Implementing and Configuring Cisco Identity Services Engine (SISE) — Question 112

An administrator is migrating device administration access to Cisco ISE from the legacy TACACS+ solution that used only privilege 1 and 15 access levels. The organization requires more granular controls of the privileges and wants to customize access levels 2-5 to correspond with different roles and access needs.
Besides defining a new shell profile in Cisco ISE, what must be done to accomplish this configuration?

Answer options

• A. Enable the privilege levels in Cisco ISE.
• B. Enable the privilege levels in the IOS devices.
• C. Define the command privileges for levels 2-5 in Cisco ISE.
• D. Define the command privileges for levels 2-5 in the IOS devices.

Correct answer: C

Explanation

The correct answer is C because defining the command privileges for levels 2-5 in Cisco ISE is essential for implementing the granular control needed for different roles. Options A and B are incorrect because simply enabling privilege levels does not configure the specific commands associated with those levels. Option D is also incorrect as the command privileges must be set in Cisco ISE to integrate effectively with the new access model.