An engineer must control administrative access to the WLC using their Active Directory without being concerned about RBAC after the admin user is authenticated. Which two features does the engineer configure to accomplish this task? (Choose two.)
A and E seem to be the best answers when meeting the requirement for 2 valid choices. B is incorrect as that is for local users and the question states that we're not using local auth on the WLC. C doesn't meet any of the stated requirements either. D is a valid response and RADIUS inherently does not offer RBAC as it only provides Authentication. However since two answers are required only A and E can be combined to provide two steps that will provide admin access. Although RBAC is not required TACACS can define an admin policy set that sets all admin users to have full read/write access without defining any other more granular access.
To control administrative access to the Wireless LAN Controller (WLC) using Active Directory (AD) authentication without worrying about Role-Based Access Control (RBAC) after authentication, the engineer must:
Use a RADIUS server (Option D)
The RADIUS server (e.g., Cisco ISE or Microsoft NPS) integrates with Active Directory to authenticate administrators before granting access to the WLC.
Configure a Device Admin Policy Set (Option A)
In Cisco ISE, the Device Admin Policy Set defines authentication and authorization rules for administrators accessing network devices like WLCs.
This ensures that authenticated users receive appropriate access privileges without needing further RBAC configurations on the WLC itself.
To control administrative access to the WLC using Active Directory without being concerned about RBAC after the admin user is authenticated, the engineer would configure the following two features:
A. Device Admin Policy Set
E. TACACS server
The Device Admin Policy Set allows the engineer to define policies for controlling administrative access, while the TACACS server enables authentication against Active Directory.
AE
Remember cisco will always promote their protocols first in books even in Exams.
Answer A is definite. Both RADIUS and TACACS can be configured between the WLC and AD, but RADIUS is much more common and practical, especially since RBAC is not needed.
I think B and D are correct:
The engineer wants AD - so RADIUS and TACACS are possible.
And the engineer is not concerened about RBAC - so the authenticated admin only needs full read and write access.
upvoted 2 times
...
This section is not available anymore. Please use the main Exam Page.300-430 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
daeman
Highly Voted 2 years, 7 months agorrahim
Most Recent 2 months, 1 week agoGOfeni
6 months agoobifunk
11 months, 2 weeks ago[Removed]
1 year, 6 months agoTJR72
2 years agoTedmus
2 years, 3 months ago