ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 300-715 All Questions

View all questions & answers for the 300-715 exam
Go to Exam

Exam 300-715 topic 1 question 161 discussion

Actual exam question from Cisco's 300-715
Question #: 161
Topic #: 1
[All 300-715 Questions]

A network administrator is currently using Cisco ISE to authenticate devices and users via 802.1X. There is now a need to also authorize devices and users using
EAP-TLS. Which two additional components must be configured in Cisco ISE to accomplish this? (Choose two.)

  • A. Certificate Authentication Profile
  • B. EAP Authorization Profile
  • C. Network Device Group
  • D. Common Name attribute that maps to an identity store
  • E. Serial Number attribute that maps to a CA Server
Show Suggested Answer Hide Answer
Suggested Answer: AB 🗳️
by rhylos at May 30, 2023, 6 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
rhylos
Highly Voted 2 years, 1 month ago
Selected Answer: AB
A & B A. Certificate Authentication Profile: A Certificate Authentication Profile needs to be configured in Cisco ISE. This profile specifies the requirements for client certificates, such as certificate types, acceptable certificate authorities (CAs), and other certificate validation criteria. B. EAP Authorization Profile: An EAP Authorization Profile must be configured in Cisco ISE. This profile defines the authorization policies and access privileges for devices and users authenticated using EAP-TLS. It specifies the network resources, VLAN assignments, and other attributes that should be applied to the authenticated devices and users.
upvoted 6 times
NikoTomas
1 year, 3 months ago
Wrong. Term "EAP Authorization Profile" does not exist and it does not recall anything in similar meaning, because any Authorization Profile has nothing to do with authentication protocols (EAP-TLS, EAP-whatever...).
upvoted 2 times
...
...
arashdehghan
Most Recent 4 months ago
Selected Answer: AD
"EAP Authorization Profile" This is not a specific component in Cisco ISE. Authorization is handled through policies, not a dedicated EAP authorization profile
upvoted 1 times
...
ed81044
10 months, 1 week ago
Selected Answer: AB
Configure Obtain Server and Client Certificates Step 1. Generate a Certificate Signing Request from ISE Step 2. Import CA Certificates into ISE Step 3. Obtain Client Certificate for Endpoint Network Devices Step 4. Add the Network Access Device in ISE Policy Elements Step 5. Use External Identity Source Step 6. Create the Certificate Authentication Profile Step 7. Add to an Identity Source Sequence Step 8. Define the Allowed Protocols Service Step 9. Create the Authorization Profile Security Policies Step 10. Create the Policy Set Step 11. Create an Authentication Policy Step 12. Create the Authorization Policy Verify Troubleshoot From <https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/214975-configure-eap-tls-authentication-with-is.html#toc-hId--17067185>
upvoted 2 times
...
techjockeynet
1 year, 4 months ago
Selected Answer: AD
https://pupuweb.com/cisco-300-715-sise-qa-additional-components-configured-ise-authorize-using-eap-tls/
upvoted 2 times
NikoTomas
1 year, 3 months ago
From your link: "The correct answers are A and D. - Certificate Authentication Profile: This profile is used to define the requirements for EAP-TLS authentication. It specifies the type of certificate that is required, the CA server that is used to issue certificates, and the attributes that are extracted from the certificate. - Common Name attribute that maps to an identity store: This attribute is used to map the Common Name (CN) of the certificate to an identity in an identity store. This allows Cisco ISE to identify the user or device that is connecting using EAP-TLS. The other options are not required to configure EAP-TLS authorization - EAP Authorization Profile: used to define the authorization policies for EAP-TLS. However, it is not required to configure EAP-TLS authentication. - Network Device Group: used to group devices that are configured to use EAP-TLS authentication. However, it is not required to configure EAP-TLS authentication. - Serial Number attribute that maps to a CA Server: used to map the serial number of the certificate to a CA server. However, it is not required to configure EAP-TLS authentication."
upvoted 1 times
...
...
XBfoundX
1 year, 7 months ago
AB are the correct one. When you want to use EAP-TLS first we need to specity the parameter to check inside the certificate for authentication, so we create the Certificate Authentication Profile. After that we have bind the Certificate Authentication Profile to an identity source sequence that is personalized for EAP-TLS authentication then we can configure the Authorization Profile for have a specific result based on the policies that we are going to configure inside the policy set EAP-TLS
upvoted 2 times
NikoTomas
1 year, 3 months ago
Totally wrong, Authorization Profile has nothing to do with authentication protocols (EAP-TLS, EAP-whatever...). See explanation from techjockeynet here in discussion.
upvoted 1 times
...
...
ElCobra90
1 year, 11 months ago
Selected Answer: AB
Correct A and B, E is a check that Cisco ISE perform automatically, you don't need to configure anything for that, the question asking specifically the CONFIGURATION needed, so go for A and B.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel