Implementing and Configuring Cisco Identity Services Engine (SISE) — Question 61

A Cisco ISE administrator must restrict specific endpoints from accessing the network while in closed mode. The requirement is to have Cisco ISE centrally store the endpoints to restrict access from.
What must be done to accomplish this task?

Answer options

• A. Create a profiling policy for each endpoint with the cdpCacheDeviceId attribute.
• B. Create a logical profile for each device's profile policy and block that via authorization policies.
• C. Add each MAC address manually to a blocklist identity group and create a policy denying access.
• D. Add each IP address to a policy denying access.

Correct answer: C

Explanation

The correct answer is C because manually adding each MAC address to a blocklist identity group effectively restricts those endpoints from accessing the network. Options A and B involve profiling and authorization policies, which do not directly address the requirement of denying access based on specific endpoints. Option D, while it involves denying access, focuses on IP addresses rather than the required MAC addresses.