Implementing and Configuring Cisco Identity Services Engine (SISE) — Question 243

An administrator must configure Cisco ISE to authenticate a user accessing a Cisco Adaptive Security Appliance firewall using SSH. The solution must meet these requirements:

• The local Cisco ISE database must be used for user authentication
• ASA commands run by users must be validated

The configurations were performed:

• added the Cisco Adaptive Security Appliance firewall
• configured user accounts
• enabled Device Admin Service in Cisco ISE
• configured a TACACS profile
• configured an authorization policy
• configured the Cisco Adaptive Security Appliance firewall for authentication and authorization

Which two actions must be taken in Cisco ISE? (Choose two.)

Answer options

• A. Enable local authentication.
• B. Configure a user identity group.
• C. Configure an authentication profile.
• D. Configure TACACS command sets.
• E. Configure an authorization profile.

Correct answer: B, D

Explanation

The correct answers are B and D. Configuring a user identity group (B) is essential for organizing users within Cisco ISE for proper authorization and access management. Additionally, setting up TACACS command sets (D) is crucial for validating the specific commands that users can execute on the ASA, ensuring compliance with security policies. Options A, C, and E, while important, do not directly address the requirements specified in the question.