Home » Cisco » 300-208 » Which option is the reason for machine being reported `unknown’.
A network administrator is seeing a posture status "unknown’ for a single corporate mac address but unknown machines are reported as `complaint’.
Which option is the reason for machine being reported `unknown’.
A. Posture service disabled on cisco ISE
B. Posture policy does not support the OS
C. Posture agent not installed on the machine***
D. Posture compliance condition is missing on the machine.
Answer: C
Explanation:
When a client first attempts to join the network, it might not have a NAC agent available to perform a posture assessment. Without a NAC agent, ISE will have no mechanism to determine what software is running on the endpoint. Accordingly, the endpoint will not know how to communicate its posture assessment to ISE. For this reason, an endpoint without a posture agent will be assigned an Unknown posture status.
On these tests , its not about what you think is right rather what Cisco thinks it is correct.
Posture assessment guide: https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/116143-config-cise-posture-00.html
Posture assessment: https://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_pos_pol.html
If no matching posture policy is defined for an endpoint, then the posture compliance status of the endpoint may be set to unknown.
A posture compliance status of unknown can also apply to an endpoint where a matching posture policy is enabled but posture assessment has not yet occurred for that endpoint and, therefore no compliance report has been provided by the NAC Agent.
I am still leaning towards C as D makes you beleie something is needed ON THE Machine.
however the statement from Cisco – If no matching posture policy is defined for an endpoint, then the posture compliance status of the endpoint may be set to unknown..
I hate Ciscos test questions – Whoever writes them should just retire and go do something different in life