Exam 350-401 topic 1 question 861 discussion

The two correct additional configuration steps needed to implement the change are: A. Add a new DNS record to resolve the FQDN to the PSN IP address This is required so that when users try to access the FQDN, it correctly resolves to the IP address of the Policy Service Node (PSN), ensuring proper redirection. B. Create and sign a new CSR that contains the static FQDN entry A new certificate must be generated with the static FQDN in the subject or subject alternative name (SAN) field. This is necessary to avoid certificate errors, as the certificate must match the new FQDN for secure HTTPS connections. Explanations for incorrect options: C: Manually configuring the hosts file on each user device is not a scalable or practical solution for large networks. D: Disabling HTTPS on the Wireless LAN Controller (WLC) under the Management menu would not resolve certificate issues, and it would reduce security. E: While adding the FQDN to the WLC virtual interface could help with redirection, it does not address the certificate error issue directly.

I believe A is wrong, read the question. Users are reporting certificate errors, meaning they already can reach the new FQDN so it already is in DNS. So I am going with AE for this one.

1. FQDN is the unique identifier for a website or service. 2. CSR needs to include the FQDN so that the CA can issue an SSL certificate for that FQDN. 3. DNS resolves the FQDN to the corresponding IP address, ensuring users can access the website or service.

Adding the FQDN to the Wireless LAN Controller (WLC) virtual interface is often necessary for proper redirection and SSL certificate matching. However, it does not directly address the two main issues causing certificate errors: DNS resolution and cert matching

A and B are correct tested in a real environment

A & B are correct

Option E, adding the FQDN entry under the WLC virtual interface, does not directly address certificate errors. This step is unnecessary for resolving certificate issues related to the ISE guest portal URL. Instead, focus on ensuring proper DNS resolution and configuring the correct SSL certificate with the FQDN.

are the correct answer

https://community.cisco.com/t5/network-access-control/where-to-configure-public-fqdn-for-guest-users-in-cisco-ise-or/td-p/4869630 this proves once again that I am right, A & E

A. By adding a new DNS record to resolve the FQDN to the PSN (Policy Services Node) IP address, users will be able to resolve the FQDN to the correct IP address when accessing the guest portal, thus avoiding certificate errors. E. Adding the FQDN entry under the WLC (Wireless LAN Controller) virtual interface ensures that the WLC can correctly handle the traffic directed to the static FQDN for the guest portal. The other options (B, C, D) are not relevant or necessary for addressing certificate errors when redirecting users to the new page using a static FQDN.

Given answer is correct.

the below AI chatbots say that option A and B is right - chatGPT , google BARD (google) , capilot (windows) , Aria (opera mini) , LEO (brave browser)

I think correct answers should be A&E

AE think corect

I think correct answers should be A&E