Implementing and Configuring Cisco Identity Services Engine (SISE) — Question 101

An organization is implementing Cisco ISE posture services and must ensure that a host-based firewall is in place on every Windows and Mac computer that attempts to access the network. They have multiple vendors' firewall applications for their devices, so the engineers creating the policies are unable to use a specific application check in order to validate the posture for this.
What should be done to enable this type of posture check?

Answer options

• A. Enable the default application condition to identify the applications installed and validate the firewall app.
• B. Enable the default firewall condition to check for any vendor firewall application.
• C. Use a compound condition to look for the Windows or Mac native firewall applications.
• D. Use the file registry condition to ensure that the firewall is installed and running appropriately.

Correct answer: B

Explanation

The correct answer is B because enabling the default firewall condition allows Cisco ISE to check for the existence of any firewall application, regardless of the vendor. Options A and C are incorrect because they rely on specific application checks or native firewalls, which do not address the multi-vendor scenario. Option D is also incorrect since it focuses on file registry checks rather than validating the presence of any firewall application.