300-715 Question #342: Real Exam Question with Answer & Explanation

The correct answer is D: authentication profile. To define which certificate field serves as the principal username for certificate authentication in Cisco ISE, an authentication profile must be configured.

Policy Enforcement

Question

An engineer must use certificate authentication for endpoints that connect to a wired network with a Cisco ISE deployment. The engineer must define the certificate field used as the principal username. What is needed to complete the configuration?

Options

Aauthorization profile
Bauthentication policy
Cauthorization rule
Dauthentication profile

Explanation

To define which certificate field serves as the principal username for certificate authentication in Cisco ISE, an authentication profile must be configured.

Common mistakes.

A. An authorization profile defines the access permissions and attributes granted to an authenticated user, not how the user is authenticated.
B. An authentication policy determines which authentication protocol and identity source sequence to use based on specific conditions, but the detailed mapping of certificate fields to username is within the authentication profile.
C. An authorization rule matches conditions to an authorization profile to determine access, it does not define certificate field mapping for authentication.

Concept tested. Cisco ISE certificate authentication profiles

Reference. https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/admin_guide/b_ise_admin_guide_22/b_ise_admin_guide_22_chapter_01100.html

Topics

#Certificate Authentication#Cisco ISE#Authentication Profile#Identity Extraction

Community Discussion

No community discussion yet for this question.

Full 300-715 Practice Browse All 300-715 Questions