Exam 350-701 topic 1 question 292 discussion

100% B. MAB is not enabled on the port, so only 802.1x enabled devices can get onto the network (if they pass authentication and authorization)

It's interesting that they even have C as an option. Because if you authenticate MAB to Windows NPS, you have to add MD5-EAP manually to NPS as it is considered insecure.

B is correct.

B is correct.

I am working with ISE since 1.x version and there never was anything like default authentication and authorization policy - MAB is te way to go

B is correct

B is correct https://community.cisco.com/t5/network-access-control/problems-with-connecting-printers-via-mab/td-p/3528002

Cameras, Printers, and devices not having user interaction don't have dot1x capabilities. MAB is used for these kind of devices.

Should be MAB, My answer is B.

Probably B

https://sirius-cyber.net/2020/06/08/cisco-ise-mac-authentication-bypass-mab/

I think mab is the only way to authenticate printers and cameras, I stand to be corrected. To me B is the answer.

B is correct - MAB. Printers, cameras, video conference devices, etc.. either don't have 802.1X supplicant or if they have it, it could be difficult to manage. So these devices are usually authenticated and authorized by Mac Authentication Bypass (MAB) + Profiling on ISE (profiling is classification of the devices by type, function, etc... ISE recognizes devices like cameras / Cisco Phones / printers / ... and these attributes can be used in the ISE policy to apply desired authorization to the endpoints)