350-401 · Question #1084
350-401 Question #1084: Real Exam Question with Answer & Explanation
The correct answer is A: Add a new DNS record to resolve the FQDN to the PSN IP address. To resolve certificate errors after changing an ISE guest portal URL to a static FQDN, a new DNS record must map the FQDN to the PSN IP, and a new SSL certificate containing the static FQDN must be generated and installed.
Question
An engineer modifies the existing ISE guest portal URL to use a static FQDN. Users immediately report that they receive certificate errors when they are redirected to the new page. Which two additional configuration steps are needed to implement the change? (Choose two.)
Options
- AAdd a new DNS record to resolve the FQDN to the PSN IP address
- BCreate and sign a new CSR that contains the static FQDN entry
- CManually configure the hosts file on each user device.
- DDisable HTTPS on the WLC under the Management menu
- EAdd the FQDN entry under the WLC virtual interface
Explanation
To resolve certificate errors after changing an ISE guest portal URL to a static FQDN, a new DNS record must map the FQDN to the PSN IP, and a new SSL certificate containing the static FQDN must be generated and installed.
Common mistakes.
- C. Manually configuring the hosts file on each user device is not a scalable, practical, or manageable solution for a production guest network.
- D. Disabling HTTPS would remove encryption, compromising the security and integrity of the guest portal, which is an unacceptable security practice.
- E. Adding the FQDN entry under the WLC virtual interface is irrelevant to the ISE guest portal's FQDN and certificate, as the WLC virtual interface primarily handles the WLC's own management or client redirection.
Concept tested. Cisco ISE guest portal FQDN and SSL certificate management
Topics
Community Discussion
No community discussion yet for this question.