Implementing and Configuring Cisco Identity Services Engine (SISE) — Question 214

To configure BYOD using Cisco ISE. an administrator is considering issuing certificates to the devices connecting to provide a better user experience. External CA servers cannot be used for this purpose because everything must be local to the Cisco ISE. What must be done to accomplish this?

Answer options

• A. Use the captive portal network assistant to issue certificates to the endpoints as they authenticate.
• B. Use ISE as a sub CA for the BYOD portal and redirect users to the Root CA for certificate issuance.
• C. Configure the Cisco ISE Internal CA to issue certificates to each endpoint connecting to the BYOD network.
• D. Configure MS SCEP so that endpoints can query their local AD server for the correct certificate.

Correct answer: C

Explanation

The correct answer is C because configuring the Cisco ISE Internal CA allows the system to issue certificates locally, which aligns with the requirement of not using external CA servers. Option A is incorrect as it does not specify the use of ISE's Internal CA. Option B incorrectly suggests using a Root CA, which contradicts the local requirement, and option D is not relevant as it involves querying an AD server, which is not suitable in this context.