300-715 Question #73: Real Exam Question with Answer & Explanation

Question

What are the three default behaviors of Cisco ISE with respect to authentication, when a user connects to a switch that is configured for 802.1X, MAB, and WebAuth? (Choose three)

Options

• AMAB traffic uses internal endpoints for retrieving identity.
• BDot1X traffic uses a user-defined identity store for retrieving identity.
• CUnmatched traffic is allowed on the network.
• DUnmatched traffic is dropped because of the Reject/Reject/Drop action that is configured under
• EDot1 traffic uses internal users for retrieving identity.

Explanation

{"question_number": 8, "question": "What are the three default behaviors of Cisco ISE with respect to authentication, when a user connects to a switch that is configured for 802.1X, MAB, and WebAuth? (Choose three)", "correct_answer": "A, B, D", "explanation": "The three correct default ISE behaviors are: (A) MAB traffic uses the internal endpoints identity store by default - ISE checks its local endpoint database to validate a MAC address during MAB authentication. (B) 802.1X (Dot1X) traffic uses a user-defined identity store (such as Active Directory or LDAP) by default - ISE's default authentication policy routes EAP-based requests to an external identity source. (D) Unmatched traffic is dropped per the default 'Reject/Reject/Drop' rule at the bottom of the authentication policy - there is no default permit-all fallback. Option C is wrong because unmatched traffic is dropped, not allowed. Option E is wrong because Dot1X uses external/user-defined stores, not the internal users database, by default.", "generated_by": "claude-sonnet", "llm_judge_score": 4}

No community discussion yet for this question.