Exam 350-701 topic 1 question 531 discussion

DE:To force a session to be adjusted after a policy change on Cisco ISE (Identity Services Engine) and Cisco TrustSec devices, the following two configurations need to be made: E. CoA (Change of Authorization) CoA, or Change of Authorization, is a feature that allows network devices to dynamically update the policies applied to an authenticated session. By using CoA, Cisco ISE can send a message to the TrustSec devices instructing them to reevaluate and adjust the session based on the updated policy. This ensures that the session reflects the latest policy changes made in Cisco ISE. D. aaa server radius dynamic-author This configuration enables the TrustSec devices to act as a RADIUS dynamic authorization server. With this setting, Cisco ISE can send CoA messages to the TrustSec devices, triggering the session adjustments after a policy change. The TrustSec devices, acting as dynamic authorization servers, will receive the CoA messages from Cisco ISE and update the session accordingly.

Answer d,e

The dynamic authorization feature allows ISE to send CoA messages to the network device, which in turn forces the session to be re-evaluated and adjusted according to the new policy. So, the correct answers are: D. aaa server radius dynamic-author E. CoA

D. aaa server radius dynamic-author E. CoA The question is asking for "which configuration" - COA is by default set to None, so you have to make change to REAUTH and dynamic author to support COA on switch/network device.

Posture assessment: Cisco ISE (Identity Services Engine) can perform posture assessment to evaluate the compliance of endpoints with security policies. By configuring posture assessment on Cisco ISE, it can check if an endpoint meets the required security standards. If a policy change is made and the endpoint no longer complies, Cisco ISE can trigger a re-authentication or session adjustment to enforce the new policy. CoA (Change of Authorization): CoA is a mechanism that allows Cisco ISE to dynamically adjust the attributes or parameters of a session after authentication. When a policy change is made on Cisco ISE, it can send a CoA request to the Cisco TrustSec devices (such as switches) to force a session to be adjusted based on the new policy. This ensures that the updated policy is immediately enforced on the network.

"In the next step, create a RADIUS server group and add previously configured RADIUS servers to the group for easier configuration management. Also enable CoA, which is needed for Cisco ISE services. Configure the RADIUS server group: aaa group server radius ISE server name ISE Configure RADIUS CoA: aaa server radius dynamic-author client 10.64.0.100 server-key 3df23d21 The following table explains the commands that are needed to configure a RADIUS server group and to enable RADIUS CoA."

vote for AE.

The previous comments are misleading in my opinion. The correct answers are: E. CoA - this is the standard used to force policy/data refresh. D. aaa server radius dynamic-author - this command enables CoA on a Cisco switch

You can click the Push button to initiate an environment CoA notification after updating multiple SGTs. This environment CoA notification goes to all TrustSec network devices forcing them to start a policy/data refresh request. Reference: https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/admin_guide/b_ise_admin_guide_22/b_ise_admin_guide_22_chapter_011000.html

I saw in other exam that correct is A,C