A network administrator notices that after a company-wide shut down, many users cannot connect their laptops to the corporate SSID. What must be done to permit access in a timely manner?
A.
Connect this system as a guest user and then redirect the web auth protocol to log in to the network.
B.
Allow authentication for expired certificates within the EAP-TLS section under the allowed protocols.
C.
Add a certificate issue from the CA server, revoke the expired certificate, and add the new certificate in system.
D.
Authenticate the user's system to the secondary Cisco ISE node and move this user to the primary with the renewed certificate.
The correct answer is Add a certificate issue from the CA server, revoke the expired certificate, and add the new certificate in system.
When a company-wide shut down occurs, it is possible that the certificates used for authentication may expire. This can prevent users from connecting to the network. To resolve this issue, the network administrator must add a new certificate from the CA server, revoke the expired certificate, and add the new certificate in system.
Here are the steps involved in resolving this issue:
Log in to the CA server and generate a new certificate.
Revoke the expired certificate.
Install the new certificate on the users' laptops.
Once the new certificate has been installed on the users' laptops, they should be able to connect to the network.
Your answer could be ok, BUT questions says: "in a timely manner" so i think B is the right choice, even if C should be the correct one, the best way should be temporarily allow authentication for expired certificates and in the meantime generate a new certificate (it takes more time applying the procedure mentioned on "C" answer
Only Answer that makes sense is B. Company Wide shutdown indicates there could be expired certs.
ISE > Policy > Policy Elements > Results > Authentication > Allowed Protocols > Default Network Access.
Check under EAP-TLS section,
Allow Authentication of expired certificates to allow certificate renewal in Authorization Policy
[Note that by enabling this feature, ISE will treat expired certificates as valid which will reduce your overall ISE security. It is recommended to configure a specific rule in the Authorization Policy using the reusable condition CertRenewalRequired in order to control the overall authorization response to the NAD. When an expired certificate is detected the condition result will be true and you need to configure an Authorization Profile that will re-direct to the CWA portal]
D doesn't make sence to me. You don't authenticate to a secondary PSN. I might be another PSN but it's not secondary.
upvoted 1 times
...
This section is not available anymore. Please use the main Exam Page.300-715 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
IETF1
5 months, 3 weeks agoZLHive
10 months, 3 weeks agodenverfly
10 months, 4 weeks agoElCobra90
9 months, 1 week agoVlad_Is_Love_ua
1 year agotliz
1 year, 2 months agokornalt
1 year, 3 months ago