A client connects to a network and the authenticator device learns the MAC address 04:49:23:86:34:AB of this client. After the MAC address is learned, the 802.1 x authentication process begins on this port. Which ISE deployment mode restricts all traffic initially, applies a rule for access control if 802.1x authentication is successful, and can be configured to grant only limited access if 802.1 x authentication is unsuccessful?
The deployment mode described in the question is 'closed mode'. In closed mode, the switch port initially restricts all traffic except for authentication protocols like EAP until the client successfully completes the 802.1X authentication process. If authentication is successful, the appropriate access control rules are applied. If 802.1X authentication is unsuccessful, the port can be configured to grant limited access or no access at all.
https://community.cisco.com/t5/security-knowledge-base/ise-secure-wired-access-prescriptive-deployment-guide/ta-p/3641515#toc-hId--83743573:~:text=or%20VLAN%20authorizations.-,Pre%2DAuthentication%20and%20Post%2DAuthentication%20Access%20Control%20with%20Low%20Impact,-After%20gaining%20enough
Low-Impact doesn't deny all traffic. It allows PXE traffic for example
C. closed mode Here's why closed mode is the correct choice: Closed Mode: In this mode, the switch port initially restricts all traffic (except EAP and potentially DHCP and CDP/LLDP) until the client successfully completes 802.1X authentication. After successful authentication, access control rules defined in Cisco ISE are applied based on policies configured in the authorization profile. If 802.1X authentication fails, the port can be configured to grant limited access or no access at all, depending on the specific configuration. https://community.cisco.com/t5/security-knowledge-base/ise-secure-wired-access-prescriptive-deployment-guide/ta-p/3641515