Exam 300-715 topic 1 question 35 discussion

my choice is B The authorization profile in Cisco ISE now includes an option to scan endpoints for vulnerabilities. (Cisco Identity Services Engine Administrator Guide, Release 2.7)

this Q came out in my exam today.

B-authorization profile-- agreed this is where the option is configured

authorization profile

The authorization profile in Cisco ISE now includes an option to scan endpoints for vulnerabilities. You can choose to run the scan periodically and also specify the time interval for these scans. After you define the authorization profile, you can apply it to an existing authorization policy rule or create a new authorization policy rule.

Authorization Policy calls the selected authorization profile. The latter does the endpoint scanning. Correct answer is B.

Answer B is the correcet answer for sure ... you can see the option clearly in Authorization profile tab : Authorization Profile * Name Description * Access Type   Network Device Profile   Service Template Track Movement Passive Identity Tracking DACL Name ACL (Filter-ID) Security Group VLAN Voice Domain Permission Web Redirection (CWA, MDM, NSP, CPP) Display Certificates Renewal Message Static IP/Host name/FQDN Suppress Profiler CoA for endpoints in Logical Profile Auto Smart Port [Assess Vulnerabilities Adapter Instance   Trigger scan if the time since last scan is greater than Enter value in hours (1-9999) Assess periodically using above interval]

The authorization profile in Cisco ISE now includes an option to scan endpoints for vulnerabilities. You can choose to run the scan periodically and also specify the time interval for these scans. After you define the authorization profile, you can apply it to an existing authorization policy rule or create a new authorization policy rule.

It's a Common Task in the Authorization Profile. The Authorization Policy is where you call out the Authorization Profile.

Correct answer is D The authorization policy is where you determine flags for endpoint vulnerabilities, profiles only compile the endpoint specific data in the identity store. The auth policy directly scans and "advises" the PAN of any potential vulnerabilities.

B is correct answer Configure Authorization Profile The authorization profile in Cisco ISE now includes an option to scan endpoints for vulnerabilities. You can choose to run the scan periodically and also specify the time interval for these scans. After you define the authorization profile, you can apply it to an existing authorization policy rule or create a new authorization policy rule. https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/admin_guide/b_ise_admin_guide_22/b_ise_admin_guide_22_chapter_010100.html

Looking in my lab, I think the answer should actually be Authorization Policy as you build out the values in the policy / conditions studio. The authorization profile doesn't make any reference to assessing vulnerabilities. Anyone else thinking the same?