Implementing and Operating Cisco Security Core Technologies (SCOR) — Question 599

A network engineer is tasked with configuring a Cisco ISE server to implement external authentication against Active Directory. What must be considered about the authentication requirements? (Choose two.)

Answer options

• A. RADIUS communication must be permitted between the ISE server and the domain controller.
• B. The ISE account must be a domain administrator in Active Directory to perform JOIN operations.
• C. Active Directory only supports user authentication by using MSCHAPv2.
• D. LDAP communication must be permitted between the ISE server and the domain controller.
• E. Active Directory supports user and machine authentication by using MSCHAPv2.

Correct answer: D, E

Explanation

The correct answers are D and E because LDAP communication is necessary for the ISE server to communicate with Active Directory, and Active Directory indeed supports both user and machine authentication via MSCHAPv2. Options A and B are incorrect as RADIUS is not the only communication method required, and the ISE account does not need to be a domain administrator for JOIN operations. Option C is also incorrect because Active Directory supports various authentication methods beyond just MSCHAPv2.