nerdexam
Exams300-715Questions#94
CiscoCisco

300-715 · Question #94

300-715 Question #94: Real Exam Question with Answer & Explanation

The correct answer is C: The devices in the network do not have a supplicant.. Engineers should configure MAB when devices on the network lack an 802.1X supplicant, providing a way to authenticate non-802.1X capable endpoints.

Architecture and Deployment

Question

When planning for the deployment of Cisco ISE, an organization's security policy dictates that they must use network access authentication via RADIUS. It also states that the deployment provide an adequate amount of security and visibility for the hosts on the network. Why should the engineer configure MAB in this situation?

Options

  • AThe Cisco switches only support MAB.
  • BMAB provides the strongest form of authentication available.
  • CThe devices in the network do not have a supplicant.
  • DMAB provides user authentication.

Explanation

Engineers should configure MAB when devices on the network lack an 802.1X supplicant, providing a way to authenticate non-802.1X capable endpoints.

Common mistakes.

  • A. Cisco switches support various authentication methods, including 802.1X, not solely MAB.
  • B. MAB is considered a weaker form of authentication compared to 802.1X with EAP methods, as MAC addresses can be spoofed.
  • D. MAB authenticates devices based on their MAC address, not individual users, making it a device authentication method.

Concept tested. MAC Authentication Bypass (MAB) Use Cases

Reference. https://www.cisco.com/c/en/us/td/docs/security/ise/3-1/admin_guide/b_ISE_admin_3_1/m_mac_authentication_bypass.html

Topics

#MAB#Network Access Authentication#802.1X Supplicant#Cisco ISE

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 300-715 PracticeBrowse All 300-715 Questions