Implementing and Configuring Cisco Identity Services Engine (SISE) — Question 303

A network administrator must configure endpoints using an 802.1X authentication method with EAP identity certificates that are provided by the Cisco ISE. When the endpoint presents the identity certificate to Cisco ISE to validate the certificate, endpoints must be authorized to connect to the network. Which EAP type must be configured by the network administrator to complete the task?

Answer options

• A. EAP-PEAP-MSCHAPv2
• B. EAP-TTLS
• C. EAP-TLS
• D. EAP-MD5

Correct answer: C

Explanation

EAP-TLS is the correct choice as it requires a client and server certificate for mutual authentication, allowing secure validation of the identity certificate by Cisco ISE. The other options, such as EAP-PEAP-MSCHAPv2 and EAP-TTLS, do not rely solely on certificate-based authentication and thus do not meet the requirement set in the question.