Implementing and Configuring Cisco Identity Services Engine (SISE) — Question 162

A network administrator must configure endpoints using an 802.1X authentication method with EAP identity certificates that are provided by the Cisco ISE. When the endpoint presents the identity certificate to Cisco ISE to validate the certificate, endpoints must be authorized to connect to the network.
Which EAP type must be configured by the network administrator to complete this task?

Answer options

• A. EAP-TTLS
• B. EAP-TLS
• C. EAP-FAST
• D. EAP-PEAP-MSCHAPv2

Correct answer: B

Explanation

EAP-TLS is the correct choice because it relies on client-side certificates for authentication, allowing Cisco ISE to validate the endpoint's identity certificate. The other options, such as EAP-TTLS and EAP-PEAP-MSCHAPv2, do not utilize certificates in the same way and therefore do not meet the requirement for using identity certificates provided by Cisco ISE.