Exam 300-715 topic 1 question 182 discussion

A native supplicant provisioning policy is used to redirect the BYOD user to the Cisco ISE BYOD portal for onboarding. The BYOD portal can be used to request a digital certificate and provision the endpoint, as well as to download and install the necessary certificates and software components. Option A is incorrect because the BYOD flow is not used to provision the endpoint, but rather to authorize access to the network. Option B is incorrect because the posture provisioning policy is not used to provision the endpoint during the onboarding process. Option D is incorrect because the Cisco AnyConnect provisioning policy is not used for onboarding BYOD devices, but rather for onboarding corporate-owned devices.

Correct is C) - Device registration will take place first (MAC address – Endpoint Identity Group: RegisteredDevices, flag BYODregistration), and then Device Enrollment – setting up the supplicant and issuing the X.509 certificate. A) is therefore incorrect (the truth is exactly the opposite): "BYOD flow to ensure that the endpoint will be provisioned prior to registering" - BYOD primarily provisions the native supplicant. D) is therefore incorrect (states provisioning Cisco AC) Network Setup Assistant (NSA) --> Native Supplicant Provisioning (NSP) - Web Redirection in the Authorization profile is of the type "Native Supplicant Provisioning" --> Value "BYOD Portal" (see figure 16-54 in ebook) - That's why BYOD Portal is like subset of NSP (from Authorization Profile point of view) C) correctly says that the NSP policy redirects the user to the BYOD portal for onboarding (see Authorization Profile). D) "Posture provisioning" – does not apply to BYOD device provisioning.

I have to say that I'm wrong actually..... DO NOT GET CONFUSED LIKE ME ABOUT THIS... Answer is C because reading that better is not posture provisioning policy... That policy is needed for the actual posture of the client and you will specify the remediation steps for resolve in case that the client is not compliant The client provisioning policy or as they say native supplicant provisioning policy is needed for deploying the configuration of the cisco anyconnect agent or any agent that you want to deploy this policy is just needed based on who you are and other conditions for deploying the right agent. I'm sorry for put confusion in the community. Hope that I solved that. YmerG was right

The answer here is B just lab it if u can. Basically when you do onboarding of BYOD what you do is configuring a client provisioning policy for the BYOD so that the client will download the setup.exe with the certificate that the client will use for the onboarding. So the client is gonna be redirected to the BYOD portal and then the client will download this .exe, it will begin the setup and after that the certificate as said before is installed. After that the client will use the certificate to be authenticated, in ISE there will be a policy that is gonna match if the user is BYOD Portal registered equal Yes, if EAP-TLS and if the radius calling-station id is matching the CN (It will be the mac address of the device) then the client will be authenticated correctly.

The correct answer is The posture provisioning policy to give the endpoint all necessary components prior to registering. The posture provisioning policy is used to configure the endpoint before it is registered with Cisco ISE. This policy can be used to install software, configure settings, and request digital certificates

C is correct