Implementing and Configuring Cisco Identity Services Engine (SISE) — Question 294

A Cisco ISE administrator must authenticate users against Microsoft Active Directory. The solution must meet these requirements:

• Users and computers must be authenticated.
• User groups must be retrieved during authentication.

Which protocol must be added to the allowed protocols on the policy to authenticate the users?

Answer options

• A. EAP-TLS
• B. EAP-GTC
• C. MS-CHAPv2
• D. LEAP

Correct answer: C

Explanation

MS-CHAPv2 is the correct protocol because it allows for mutual authentication of users and supports the retrieval of user group information from Active Directory. EAP-TLS and EAP-GTC are not suitable for this requirement, as EAP-TLS focuses on certificate-based authentication and EAP-GTC does not support group retrieval. LEAP is an outdated protocol and not recommended for modern authentication scenarios.