Implementing and Configuring Cisco Identity Services Engine (SISE) — Question 50

An organization has a fully distributed Cisco ISE deployment. When implementing probes, an administrator must scan for unknown endpoints to learn the IP-to-
MAC address bindings. The scan is complete on one PSN, but the information is not available on the others.
What must be done to make the information available?

Answer options

• A. Cisco ISE must be configured to learn the IP-MAC binding of unknown endpoints via RADIUS authentication, not via scanning.
• B. Cisco ISE must learn the IP-MAC binding of unknown endpoints via DHCP profiling, not via scanning.
• C. Scanning must be initiated from the MnT node to centrally gather the information.
• D. Scanning must be initiated from the PSN that last authenticated the endpoint.

Correct answer: D

Explanation

The correct answer is D because the IP-to-MAC bindings learned by the PSN are specific to that PSN, and only that PSN can share its findings with other PSNs through the authentication process. Options A and B suggest alternative methods that do not address the issue of sharing data across PSNs, while option C incorrectly identifies the MnT node, which does not perform scans for endpoint discovery.