In which way can the user be authorized based on Active Directory group membership?

For your enterprise ISE deployment, you want to use certificate-based authentication for all your Windows machines you have already pushed the machine and user certificates out to all the machines using GPO. By default, certificate-based authentication does not check the certificate against Active Directory, or requires credentials from the user. This essentially means that no groups are returned as part of the authentication request.

In which way can the user be authorized based on Active Directory group membership?
A . The certificate must be configured with the appropriate attributes that contain appropriate group formation, which can be used in Authorization policies
B . Configure the Windows supplicant to used saved credentials as well as certificate based authentication
C . Enable Change of Authorization on the deployment to perform double authentication
D . Configure Network Access Device to bypass certificate-based authentication and push configured user credentials as a proxy to ISE
E . Use EAP authorization to retrieve group information from Active directory
F . Use ISE as the Certificate Authority which allows for automatic group retrieval from Active directory to perform the required authorization

Answer: A



Latest 400-251 Dumps Valid Version with 124 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments