Cisco ISE server of the final outcome of each session or command authorization operation for accounting and auditing purposes.

The answer is A&E. It the authentication server's(ISE) role.

A "Device" never ever queries an identity store directly. That eliminates two of them. ISE is the only thing that queries an ID Store and in this case, Device Access is only internal database. This IS About TACACS because it is talking about Device Administrators. With those things in mind it becomes easier to pick which ones are viable options. Take a quick look at the vendor docs which echo this.

For me answer is C and E https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ISE_admin_guide_24/m_ise_tacacs_device_admin.html#:~:text=The%20device%20administrator%20performs%20the,details%20of%20the%20device%20administrator. the admin log into the switch and after that the switch have radius or tacacs, after that you have configured a policy in ISE, usually for network access what you do is connecting an AD to ISE so that Cisco ISE can query an external identity and validate the user that the admin is actually using for authetication

Im going with A& E. there is an internal ISE admin database and it can use external Identity source such as AD. but the key in the question is asking about an ISE admin logging into ISE- not sure what they mean by "device"; if they are talking NAD then it would be Tacacs+

Typical tricky question. A,C,E all stand correct but authorization comes only after successful authentication so I would choose A, E as the correct answers.

Can be internal or external

"Cisco ISE server device administrator" makes me think it's an ISE admin. An ISE admin can have internal or external credentials.

Does "Cisco ISE server device administrator" mean internal identity store?

For Sure A & E are the strongest answers

y our case, to achieve a device login with ISE, we use internal user DB, so the answers should be A & C, the device queries the ISE and the ISE queries the internal database

CORRECT IS C & E READ THE MANUALS When a device administrator logs on to a device, the device queries the Cisco ISE server, which in turn queries an internal or external identity store, to validate the details of the device administrator. When the validation is done by the Cisco ISE server, the device informs the Cisco ISE server of the final outcome of each session or command authorization operation for accounting and auditing purposes. https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ISE_admin_guide_24/m_ise_tacacs_device_admin.html

Correct answer is A and E. https://www.cisco.com/c/en/us/td/docs/security/ise/2-7/admin_guide/b_ise_27_admin_guide/b_ISE_admin_27_device_admin.html#concept_9B1DD5A7AD9C445AAC764722E6E7D32A

I think the correct answers are A and E https://www.cisco.com/c/en/us/td/docs/security/ise/2-7/admin_guide/b_ise_27_admin_guide/b_ISE_admin_27_device_admin.html#concept_9B1DD5A7AD9C445AAC764722E6E7D32A