I believe B is Correct:
Performing device compliance checks offers the benefit of verifying the latest operating system (OS) patches on devices. Device compliance ensures that devices within an organization's network adhere to the required security standards and policies, including patch management.
By checking the compliance status of devices, organizations can identify if the devices have the latest OS patches installed. This is crucial for maintaining a secure network environment, as OS patches often address known vulnerabilities and security weaknesses. Regularly verifying the latest patches helps mitigate the risk of exploitation and potential security breaches.
Option C, providing attribute-driven policies, refers to the capability of tailoring security policies based on specific attributes of the devices or users, but it is not a specific benefit of device compliance.
amswer C
ovides a rule-based, ATTRIBUTE-DRIVEN POLICY model for flexible and business-relevant access control policies.
https://www.cisco.com/c/en/us/products/collateral/security/identity-services-engine/data_sheet_c78-656174.html
I work with ISE on daily basis and @NikoNiko gots a point here, most important feture of ISE is:
Provides a rule-based, ATTRIBUTE-DRIVEN POLICY model for flexible and business-relevant access control policies.
https://www.cisco.com/c/en/us/products/collateral/security/identity-services-engine/data_sheet_c78-656174.html
ISE is performing device compliance checks and one of ISE main features according to datasheet is:
Rich contextual identity and business-policy, which means:
● Provides a rule-based, ATTRIBUTE-DRIVEN POLICY model for flexible and business-relevant access control policies.
● Includes attributes such as user and endpoint identity, posture validation, authentication protocols, device identity, and other external attributes. These attributes can be created dynamically and saved for later use.
https://www.cisco.com/c/en/us/products/collateral/security/identity-services-engine/data_sheet_c78-656174.html
So Attribute-driven policy is the correct answer.
● Performs posture assessments to endpoints connected to the network.
● Enforces the appropriate compliance policies for endpoints through a persistent client-based agent, a temporal agent, or a query to an external MDM/EMM.
● Provides the ability to create powerful policies that include, but are not limited to, checks for the latest OS patch, antivirus and antispyware packages with current definition file variables (version, date, etc.), antimalware packages, registry settings (key, value, etc.), patch management, disk encryption, mobile PIN-lock, rooted or jailbroken status, application presence, and USB-attached media.
https://www.cisco.com/c/en/us/products/collateral/security/identity-services-engine/data_sheet_c78-656174.html
Answer: B
Compliance its not only OS verification:
I think is Classification like:
Compliant
not-compliant
unknow.
Also after that permit or not the Authorization to access to the network.
This section is not available anymore. Please use the main Exam Page.350-701 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
ums008
1 year agoCokamaniako
1 year agoDWizard
1 year agoSegaMasterSystemAdmin
1 year, 1 month agoJessie45785
1 year, 3 months agoddev3737
1 year, 5 months ago4000000
1 year, 8 months agosis_net_sec
1 year, 9 months agoNikoNiko
2 years agofguzalf
1 year, 3 months agoAllfreen
1 year, 12 months agoMoII
2 years, 7 months agojaciro11
2 years, 7 months agoic0deem
2 years, 8 months ago