Implementing and Configuring Cisco Identity Services Engine (SISE) — Question 238

An enterprise uses a separate PSN for each of its four remote sites. Recently, a user reported receiving an "EAP-TLS authentication failed" message when moving between remote sites. Which configuration must be applied on Cisco ISE?

Answer options

• A. Use a third-party certificate on the network device.
• B. Add the device to all PSN nodes in the deployment.
• C. Configure an authorization profile for the end users.
• D. Renew the expired certificate on one of the PSN.

Correct answer: D

Explanation

The correct answer is D because an expired certificate can lead to EAP-TLS authentication failures. The other options do not address the root cause of the authentication issue, as they pertain to device inclusion, authorization profiles, or third-party certificates rather than resolving certificate expiration.