Examice

Exam 300-715 All QuestionsBrowse all questions from this exam

Question 256

An administrator must provide administrative access to the helpdesk users on production Cisco IOS routers. The solution must meet these requirements:

• Authenticate the users against Microsoft AD.

• Validate IOS commands run by users.

These configurations have been performed:

• joined Cisco ISE to AD

• retrieved AD groups

• added a router to Cisco ISE

• enabled Device Admin Service in Cisco ISE

• configured an authorization policy

• configured the routers for authentication and authorization

Which two components must be configured? (Choose two.)

TACACS command sets

authentication profile

authorization profile

TACACS profile

access control list to filter the IOS commands

Correct Answer: A, C

To meet the requirements of authenticating users against Microsoft AD and validating the IOS commands run by users, configuring TACACS command sets and authorization profiles is necessary. TACACS command sets control and restrict specific IOS commands that users are allowed to run, ensuring that only authorized commands are executed. Authorization profiles define the permissions and policies applied to users after successful authentication, enabling granular control over their access and capabilities on the routers. This ensures that appropriate validation and authorization mechanisms are in place.

Discussion

4004aa3Options: AD

A&D seem correct: https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/200208-Configure-ISE-2-0-IOS-TACACS-Authentic.html#anc11