Implementing and Configuring Cisco Identity Services Engine (SISE) — Question 211

A Cisco ISE engineer is creating certificate authentication profile to be used with machine authentication for the network. The engineer wants to be able to compare the user-presented certificate with a certificate stored in Active Directory. What must be done to accomplish this?

Answer options

• A. Add the subject alternative name and the common name to the CAP
• B. Use MS-CHAPv2 since it provides machine credentials and matches them to credentials stored in Active Directory.
• C. Configure the user-presented password hash and a hash stored in Active Directory for comparison.
• D. Enable the option for performing binary comparison.

Correct answer: D

Explanation

The correct answer is D because enabling the option for performing binary comparison ensures that the certificates can be matched exactly, which is essential for successful authentication. Options A, B, and C do not address the requirement to compare certificates directly and therefore would not achieve the intended outcome.