Implementing and Configuring Cisco Identity Services Engine (SISE) — Question 270

An administrator must onboard MacOS endpoints that connect to Cisco switches using the BYOD portal in Cisco ISE. The authentication method must be configured to meet these requirements:

• Cisco ISE identifies itself by providing its identity certificate to the endpoint.
• The endpoint validates the Cisco ISE identity certificate.
• The endpoint provides its endpoint identity certificate, signed by Cisco ISE, to Cisco ISE.
• Cisco ISE confirms the endpoint certificate validity, and the endpoint is authorized onto the network.

Which protocol must be configured?

Answer options

• A. EAP-TLS
• B. EAP-GTC
• C. EAP-FAST
• D. EAP-TTLS

Correct answer: A

Explanation

EAP-TLS is the correct protocol because it supports mutual authentication where both the client and server provide certificates for validation, fulfilling all specified requirements. EAP-GTC does not require client-side certificates, EAP-FAST does not inherently support certificate-based authentication, and EAP-TTLS is not designed for this specific certificate exchange scenario.