Implementing and Configuring Cisco Identity Services Engine (SISE) — Question 170

The IT manager wants to provide different levels of access to network devices when users authenticate using TACACS+. The company needs specific commands to be allowed based on the Active Directory group membership of the different roles within the IT department. The solution must minimize the number of objects created in Cisco ISE. What must be created to accomplish this task?

Answer options

• A. one shell profile and one command set
• B. multiple shell profiles and one command set
• C. one shell profile and multiple command sets
• D. multiple shell profiles and multiple command sets

Correct answer: C

Explanation

The correct answer is C because a single shell profile can be used to define the overall access level, while multiple command sets can be created to specify different command permissions based on the roles of users. The other options either increase the number of objects unnecessarily or do not provide the required granularity in command permissions.