exam questions

Exam 350-701 All Questions

View all questions & answers for the 350-701 exam

Exam 350-701 topic 1 question 298 discussion

Actual exam question from Cisco's 350-701
Question #: 298
Topic #: 1
[All 350-701 Questions]

Which ID store requires that a shadow user be created on Cisco ISE for the admin login to work?

  • A. RSA SecureID
  • B. Internal Database
  • C. Active Directory
  • D. LDAP
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Mara03
Highly Voted 4 years, 9 months ago
https://community.cisco.com/t5/security-documents/ise-admin-user-authentication-from-ad/ta-p/3159662
upvoted 25 times
birdman6709
3 years, 7 months ago
Step 3 Create user in AD
upvoted 9 times
...
...
Jeeves69
Highly Voted 4 years, 1 month ago
The correct answer is A. In Cisco ISE, you can authenticate administrators via an external identity store such as Active Directory, LDAP, or RSA SecureID. There are two models you can use to provide authentication via an external identity store: External Authentication and Authorization: There are no credentials that are specified in the local Cisco ISE database for the administrator, and authorization is based on external identity store group membership only. This model is used for Active Directory and LDAP authentication. External Authentication and Internal Authorization: The administrator’s authentication credentials come from the external identity source, and authorization and administrator role assignment take place using the local Cisco ISE database. This model is used for RSA SecurID authentication. This method requires you to configure the same username in both the external identity store and the local Cisco ISE database. Source: https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/admin_guide/b_ise_admin_guide_23/b_ise_admin_guide_23_chapter_011010.html Scroll down to: "Administrative Access to Cisco ISE Using an External Identity Store"
upvoted 16 times
...
MomoBill
Most Recent 6 months, 1 week ago
Selected Answer: C
https://community.cisco.com/t5/security-documents/ise-admin-user-authentication-from-ad/ta-p/3159662 Step 3 Create user in AD. After created shadow user
upvoted 1 times
...
Korndal
9 months, 3 weeks ago
Selected Answer: C
You cannot join AD without typing in a valid user (with correct rights) to be able to joind AD, and also to do lookups in AD
upvoted 1 times
...
nep1019
1 year, 8 months ago
Selected Answer: C
https://community.cisco.com/t5/security-knowledge-base/ise-admin-user-authentication-from-ad/ta-p/3159662 Search shadow user
upvoted 1 times
...
ums008
1 year, 9 months ago
Selected Answer: A
A should be Correct: RSA SecureID is an authentication mechanism that utilizes two-factor authentication, combining something the user knows (a PIN or password) with something the user has (a hardware or software token). In the case of RSA SecureID integration with Cisco ISE, a shadow user needs to be created on Cisco ISE for the admin login to work. When a user attempts to log in to Cisco ISE using RSA SecureID, the RSA SecureID server validates the user's credentials and generates a one-time password (OTP) or token. This OTP or token is sent to Cisco ISE for authentication. To complete the authentication process, Cisco ISE must have a shadow user account created, which mirrors the user's credentials on the RSA SecureID server.
upvoted 2 times
...
GCalvo
1 year, 11 months ago
Selected Answer: A
The correct answer is A. RSA SecureID. When using RSA SecureID as the ID store on Cisco ISE (Identity Services Engine), a shadow user must be created for the admin login to work. A shadow user is a local user account created on Cisco ISE that mirrors the admin account in the RSA SecureID server.
upvoted 1 times
...
Totosos1
2 years ago
Selected Answer: A
A is correct! RSA SecureID
upvoted 1 times
...
Tuxzinator
2 years, 2 months ago
Selected Answer: A
RSA SecureID is an external ID store that is commonly used for two-factor authentication (2FA) in Cisco ISE environments. When using RSA SecureID as the ID store, a shadow user must be created in Cisco ISE for each user who will be logging in with 2FA. This shadow user is linked to the user's RSA SecureID token, and is used to authenticate the user's login credentials. In contrast, Internal Database, Active Directory, and LDAP do not require the use of shadow users in order for admin logins to work. These ID stores authenticate users directly against their stored credentials, without the need for additional shadow accounts.
upvoted 2 times
...
sull3y
2 years, 2 months ago
The answer is A. RSA SecureID, as it requires the creation of a shadow user on Cisco ISE for the admin login to work. This is because RSA SecureID is an authentication method that combines something a user knows (a password or PIN) with something the user has (a token). The shadow user in ISE acts as a representation of the RSA SecureID system, allowing the administrator to log in to the ISE using the combination of their password and the RSA SecureID token.
upvoted 3 times
...
west33637
2 years, 3 months ago
Selected Answer: A
The correct answer is A. Please see Jeeves69's comment for clarification. No user is created in ISE when using AD as the ID store.
upvoted 1 times
...
Emlia1
2 years, 5 months ago
Selected Answer: C
AD is correct
upvoted 1 times
...
4000000
2 years, 5 months ago
A is answer
upvoted 1 times
...
Sun2sun
3 years, 2 months ago
Correct answer is C. Active Directory.
upvoted 1 times
...
thefiresays
4 years, 1 month ago
Correct answer is C. Active Directory. https://community.cisco.com/t5/security-documents/ise-admin-user-authentication-from-ad/ta-p/3159662
upvoted 7 times
...
Kris92
4 years, 1 month ago
ACD are all valid answers, maybe the question is does NOT require, in which case it would be B
upvoted 3 times
...
CiscoTech
4 years, 10 months ago
I think this is actually RSA. When creating a new admin user we get these details.... Information on External Checkbox If this checkbox is checked then a shadow user will be created in the ISE for authorization. This user name will be same as that in the defined External ID store. Applicable to users authenticating against RSA & RADIUS-token external ID stores.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago