nerdexam
Cisco

350-701 · Question #338

Refer to the exhibit. A Cisco ISE administrator adds a new switch to an 802. 1X deployment and has difficulty with some endpoints gaining access. Most PCs and IP phones can connect and authenticate us

The correct answer is D. Add mab to the interface configuration.. Printers, cameras, video conference devices, etc.. either don't have 802.1X supplicant or if they have it, it could be difficult to manage. So these devices are usually authenticated and authorized by Mac Authentication Bypass (MAB) + Profiling on ISE (profiling is classification

Submitted by jian89· Mar 30, 2026Secure Network Access, Visibility, and Enforcement

Question

Refer to the exhibit. A Cisco ISE administrator adds a new switch to an 802. 1X deployment and has difficulty with some endpoints gaining access. Most PCs and IP phones can connect and authenticate using their machine certificate credentials; however, printers and video cameras cannot. Based on the interface configuration provided, what must be done to get these devices onto the network using Cisco ISE for authentication and authorization while maintaining security controls?

Exhibit

350-701 question #338 exhibit

Options

  • AChange the default policy in Cisco ISE to allow all devices not using machine authentication .
  • BEnable insecure protocols within Cisco ISE in the allowed protocols configuration.
  • CConfigure authentication event fail retry 2 action authorize vlan 41 on the interface
  • DAdd mab to the interface configuration.

How the community answered

(37 responses)
  • A
    8% (3)
  • B
    11% (4)
  • C
    24% (9)
  • D
    57% (21)

Explanation

Printers, cameras, video conference devices, etc.. either don't have 802.1X supplicant or if they have it, it could be difficult to manage. So these devices are usually authenticated and authorized by Mac Authentication Bypass (MAB) + Profiling on ISE (profiling is classification of the devices by type, function, etc... ISE recognizes devices like cameras / Cisco Phones / printers / ... and these attributes can be used in the ISE policy to apply desired authorization to the endpoints)

Topics

#Cisco ISE#802.1X#MAC Authentication Bypass

Community Discussion

No community discussion yet for this question.

Full 350-701 Practice