Exam 350-701 topic 1 question 55 discussion

correct answer is A. BYOD onboarding

C. The method used to deploy certificates and configure the supplicant on mobile devices to gain access to network resources is C) client provisioning. Client provisioning is a process of deploying network settings, certificates, and other configuration information to mobile devices to enable them to securely connect to a network. This process involves configuring the supplicant, which is the client software that communicates with the network, to use the appropriate authentication methods and credentials required to access network resources. BYOD onboarding is a process that enables personal devices to connect to a corporate network, and it may include client provisioning as one of its steps. MAC authentication bypass is a method of granting network access based on the device's MAC address, without requiring any authentication credentials. Simple Certificate Enrollment Protocol (SCEP) is a protocol used for certificate management, but it is not specifically related to configuring the supplicant or deploying network settings to mobile devices.

I’ll go with A. Option A is the entire process of securely bringing a personal (non-corporate) device onto the network and includes: • Authenticating the user • Installing a certificate • Configuring the supplicant (like 802.1X or EAP-TLS) • Applying network access policies • It uses client provisioning as one step in the process.

Client Provisioning is the process of enabling devices to connect to the network. BYOD is more of allowing personal devices to connect. Client provisioning is the most suitable response, given the options available.

BYOD (Bring Your Own Device) onboarding refers to the process of securely enrolling personal mobile devices (e.g., smartphones, tablets) into a network. During onboarding, the following actions typically occur: • Certificates are deployed to the device for secure authentication. • The supplicant (software responsible for 802.1X authentication) is configured to connect to the network. • Security policies are applied to ensure proper access control and compliance. This method is widely used in environments where employees or users bring their own devices and need secure access to enterprise network resources

Answer a

Jessie and sully seems to have done a good research on the topic

I would go with D. a) the question don't say nothing if the device is corporate owned or not. So BYOD it doesn't make sense. b) authentication bypass certainly is not a method to deploy certificates. c) client provisioning is not related to certificates deployment.

I think A - BYOD

Correct answer A: When supporting personal devices on a corporate network, you must protect network services and enterprise data by authenticating and authorizing users (employees, contractors, and guests) and their devices. Cisco ISE provides the tools you need to allow employees to securely use personal devices on a corporate network. Guests can add their personal devices to the network by running the native supplicant provisioning (Network Setup Assistant), or by adding their devices to the My Devices portal. Because native supplicant profiles are not available for all devices, users can use the My Devices portal to add these devices manually; or you can configure Bring Your Own Device (BYOD) rules to register these devices. Reference: https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ISE_admin_guide_24/m_ise_devices_byod.html

D for sure. I have done this.

It is not byod, since it's not explicitly stating that it's about employees own devices, but its rather just client provisioning

'D' is perhaps the right answer, after all. Simple Certificate Enrollment Protocol (SCEP): SCEP is a protocol that allows mobile devices to request and obtain digital certificates from a certificate authority (CA). The certificates can then be used for authentication and secure network access.

I will go with C: based on Tuxzinator's response BYOD encompasses a broader set of activities including client provisioning. This makes Client Provisioning the more specific answer

I thought it would be D - SCEP https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine-software/116068-configure-product-00.html "At the heart of the BYOD solution is the network supplicant provisioning process, which seeks to distribute the requisite certificates to employee-owned devices. In order to satisfy this requirement, a Microsoft Certificate Authority (CA) can be configured in order to automate the certificate enrollment process with the SCEP."

The answer is C client provisioning The method used to deploy certificates and configure the supplicant on mobile devices to gain access to network resources is client provisioning

A- is correct answer: https://community.cisco.com/t5/security-knowledge-base/cisco-ise-byod-prescriptive-deployment-guide/ta-p/3641867#toc-hId-748642240 Endpoint Onboarding When leveraging ISE for BYOD, there are few actions that the endpoint needs to perform, which includes starting the communication with proper ISE node via the BYOD portal, creating digital certificate pairs, submitting certificate signing request, and configuring network profile. Some O/S has provisions for such functions natively while others require downloading and running an application temporarily to assist with the flow. Aside from Apple mobile devices (iOS), ISE leverages Network Setup Assistant (NSA or AKA Supplicant Provisioning Wizard (SPW)) to ease the BYOD flow for the users. NSA is an application that is downloaded to the endpoint either from the ISE itself or from app store for each of the endpoint types. NSA assists the user to generate certificate pair, install signed certificate, and configure network and proxy settings on the endpoint.