ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 300-430 All Questions

View all questions & answers for the 300-430 exam
Go to Exam

Exam 300-430 topic 1 question 174 discussion

Actual exam question from Cisco's 300-430
Question #: 174
Topic #: 1
[All 300-430 Questions]

WPA2 Enterprise with 802.1X is being used for clients to authenticate to a wireless network through a Cisco ISE server. For security reasons, the network engineer wants to ensure that only PEAP authentication is used. The engineer sent instructions to clients on how to configure the supplicants, but the ISE logs still show users authenticating using EAP-FAST. Which action ensures that access to the network is restricted for these users unless the correct authentication mechanism is configured?

  • A. Enable AAA override on the SSID, gather the usernames of these users, and disable the RADIUS accounts until the devices are correctly configured.
  • B. Enable AAA override on the SSID and configure an ACL on the WLC that allows access to users with IP addresses from a specific subnet.
  • C. Enable AAA override on the SSID and configure an access policy in Cisco ISE that denies access to the list of MACs that have used EAP-FAST.
  • D. Enable AAA override on the SSID and configure an access policy in Cisco ISE that allows access only when the EAP authentication method is PEAP.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by robi1020 at Feb. 14, 2024, 2:24 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
robi1020
9 months ago
Selected Answer: D
Enabling AAA override on the SSID ensures that the access policies enforced by the Cisco ISE server are applied to the wireless clients attempting to connect to the network. Configuring an access policy in Cisco ISE that specifies PEAP as the required EAP authentication method will ensure that only clients using the correct authentication method (PEAP) are allowed access to the network. This way, any clients attempting to authenticate using EAP-FAST will be denied access, as they do not meet the specified authentication requirements.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago