The security team identified a rogue endpoint with MAC address 00:46:91:02:28:4A attached to the network. Which action must security engineer take within Cisco ISE to effectively
restrict network access for this endpoint?
Cisco ISE provides a feature called Adaptive Network Control (ANC) that allows administrators to apply policies to endpoints based on their behavior or status1. One of the ANC policies is Quarantine, which restricts network access for an endpoint by assigning it to a limited-access VLAN or applying an access control list (ACL) on the switch port2. To use the Quarantine policy, the administrator must add the MAC address of the rogue endpoint to the endpoint quarantine list in ISE2. This will trigger a change of authorization (CoA) for the endpoint and apply the Quarantine policy. The other options are not effective for restricting network access for a rogue endpoint, as they do not use the ANC feature of ISE.
An administrator is attempting to join a new node to the primary Cisco ISE node, but receives the error message "Node is Unreachable". What is causing this error?
A network security administrator needs a web authentication configuration when a guest user connects to the network with a wireless connection using these steps:
. An initial MAB request is sent to the Cisco ISE node.
. Cisco ISE responds with a URL redirection authorization profile if the user's MAC address is unknown in the endpoint identity store.
. The URL redirection presents the user with an AUP acceptance page when the user attempts to go to any URL.
Which authentication must the administrator configure on Cisco ISE?
Central Web Authentication (CWA) is a feature that allows the network access device (NAD) to redirect the web traffic of a guest user to a web portal hosted by Cisco ISE1. The NAD acts as a proxy between the guest user and the ISE node, and performs the authentication and authorization based on the RADIUS attributes returned by ISE1. To configure CWA on ISE, the administrator must create an authorization profile that contains the URL redirection attribute and assign it to the guest user1. The other options are not correct because they do not use CWA. Device registration WebAuth is a feature that allows users to register their devices on ISE before they can access the network2. WLC with local WebAuth is a feature that allows the wireless LAN controller (WLC) to host the web portal and authenticate the guest user locally3. Wired NAD with local WebAuth is a feature that allows the switch to host the web portal and authenticate the guest user locally
Submit Cancel
Currently there are no comments in this discussion, be the first to comment!