Cisco 300-715 SISE: Traffic is denied when a host tries to connect

Question

An engineer is testing low-impact mode for a phased deployment of Cisco ISE. Which type of traffic is denied when a host tries to connect to the network prior to authentication?

A. DNS
B. EAP
C. DHCP
D. HTTP

Answer

D. HTTP

Explanation

The question you asked is about how to test low-impact mode for a phased deployment of Cisco ISE. Low-impact mode is a deployment mode that allows you to gradually transition from an open network to a closed network by enforcing authentication and authorization policies on network devices. In low-impact mode, users are allowed to access the network before authentication but only certain types of traffic are permitted.

The type of traffic that is denied when a host tries to connect to the network prior to authentication in low-impact mode is D. HTTP. HTTP stands for Hypertext Transfer Protocol and it is a protocol that is used for accessing web pages or web applications on the internet. HTTP traffic is denied in low-impact mode because it may contain sensitive or malicious data that could compromise the security or performance of the network. HTTP traffic is also denied in low-impact mode because it can be used to redirect users to a web portal for authentication or notification purposes.

The other options are not correct because:

A. DNS: This is a type of traffic that is allowed in low-impact mode before authentication. DNS stands for Domain Name System and it is a service that translates domain names into IP addresses. DNS traffic is allowed in low-impact mode because it is required for resolving host names and accessing network resources.

B. EAP: This is a type of traffic that is allowed in low-impact mode before authentication. EAP stands for Extensible Authentication Protocol and it is a framework that provides various methods for authenticating users or devices on a network. EAP traffic is allowed in low-impact mode because it is used for performing authentication and authorization processes.

C. DHCP: This is a type of traffic that is allowed in low-impact mode before authentication. DHCP stands for Dynamic Host Configuration Protocol and it is a protocol that assigns IP addresses and other network parameters to hosts on a network. DHCP traffic is allowed in low-impact mode because it is required for obtaining network configuration and connectivity.

Reference

• 300-715 SISE – Cisco
• Implementing and Configuring Cisco Identity Services Engine (SISE) – Cisco
• SISE Exam Overview (cisco.com)
• How To Troubleshoot ISE Failed Authentications & Authorizations – Cisco Community
• Solved: ISE- Low Impact Mode – Cisco Community
• Cisco ISE – General Settings Tips and Tricks for Wired Deployments Part 2 — WIRES AND WI.FI

Implementing and Configuring Cisco Identity Services Engine (300-715 SISE) certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Implementing and Configuring Cisco Identity Services Engine (300-715 SISE) exam and earn Implementing and Configuring Cisco Identity Services Engine (300-715 SISE) certification.