ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 300-715 All Questions

View all questions & answers for the 300-715 exam
Go to Exam

Exam 300-715 topic 1 question 64 discussion

Actual exam question from Cisco's 300-715
Question #: 64
Topic #: 1
[All 300-715 Questions]

A Cisco ISE administrator must restrict specific endpoints from accessing the network while in closed mode. The requirement is to have Cisco ISE centrally store the endpoints to restrict access from.
What must be done to accomplish this task?

  • A. Create a profiling policy for each endpoint with the cdpCacheDeviceId attribute.
  • B. Create a logical profile for each device's profile policy and block that via authorization policies.
  • C. Add each MAC address manually to a blocklist identity group and create a policy denying access.
  • D. Add each IP address to a policy denying access.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by kingsalah1982 at Nov. 3, 2022, 7:13 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
NullNull88
8 months, 3 weeks ago
Answer is C
upvoted 1 times
...
denverfly
1 year, 5 months ago
Selected Answer: C
The correct answer is - Add each MAC address manually to a blocklist identity group and create a policy denying access. To accomplish this task, the Cisco ISE administrator must follow these steps: Create a blocklist identity group. Add each MAC address of the endpoints that must be restricted from accessing the network to the blocklist identity group. Create a policy that denies access to the blocklist identity group. Apply the policy to the network access devices.
upvoted 4 times
...
rhylos
1 year, 5 months ago
Selected Answer: C
Blocklist" identity group is a feature that allows you to define a group of identities (users or endpoints) that should be denied network access based on specific criteria. can be configured based on various criteria, such as usernames, MAC addresses, IP addresses, device attributes, or other identity attributes. You can manually add identities to the Blocklist group or dynamically populate the group using various identity sources, such as Active Directory, LDAP, or RADIUS.
upvoted 2 times
...
theorgin
1 year, 5 months ago
Selected Answer: C
C since the question is about specific endpoints, not endpoint types.
upvoted 2 times
...
THEODORABLE
1 year, 6 months ago
Selected Answer: C
C is more appropriate-- a logical profile must be matched based n a profiler result. there is no assurance that the devices will get profiled properly or at all. A mac address is something you get right away and is absolute.
upvoted 1 times
...
aHash
2 years ago
Selected Answer: B
B is the right one. @kingsalah1982 , C could work as well but MAC can be easily spoofed so that's not best practice.
upvoted 2 times
...
kingsalah1982
2 years ago
B is a bit organized way but alternate could be C.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel