Implementing and Configuring Cisco Identity Services Engine (SISE) — Question 292

An engineer must use Cisco ISE to provide network access to endpoints that cannot support 802.1X. The endpoint MAC addresses must be allowlisted by configuring an endpoint identity group. These configurations were performed:
• configured an identity group named allowlist
• configured the endpoints to use the MAC address of incompatible 802.1X devices
• added the endpoints to the allowlist identity group
• configured an authentication policy for MAB users

What must be configured?

Answer options

• A. logical profile that matches the allowlist identity group based on the configured policy
• B. authorization profile that has the PermitAccess permission and matches the allowlist identity group
• C. authorization policy that has the PermitAccess permission and matches the allowlist identity group
• D. authentication profile that has the PermitAccess permission and matches the allowlist identity group

Correct answer: C

Explanation

The correct answer is C because an authorization policy is necessary to define what access permissions the endpoints in the allowlist identity group will receive. Options A and D do not pertain to the authorization process, and option B mentions an authorization profile instead of a policy, which is not sufficient for the required configuration.