nerdexam
Cisco

350-401 · Question #614

A customer wants to provide wireless access to contractors using a guest portal on Cisco ISE. The portal Is also used by employees A solution is implemented, but contractors receive a certificate erro

The correct answer is A. Install a trusted third-party certificate on the Cisco ISE.. Contractors receive a certificate error when accessing the guest portal, while employees do not, indicating that the certificate presented by Cisco ISE is not trusted by contractor devices.

Submitted by omar99· Mar 6, 2026Security

Question

A customer wants to provide wireless access to contractors using a guest portal on Cisco ISE. The portal Is also used by employees A solution is implemented, but contractors receive a certificate error when they attempt to access the portal Employees can access the portal without any errors. Which change must be implemented to allow the contractors and employees to access the portal?

Options

  • AInstall a trusted third-party certificate on the Cisco ISE.
  • BInstall an Internal CA signed certificate on the contractor devices
  • CInstall an internal CA signed certificate on the Cisco ISE
  • Dinstall a trusted third-party certificate on the contractor devices.

How the community answered

(22 responses)
  • A
    55% (12)
  • B
    9% (2)
  • C
    23% (5)
  • D
    14% (3)

Why each option

Contractors receive a certificate error when accessing the guest portal, while employees do not, indicating that the certificate presented by Cisco ISE is not trusted by contractor devices.

AInstall a trusted third-party certificate on the Cisco ISE.Correct

Contractor devices, being external, likely do not trust the internal CA that signed the Cisco ISE certificate; installing a trusted third-party certificate on Cisco ISE ensures that both contractors' (external) and employees' (potentially internal CA trusted) devices will implicitly trust the portal's certificate.

BInstall an Internal CA signed certificate on the contractor devices

Installing an internal CA signed certificate on *contractor devices* is impractical and insecure for guest access, as it would require manually configuring each contractor device.

CInstall an internal CA signed certificate on the Cisco ISE

An internal CA signed certificate on Cisco ISE is the likely *cause* of the contractor error because internal CAs are not typically trusted by default on external devices like contractor laptops.

Dinstall a trusted third-party certificate on the contractor devices.

Installing a trusted third-party certificate on *contractor devices* is unnecessary; the certificate for trust should be on the server (Cisco ISE) and trusted by the client devices.

Concept tested: Cisco ISE Guest Portal Certificate Trust

Source: https://www.cisco.com/c/en/us/td/docs/security/ise/3-0/admin_guide/b_ise_admin_3_0/m_certificates.html

Topics

#Cisco ISE#PKI#certificate#guest portal

Community Discussion

No community discussion yet for this question.

Full 350-401 Practice