Implementing and Configuring Cisco Identity Services Engine (SISE) — Question 177

An administrator enables the profiling service for Cisco ISE to use for authorization policies while in closed mode. When the endpoints connect, they receive limited access so that the profiling probes can gather information and Cisco ISE can assign the correct profiles. They are using the default values within Cisco ISE, but the devices do not change their access due to the new profile. What is the problem?

Answer options

• A. The default profiler configuration is set to No CoA for the reauthentication setting.
• B. In closed mode, profiling does not work unless CDP is enabled.
• C. The profiler feed is not downloading new information, so the profiler is inactive.
• D. The profiling probes are not able to collect enough information to change the device profile.

Correct answer: A

Explanation

The correct answer is A because the No CoA (Change of Authorization) setting prevents the devices from being reauthenticated and having their access updated based on the new profile. Options B and C are incorrect as CDP is not a requirement for profiling to work, and the profiler feed status does not affect the immediate issue of access limitations. Option D is also incorrect since the profiling probes are operating but cannot change access due to the No CoA setting.