300-715 Question #359: Real Exam Question with Answer & Explanation

Question

Drag and Drop Question Drag and drop the steps of the onboarding process from the left into the order they authenticate on the right. Not all options are used. Answer:

Explanation

This question tests the understanding of the sequential steps involved in a single SSID onboarding process for enterprise network access, from initial device configuration to full network access.

Approach. The correct approach involves identifying the three statements that describe a single SSID onboarding process and then arranging them logically:

1. Top slot: 'The employee must configure the supplicant on the device to connect to the corporate SSID.' - This is the foundational first step. Before a device can connect to any secure corporate network, its network client (supplicant) needs to be configured with the necessary details like the SSID name, security type (e.g., WPA2-Enterprise), and initial authentication method. Without this configuration, the device cannot even attempt to connect.

2. Middle slot: 'The authentication used to connect to the corporate SSID is used for single sign-on to the onboarding and provisioning process.' - Once the supplicant is configured and the device initiates a connection, it authenticates to the corporate SSID. In a single SSID onboarding model, this initial network authentication is typically leveraged to provide single sign-on (SSO) access to a provisioning portal or services, allowing the user to complete device setup, install certificates, or enroll in Mobile Device Management (MDM).

3. Bottom slot: 'A change of authorization is used to provide full access after the provisioning process without requiring the employee to reconnect to the network.' - After the provisioning process is successfully completed (e.g., a device certificate is installed, a posture check passes), the device's network access needs to be elevated from restricted onboarding access to full corporate network access. A Change of Authorization (CoA) message, usually sent by the RADIUS server to the network access device (like a wireless controller or switch), dynamically updates the client's policy without requiring them to disconnect and reconnect, ensuring a seamless transition to full network privileges.

Common mistakes.

• common_mistake. The most common mistake is selecting or misplacing the option 'The employee connects to the Open SSID before the provisioning process, and the employee must connect to the corporate SSID after the process.' This statement describes a 'two-SSID onboarding' scenario, which involves using a temporary, often open or less secure, SSID for initial provisioning before transitioning to the secure corporate SSID. The question clearly specifies 'Single SSID' as the context, making this option incorrect for the given scenario. Additionally, incorrect ordering of the correct steps would also be wrong, as it would break the logical flow of the onboarding process.

Concept tested. This question tests the understanding of enterprise network onboarding mechanisms, specifically focusing on the single SSID model, which relies on secure authentication protocols (like 802.1X/RADIUS), supplicant configuration, single sign-on (SSO) for provisioning, and dynamic policy updates using Change of Authorization (CoA) for a seamless user experience.

No community discussion yet for this question.