Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Cisco 300-715 Exam - Topic 3 Question 89 Discussion

Actual exam question for Cisco's 300-715 exam
Question #: 89
Topic #: 3
[All 300-715 Questions]

Which statement about configuring certificates for BYOD is true?

Show Suggested Answer Hide Answer
Suggested Answer: C

Cisco ISE provides a feature called Adaptive Network Control (ANC) that allows administrators to apply policies to endpoints based on their behavior or status1. One of the ANC policies is Quarantine, which restricts network access for an endpoint by assigning it to a limited-access VLAN or applying an access control list (ACL) on the switch port2. To use the Quarantine policy, the administrator must add the MAC address of the rogue endpoint to the endpoint quarantine list in ISE2. This will trigger a change of authorization (CoA) for the endpoint and apply the Quarantine policy. The other options are not effective for restricting network access for a rogue endpoint, as they do not use the ANC feature of ISE.


by Lea at May 28, 2024, 11:34 PM

Limited Time Offer

25%

Off

Get Premium 300-715 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Brock
5 months ago
I remember reading that the SAN can have multiple entries, not just the user name.
upvoted 0 times
...
Mica
6 months ago
Definitely D! The CN should be the host name for sure.
upvoted 0 times
...
Tawanna
6 months ago
Wait, is the SAN field really just the user name? That seems off.
upvoted 0 times
...
Verdell
6 months ago
I disagree, I thought it was A. Android does use EST.
upvoted 0 times
...
Rosalia
6 months ago
I think option C is correct. Endpoint certs are a must for ISE.
upvoted 0 times
...
Carmen
7 months ago
I vaguely remember that the CN field is often related to the device name, but I’m not confident if that's the correct answer here.
upvoted 0 times
...
Haley
7 months ago
I’m pretty certain that for Cisco ISE BYOD, an endpoint certificate is required, but I can't recall the exact details.
upvoted 0 times
...
Shawnda
7 months ago
I practiced a question similar to this, and I feel like the SAN field usually has the email or user ID, not just the end user name.
upvoted 0 times
...
Deonna
7 months ago
I think I remember something about SCEP being used for most devices, but I'm not sure if Android uses EST or not.
upvoted 0 times
...
Elena
7 months ago
Okay, let me think this through. I know the SAN field is used for the end user's name, not the hostname. And I believe SCEP is the standard enrollment protocol, not EST. I'll go with option C.
upvoted 0 times
...
Deja
7 months ago
Hmm, I'm a bit unsure about this. I'll need to review the material on certificate configuration for BYOD again to make sure I understand the differences between the operating systems.
upvoted 0 times
...
King
7 months ago
I'm pretty confident about this one. I think the answer is C - an endpoint certificate is mandatory for Cisco ISE BYOD.
upvoted 0 times
...
Charlie
7 months ago
I'm a little confused on the details here. I know certificates are important for BYOD, but I'm not sure about the specifics of the enrollment protocols and field population. I'll have to make an educated guess on this one.
upvoted 0 times
...
Merlyn
7 months ago
Hmm, this one seems tricky. I'll need to carefully read through the options and think about what I know about integrating ServiceNow with external content.
upvoted 0 times
...
Delila
7 months ago
Ah, I've got it! A brute force attack is when an attacker tries to guess passwords by trying every possible combination. That's the right answer, I'm confident about that.
upvoted 0 times
...
Precious
12 months ago
I'm going to go with option C. An endpoint certificate is essential for BYOD, otherwise how would the network know it's a trusted device?
upvoted 0 times
...
Tayna
1 year ago
D seems like the right answer. The CN field should be populated with the endpoint's hostname, not the user's name.
upvoted 0 times
...
Norah
1 year ago
Of course an endpoint certificate is mandatory for Cisco ISE BYOD. How else would the device be authenticated?
upvoted 0 times
Avery
10 months ago
An Android endpoint uses EST, whereas other operating systems use SCEP for enrollment.
upvoted 0 times
...
India
11 months ago
I think the SAN field is populated with the end user name.
upvoted 0 times
...
Basilia
11 months ago
Yes, an endpoint certificate is definitely mandatory for Cisco ISE BYOD.
upvoted 0 times
...
...
Werner
1 year ago
Wait, the SAN field should have the endpoint's hostname, not the user's name. This is a tricky one!
upvoted 0 times
Vivan
11 months ago
An endpoint certificate is definitely mandatory for Cisco ISE BYOD.
upvoted 0 times
...
Serita
11 months ago
Yeah, that's correct. The user's name goes in a different field.
upvoted 0 times
...
Portia
12 months ago
I think the SAN field is actually populated with the endpoint host name.
upvoted 0 times
...
...
Edward
1 year ago
Option A looks good to me. I remember learning about the different enrollment protocols used for BYOD on different platforms.
upvoted 0 times
Reita
1 year ago
That's correct. Android uses EST while other OS use SCEP.
upvoted 0 times
...
James
1 year ago
A) An Android endpoint uses EST, whereas other operating systems use SCEP for enrollment
upvoted 0 times
...
...
Cordell
1 year ago
I think the SAN field should be populated with the end user name, so the correct answer is B).
upvoted 0 times
...
Frederick
1 year ago
I disagree, I believe the correct answer is C) An endpoint certificate is mandatory for the Cisco ISE BYOD.
upvoted 0 times
...
Alishia
1 year ago
I think the correct answer is A) An Android endpoint uses EST, whereas other operating systems use SCEP for enrollment.
upvoted 0 times
...

Save Cancel