Implementing and Configuring Cisco Identity Services Engine (SISE) — Question 331

An administrator needs to give the same level of access to the network devices when users are logging into them using TACACS+. However, the administrator must restrict certain commands based on one of three user roles that require different commands.
How is this accomplished without creating too many objects using Cisco ISE?

Answer options

• A. Create one shell profile and one command set.
• B. Create multiple shell profiles and one command set.
• C. Create multiple shell profiles and multiple command sets.
• D. Create one shell profile and multiple command sets.

Correct answer: D

Explanation

The correct answer is D because creating one shell profile allows for a unified access level, while multiple command sets can be configured to restrict commands based on user roles. Options A and B do not provide the necessary command differentiation, and option C increases complexity unnecessarily by having multiple shell profiles.