Free Cisco 300-715 SISE Actual Exam Questions - Question 4 Discussion

A imo. dACLs are designed to enforce access policies by defining which traffic or resources users can access, so they fit well when you need to send specific attributes to control user access on non-Cisco devices. Command sets (D) mainly control command authorization on Cisco gear, so they might not cover the attribute needs here. Shell profiles (C) seem Cisco-specific, and custom access conditions (B) are more about defining roles rather than passing attributes in Access-Accept responses.

B tbh, because custom access conditions let you define roles flexibly without being tied to Cisco-specific setups, which fits sending special attributes for non-Cisco devices better.

Maybe C makes more sense here since shell profiles can carry those custom attributes needed by non-Cisco devices, while command sets in D usually just control command permissions, not attribute passing.

D imo, since command sets directly define what users can access on devices.

Option C seems solid because shell profiles let you include custom attributes tailored for non-Cisco devices, which fits the need to send special attributes. D is more about command control rather than sending attributes themselves, so that feels less direct. A and B are more about policy enforcement and conditions, not directly about encoding those special attributes in the Access-Accept message. So I’d go with C here.

B imo, custom access conditions sound like the right way to define different user roles before sending any attributes. Without proper role definitions, special attributes won't be effective.

I think D makes more sense here. Command sets let you define exactly what commands are allowed or denied, which is crucial for controlling user access on non-Cisco devices. Shell profiles (C) are more Cisco-specific for defining roles, but since this is about a non-Cisco device, TACACS+ command sets feel like the right way to send those special attributes in Access-Accept. So, I’d say D.

Probably A since dACLs can control access based on policies sent in Access-Accept.

This one’s tricky, but I’d go with C. Shell profiles let you define custom attributes sent in the Access-Accept response, which matches the requirement for non-Cisco devices. D command sets mostly control command authorization, not the Access-Accept attributes themselves. So, C fits better for sending special attributes that control access levels.

Option C makes sense here because shell profiles let you define custom attributes that can be sent in the Access-Accept packet, which is exactly what’s needed for non-Cisco devices.

Probably D.