Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Cisco Exam 300-715 Topic 7 Question 80 Discussion

Actual exam question for Cisco's 300-715 exam
Question #: 80
Topic #: 7
[All 300-715 Questions]

A network security administrator needs a web authentication configuration when a guest user connects to the network with a wireless connection using these steps:

. An initial MAB request is sent to the Cisco ISE node.

. Cisco ISE responds with a URL redirection authorization profile if the user's MAC address is unknown in the endpoint identity store.

. The URL redirection presents the user with an AUP acceptance page when the user attempts to go to any URL.

Which authentication must the administrator configure on Cisco ISE?

Show Suggested Answer Hide Answer
Suggested Answer: D

Central Web Authentication (CWA) is a feature that allows the network access device (NAD) to redirect the web traffic of a guest user to a web portal hosted by Cisco ISE1. The NAD acts as a proxy between the guest user and the ISE node, and performs the authentication and authorization based on the RADIUS attributes returned by ISE1. To configure CWA on ISE, the administrator must create an authorization profile that contains the URL redirection attribute and assign it to the guest user1. The other options are not correct because they do not use CWA. Device registration WebAuth is a feature that allows users to register their devices on ISE before they can access the network2. WLC with local WebAuth is a feature that allows the wireless LAN controller (WLC) to host the web portal and authenticate the guest user locally3. Wired NAD with local WebAuth is a feature that allows the switch to host the web portal and authenticate the guest user locally


Contribute your Thoughts:

Luisa
8 months ago
Totally, the central WebAuth makes the most sense here. Although, I have to say, the wording of these questions can be a real head-scratcher sometimes. Just when you think you've got it figured out, they throw in a curveball!
upvoted 0 times
...
Yen
8 months ago
Yeah, that's a solid explanation. I was initially leaning towards B) WLC with local WebAuth, but the fact that the user is being redirected to an AUP page points more towards a central WebAuth setup on the Cisco ISE node.
upvoted 0 times
Glory
8 months ago
Yes, it seems like the most appropriate solution for the network security administrator.
upvoted 0 times
...
Santos
8 months ago
So, we're all in agreement then? D) NAD with central WebAuth is the way to go.
upvoted 0 times
...
Lajuana
8 months ago
Definitely, that way you can control the AUP acceptance process more effectively.
upvoted 0 times
...
Janey
8 months ago
It seems like a better option for managing guest user access to the network.
upvoted 0 times
...
Twana
8 months ago
Agreed, having a centralized location for authentication would ensure consistency.
upvoted 0 times
...
Ernie
8 months ago
I think you're right, D) NAD with central WebAuth makes more sense.
upvoted 0 times
...
...
Benton
8 months ago
I agree with that assessment. The key details here are the initial MAB request and the URL redirection, which suggest a centralized web authentication approach rather than a local WebAuth configuration on the WLC or NAD.
upvoted 0 times
...
Mozell
8 months ago
Hmm, this question seems to be testing our understanding of the different web authentication configurations in Cisco ISE. I think the answer is D) NAD with central WebAuth, as the scenario describes the user being redirected to a URL where they can accept an AUP, which is a typical behavior of a central WebAuth setup.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77