300-715 Question #344: Real Exam Question with Answer & Explanation

The correct answer is A: Process Host Lookup. For Cisco ISE to support MAB (MAC Authentication Bypass) for clients that do not support 802.1X, "Process Host Lookup" must be enabled in the Authentication Policy's Allowed Authentication Protocols.

Policy Enforcement

Question

A client with MAC address 04:77:10:14:67:AB connects to the network. The client does not support 802.1X. Which setting must be enabled in the Allowed Authentication Protocols list in your Authentication Policy for Cisco ISE Server to support MAB authentication for this MAC address?

Options

AProcess Host Lookup
BEAP-FAST
CEAP-TTLS
DMS-CHAPv2

Explanation

For Cisco ISE to support MAB (MAC Authentication Bypass) for clients that do not support 802.1X, "Process Host Lookup" must be enabled in the Authentication Policy's Allowed Authentication Protocols.

Common mistakes.

B. EAP-FAST is an EAP method used for 802.1X authentication, which the client explicitly does not support.
C. EAP-TTLS is an EAP method used for 802.1X authentication, which the client explicitly does not support.
D. MS-CHAPv2 is an authentication protocol often used within EAP methods or for legacy authentication, but it is not the specific setting for enabling MAB lookup itself.

Concept tested. Cisco ISE MAB configuration

Reference. https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/admin_guide/b_ise_admin_guide_22/b_ise_admin_guide_22_chapter_0100.html

Topics

#MAC Authentication Bypass (MAB)#Cisco ISE#Authentication Policy#Process Host Lookup

Community Discussion

No community discussion yet for this question.

Full 300-715 Practice Browse All 300-715 Questions