Exam 350-701 topic 1 question 263 discussion

ITS A !! https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ISE_admin_guide_24/m_ise_interoperability_mdm.html

Aswer A Cisco ISE queries a connected MDM server for information about various attributes that you can use to create network authorization policies.

A. It provides compliance checks for access to the network. The benefit of integrating Cisco ISE with a Mobile Device Management (MDM) solution is that it provides compliance checks for access to the network. This integration allows for the enforcement of security policies for mobile devices accessing the network. The MDM solution provides information about the device, such as its operating system version, security patch level, and any other security-related information. Cisco ISE can then use this information to determine if the device meets the organization's security policies, and either grant or deny access to the network based on the results of this compliance check. This integration helps to ensure that only compliant and secure devices are allowed access to the network, enhancing the overall security posture of the organization.

MDM helps is deploying company policy on BYOD mobile devices/tablets. The ISE when integrated with MDM will ensure that the mobile devices are compliant as per the company policy and ISE will permit/block based on the response received from the MDM

Guys it is D. A is not correct because MDM should not give access to the network when the devices are non compliant. This is only possible because of the option D: https://cdw-prod.adobecqms.net/content/dam/cdw/on-domain-cdw/brands/cisco/ise-solution-overview.pdf "4.Network admin access control. ISE is the only NAC solution that includes TACACS+ for role-based administrative access control to networking equipment"

Will go with A here

Based on https://community.cisco.com/t5/security-documents/cisco-ise-integration-with-mobile-device-management-mdm/ta-p/3784691

ITS A !! https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ISE_admin_guide_24/m_ise_interoperability_mdm.html

this should be a because if you implement MDM integration wiht ISE you can check in the Policy if the Mobile device is complianted from MDM perspective and either allow or deny access based on the answer the MDM is delivering to ISE back

https://community.cisco.com/t5/security-documents/cisco-ise-integration-with-mobile-device-management-mdm/ta-p/3784691 The following are the high level use cases in this solution. Device registration- Non registered endpoints accessing the network on-premises will be redirected to registration page on MDM server for registration based on user role, device type, etc Remediation- Non compliant endpoints will be given restricted access based on compliance state Periodic compliance check – Periodically check with MDM server for compliance Ability for ISE administrators to issue remote actions on the device through the MDM server (e.g.: remote wiping of the managed device) Ability for end user to leverage the ISE My Devices Portal to manage personal devices, e.g. Full Wipe, Corporate Wipe and PIN Lock.

It should be A

it should be A?