Implementing and Configuring Cisco Identity Services Engine (SISE) — Question 328

A network administrator is currently using Cisco ISE to authenticate devices and users via 802.1X. There is now a need to also authorize devices and users using
EAP-TLS. Which two additional components must be configured in Cisco ISE to accomplish this? (Choose two.)

Answer options

• A. Certificate Authentication Profile
• B. EAP Authorization Profile
• C. Network Device Group
• D. Common Name attribute that maps to an identity store
• E. Serial Number attribute that maps to a CA Server

Correct answer: A, D

Explanation

The correct answer is A and D because a Certificate Authentication Profile is necessary for validating certificates during EAP-TLS authentication, and the Common Name attribute is crucial for mapping to an identity store. The other options either pertain to different aspects of Cisco ISE configuration or are not required for EAP-TLS authorization.