ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 300-715 All Questions

View all questions & answers for the 300-715 exam
Go to Exam

Exam 300-715 topic 1 question 148 discussion

Actual exam question from Cisco's 300-715
Question #: 148
Topic #: 1
[All 300-715 Questions]

An administrator is configuring Cisco ISE to authenticate users logging into network devices using TACACS+. The administrator is not seeing any of the authentication in the TACACS+ live logs.
Which action ensures the users are able to log into the network devices?

  • A. Enable the device administration service in the PSN persona.
  • B. Enable the device administration service in the Administration persona.
  • C. Enable the session services in the Administration persona.
  • D. Enable the service sessions in the PSN persona.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by shonda319 at Sept. 24, 2022, 8:39 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Macintosh_and_Merida
Highly Voted 2 years, 4 months ago
This should be A see: https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ISE_admin_guide_24/m_ise_tacacs_device_admin.html "ou should check the Enable Device Admin Service check box in the Administration > System > Deployment > General Settings page to enable TACACS+ operations. Ensure that this option is enabled in each PSN in a deployment."
upvoted 5 times
...
NullNull88
Most Recent 11 months ago
B is correct
upvoted 1 times
...
NikoTomas
11 months ago
Tricky (and st*pid) question. For me B) - PAN. Service is running on PSN but administrator have to enable it in PAN configuration. Question asks „Which ACTION ensures the users are able to log into...” when “administrator is configuring ISE” --> for me ACTION is done in PAN -> "Work Centers > Device Administration > Overview > Deployment and activate the service on the applicable PSNs" - SISE ebook.
upvoted 1 times
NikoTomas
11 months ago
I also checked if prepositions "in PSN" vs. "on PSN" can be directive, but they are used interchangeably in SISE ebook and other Cisco documentation. As stated in other comments here, Cisco says: "check the Enable Device Admin Service check box in the Administration > System > Deployment > General Settings page to enable TACACS+ operations. Ensure that this option is enabled in each PSN in a deployment." (--> IN each PSN) SISE ebook: "...you need to enable the Device Administration service on a Policy Services node (PSN). To do so, follow these steps in the ISE GUI: Step 1. Navigate to Work Centers > Device Administration > Overview > Deployment and activate the service on the applicable PSNs" (--> ON the PSNs) For me it's B) - PAN as I explained above.
upvoted 1 times
...
...
denverfly
1 year, 8 months ago
Selected Answer: A
The correct answer is Enable the device administration service in the PSN persona. The device administration service is a Cisco ISE service that provides centralized authentication, authorization, and accounting (AAA) for network devices. The service must be enabled on the PSN persona in order for users to be able to log into network devices using TACACS+. The other options are not correct. The Administration persona is used to manage Cisco ISE itself, not network devices. The session services are used to manage user sessions, not network devices. The service sessions are used to manage service sessions, not network devices.
upvoted 4 times
...
YmerG
1 year, 10 months ago
Selected Answer: A
According to this phrase on the official book: "You need to need to enable the Device Administration service on a Policy Services node (PSN)"
upvoted 3 times
...
Slavey
2 years ago
Provided answer is correct that is answer B. Think about we enable TACACS service from admin PAN for one or more PSN persona nodes, here is a copy from the link: Device Administration Deployment Settings The Device Administration Deployment page ( Work Centers > Device Administration > Overview > Deployment) allows Cisco ISE administrators to centrally view the device administration system without referring to each node in the deployment section. The Device Administration Deployment page lists the PSNs in your deployment. This simplifies the task of enabling the device admin service individually in each PSN in your deployment. You can collectively enable the device admin service for many PSNs by selecting an option
upvoted 1 times
...
IlPerdan0
2 years ago
Selected Answer: A
From Cisco SISE OCG Page 914: "It is important to know your intended design before you enable the TACACS+ functionality, and you should only enable the Device Admin service on the PSNs that will handle TACACS+ and leave it disabled on any PSNs that are supposed to be dedicated for RADIUS (and vice versa). You should keep the remainder of the session services disabled on the dedicated TACACS+ PSNs."
upvoted 1 times
...
realmephisto
2 years, 1 month ago
Selected Answer: A
A is correct
upvoted 2 times
...
shonda319
2 years, 4 months ago
Selected Answer: A
correct answer is A https://ciscocustomer.lookbookhq.com/iseguidedjourney/ISE-device-admin-policy-sets
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel