Implementing and Configuring Cisco Identity Services Engine (SISE) — Question 255

An administrator must provide administrative access to the helpdesk users on production Cisco IOS routers. The solution must meet these requirements:
• Authenticate the users against Microsoft AD.
• Validate IOS commands run by users.
These configurations have been performed:
• joined Cisco ISE to AD
• retrieved AD groups
• added a router to Cisco ISE
• enabled Device Admin Service in Cisco ISE
• configured an authorization policy
• configured the routers for authentication and authorization

Which two components must be configured? (Choose two.)

Answer options

• A. TACACS command sets
• B. authentication profile
• C. authorization profile
• D. TACACS profile
• E. access control list to filter the IOS commands

Correct answer: A, D

Explanation

The correct answer includes TACACS command sets (A) and TACACS profile (D) because these are necessary to define what commands users can execute and to ensure proper communication between the IOS devices and Cisco ISE. The other options, such as authentication profile (B) and authorization profile (C), are not specifically required to meet the outlined needs, while access control lists (E) are not a direct component of the TACACS configuration for command validation.