B correct
https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/ise_active_directory_integration/b_ISE_AD_integration_2x.html
tab -> Active Directory Account Permissions Required to Perform Various Operations
Refer table: Active Directory Account Permissions Required to Perform Various Operations
https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/217351-ad-integration-for-cisco-ise-gui-and-cli.html
tricky question:
but B is correct, it is what is common in both operations :
join:
The join operation requires the following account permissions:
Search Active Directory (to see if a Cisco ISE machine account exists)
Create Cisco ISE machine account to domain (if the machine account does not already exist)
Set attributes on the new machine account (for example, Cisco ISE machine account password, SPN, dnsHostname)
leave :
The leave operation requires the following account permissions:
Search Active Directory (to see if a Cisco ISE machine account exists)
Remove the Cisco ISE machine account from the domain
If you perform a force leave (leave without the password), it will not remove the machine account from the domain.
===============
as you can see the search is the only operation (or permission) that is common
The correct answer is - Create a Cisco ISE machine account in the domain if the machine account does not already exist.
When joining a Cisco ISE appliance to an Active Directory domain, a machine account must be created for the appliance. This machine account is used by the appliance to authenticate to the domain and access resources. When leaving an Active Directory domain, the machine account must be removed.
The other options are not common to both the Join and Leave operations.
Remove the Cisco ISE machine account from the domain: This is only required when leaving an Active Directory domain.
Search Active Directory to see if a Cisco ISE machine account already exists: This can be done by any user with Read permission to the domain.
Set attributes on the Cisco ISE machine account: This can be done by a user with Write permission to the domain.
When joining a Cisco ISE appliance to an Active Directory domain, a machine account must be created for the appliance. This machine account is used by the appliance to authenticate to the domain and access resources. When leaving an Active Directory domain, the machine account must be removed.
The other options are not common to both the Join and Leave operations.
Remove the Cisco ISE machine account from the domain: This is only required when leaving an Active Directory domain.
Search Active Directory to see if a Cisco ISE machine account already exists: This can be done by any user with Read permission to the domain.
Set attributes on the Cisco ISE machine account: This can be done by a user with Write permission to the domain.
The English is so bad!
The join operation requires the following account permissions:
Search Active Directory (to see if a Cisco ISE machine account exists)
Search is NOT a permission, its an action. I wish Cisco didn't outsource these exams!
This section is not available anymore. Please use the main Exam Page.300-715 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
MrCalifornia
Highly Voted 4 years, 1 month agoNaz_0026
Most Recent 6 months agoDaved90
1 year, 11 months agodenverfly
1 year, 11 months agodenverfly
1 year, 11 months agoTHEODORABLE
2 years agoCnoteone
2 years, 2 months agoKlusner
2 years, 2 months ago[Removed]
2 years, 7 months agokthekillerc
3 years, 1 month ago