Exam 350-401 topic 1 question 12 discussion

I think its B: ISE

poor question if asked that way since both are technically correct (B & C). ISE is of course a radius server, and you can leverage a third party radius server + ISE for SDA. If they had used creative wording then maybe they were trying to trick you, you can't run SDA with only a third party radius server, you still need ISE. ex. https://community.cisco.com/t5/networking-documents/how-to-use-group-based-policies-with-3rd-party-radius-using/ta-p/3930041

The answer is D. Either ISE or Radius can authenticate , but it's the control plane that is mandated to make the decision based on authentication result. The question is "which component decides?" did you notice ??? Even if you looked atg the answers suggested you could see that two are equally correct B&C which in CISCO exams usually means neither one.

Cisco Identity Services Engine (ISE) is an identity-based network access control and policy enforcement system. Network devices can be configured to query Cisco ISE for authentication and authorization of device administrator actions. These devices also send accounting messages to Cisco ISE to log such actions. https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ISE_admin_guide_24/m_introduction.pdf

ISE provides network access control (NAC) and identity services for dynamic endpoint-to-group mapping and policy definition in a variety of ways, including using 802.1x, MAC Authentication Bypass (MAB), and Web Authentication (WebAuth). Cisco ISE (Identity Services Engine) is a RADIUS Server + policy engine

When a wired client connects to an edge switch in a Cisco SD-Access fabric, the component that decides whether the client has access to the network is the Identity Services Engine (ISE). Therefore, option B is the correct answer. The ISE is a key component of the Cisco SD-Access architecture that provides authentication, authorization, and accounting (AAA) services. When a client connects to an edge switch, the ISE is responsible for determining the client's identity and checking its credentials against a policy database. If the client is authorized to access the network, the ISE instructs the edge switch to assign the appropriate VLAN and apply the appropriate policies. If the client is not authorized, the ISE instructs the edge switch to quarantine the client and provide limited network access.

B is correct ISE is responsible for identity and access control in a network. It ensures that only authorized clients have access to the network by checking credentials and enforcing access policies. For example, if a wired client with incorrect credentials tries to connect to the network, the ISE would deny access. It is crucial in keeping networks secure by preventing unauthorized access and potential security threats.

B is correct

B is correct

I think should be B

The answer i think is "B". Why ? 1. Radius does not have ISE feature, 2. ISE has Radius , 3. the key word "Cisco SD-Access fabric" - ISE is part of the SDN concept

ise is used to allow or not allow access to the network there are policys and permissions assigned in the ise management portal

it should be B

The correct answer is B, it was even in the CBT nuggets videos. Specifically Explain SD-Access Fabric Operation/User Authentication. So, B is your correct answer.

Correct answer is B ISE You can't run SDA with only a third party radius server, you need ISE

Eventhought 802.1X can run with a 3rd party radius server, for SDA policy to work must be with ISE as use trusect for the security plane.

-B-: It has to be an ISE , a standard RADIUS server isn't sufficient