ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 350-701 All Questions

View all questions & answers for the 350-701 exam
Go to Exam

Exam 350-701 topic 1 question 142 discussion

Actual exam question from Cisco's 350-701
Question #: 142
Topic #: 1
[All 350-701 Questions]

An engineer is adding a Cisco DUO solution to the current TACACS+ deployment using Cisco ISE. The engineer wants to authenticate users using their account when they log into network devices. Which action accomplishes this task?

  • A. Configure Cisco DUO with the external Active Directory connector and tie it to the policy set within Cisco ISE.
  • B. Install and configure the Cisco DUO Authentication Proxy and configure the identity source sequence within Cisco ISE.
  • C. Modify the current policy with the condition MFA: SourceSequence:DUO=true in the authorization conditions within Cisco ISE.
  • D. Create an identity policy within Cisco ISE to send all authentication requests to Cisco DUO.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by wenorex222 at June 8, 2022, 6:27 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
nomanlands
Highly Voted 9 months, 3 weeks ago
Selected Answer: B
B is the correct answer. You would have to authenticate first successfully before DUO is triggered for MFA, DUO would not handle authentication directly.
upvoted 5 times
NikoNiko
9 months, 2 weeks ago
Yes, B is correct. Scheme & explanation: https://community.cisco.com/t5/security-knowledge-base/duo-mfa-integration-with-ise-for-tacacs-device-administration/ta-p/3881767 DUO scheme: https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/214813-configure-duo-two-factor-authentication.html A - "configure DUO external Active Directory connector + tie it to the policy set within Cisco ISE" - DUO uses own Authentication Proxy server, which connects to AD (not called "AD connector") and more importantly - it is impossible to configure ISE policy with DUO AD connector. Nonsense. In policy can be used only "AD connector", which is ISE connection to AD (i. e. AD Join Point) but it has nothing to do with DUO. C - not existing condition in ISE https://www.cisco.com/c/en/us/td/docs/security/ise/3-0/admin_guide/b_ISE_admin_3_0/b_ISE_admin_30_segmentation.html#ID37 D - nonsense, ISE doesn't have any Identity Policy as I know (I also Googled it for sure)
upvoted 3 times
...
...
sis_net_sec
Most Recent 6 months, 1 week ago
Selected Answer: B
https://community.cisco.com/t5/security-documents/duo-mfa-integration-with-ise-for-tacacs- device-administration/ta-p/3881767
upvoted 3 times
...
wenorex222
10 months, 3 weeks ago
Selected Answer: D
The correct answer should be d.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago