Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Cisco Exam 300-715 Topic 12 Question 84 Discussion

Actual exam question for Cisco's 300-715 exam
Question #: 84
Topic #: 12
[All 300-715 Questions]

The security team identified a rogue endpoint with MAC address 00:46:91:02:28:4A attached to the network. Which action must security engineer take within Cisco ISE to effectively

restrict network access for this endpoint?

Show Suggested Answer Hide Answer
Suggested Answer: C

Cisco ISE provides a feature called Adaptive Network Control (ANC) that allows administrators to apply policies to endpoints based on their behavior or status1. One of the ANC policies is Quarantine, which restricts network access for an endpoint by assigning it to a limited-access VLAN or applying an access control list (ACL) on the switch port2. To use the Quarantine policy, the administrator must add the MAC address of the rogue endpoint to the endpoint quarantine list in ISE2. This will trigger a change of authorization (CoA) for the endpoint and apply the Quarantine policy. The other options are not effective for restricting network access for a rogue endpoint, as they do not use the ANC feature of ISE.


by Ammie at Apr 13, 2024, 11:36 AM

Limited Time Offer

25%

Off

Get Premium 300-715 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Gracia
12 months ago
I think creating authentication policy to force reauthentication might also be necessary to ensure security.
upvoted 0 times
...
Sanda
12 months ago
It could work, but adding the MAC address to the quarantine list is a more targeted approach.
upvoted 0 times
...
Alayna
12 months ago
But wouldn't configuring access control list on network switches to block traffic be more effective?
upvoted 0 times
...
Loreta
12 months ago
I agree with Sanda, that way we can restrict network access for that rogue endpoint.
upvoted 0 times
...
Sanda
12 months ago
I think we should add the MAC address to the endpoint quarantine list.
upvoted 0 times
...
Aleta
1 years ago
Configuring access control list on network switches to block traffic might be a good solution too.
upvoted 0 times
...
Antonio
1 years ago
I think creating an authentication policy to force reauthentication could also be effective.
upvoted 0 times
...
Harrison
1 years ago
I disagree, I believe we should implement an authentication policy to deny access.
upvoted 0 times
...
Alaine
1 years ago
I think the best option is to add the MAC address to the endpoint quarantine list.
upvoted 0 times
...
Janna
1 years ago
Whoa, hold on there, Kyoko! 'Shut it down quickly' - that's a bit extreme, don't you think? Let's not get carried away and start denying access without due process. Option C is still the safest bet in my opinion.
upvoted 0 times
...
Rex
1 years ago
Haha, I'd love to see the look on the rogue user's face when they try to connect and get denied! Option D is definitely my pick.
upvoted 0 times
...
Theola
1 years ago
I don't know, I'm not sure quarantining the device is the only solution. Maybe we could also consider forcing a reauthentication, as option B suggests.
upvoted 0 times
...
Kyoko
1 years ago
I'm not convinced. If it's truly a rogue endpoint, we shouldn't waste time with reauthentication. We need to shut it down quickly before it causes any damage. Quarantine is the way to go.
upvoted 0 times
...
Carla
1 years ago
Yeah, I was leaning towards C as well. Adding the MAC address to the quarantine list sounds like the most effective way to restrict access for this rogue endpoint.
upvoted 0 times
Britt
1 years ago
By taking this action, the security team can effectively restrict access for the rogue endpoint.
upvoted 0 times
...
Hyun
1 years ago
Adding the MAC address to the quarantine list is a necessary step in network security.
upvoted 0 times
...
Tonette
1 years ago
Agreed, it's a proactive measure to protect the network from any potential threats.
upvoted 0 times
...
Willodean
1 years ago
Once the MAC address is added to the quarantine list, the network should be more secure.
upvoted 0 times
...
Paz
1 years ago
It's important to isolate the rogue endpoint to prevent any potential security risks.
upvoted 0 times
...
Helga
1 years ago
Definitely, adding it to the quarantine list will prevent further network access.
upvoted 0 times
...
Evangelina
1 years ago
C) Add MAC address to the endpoint quarantine list.
upvoted 0 times
...
...
Willow
1 years ago
That's a good point, Jennie. Option B, creating an authentication policy to force reauthentication, could be a better approach in some cases. It gives the user a chance to authenticate properly.
upvoted 0 times
Deja
1 years ago
Configuring access control list on network switches to block traffic could also prevent any unauthorized access.
upvoted 0 times
...
Lashon
1 years ago
But wouldn't adding the MAC address to the endpoint quarantine list also help isolate the rogue endpoint?
upvoted 0 times
...
Layla
1 years ago
I think option B, creating an authentication policy to force reauthentication, is the best approach.
upvoted 0 times
...
...
Chanel
1 years ago
Hmm, this question seems straightforward enough. I'm thinking either C or D would be the best approach here.
upvoted 0 times
...
Jennie
1 years ago
I'm not so sure about that. What if the rogue endpoint belongs to a legitimate user who forgot to connect through the proper channels? Wouldn't it be better to force reauthentication instead of just quarantining it?
upvoted 0 times
...
Portia
1 years ago
I agree with Rebecka. Option C is the way to go. Quarantining the rogue MAC address is the most straightforward and efficient way to handle this situation within Cisco ISE.
upvoted 0 times
...
Rebecka
1 years ago
This question seems to be testing our knowledge of Cisco ISE and how to manage rogue endpoints. I think the correct answer is C) Add MAC address to the endpoint quarantine list. This will effectively restrict the rogue endpoint from accessing the network without having to configure access control lists or authentication policies.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77