Which two values are compared by the binary comparison function in authentication that is based on Active Directory?
A. subject alternative name and the common name
B. user-presented password hash and a hash stored in Active Directory
C. MS-CHAPv2 provided machine credentials and credentials stored in Active Directory
D. user-presented certificate stored in Active Directory
I think the key point here is *binary* comparison. Thus the only thing that is compared bit-by-bit – is client supplied certificate.
Correct answer should be D.
This is the quote from official cert guide:
`A binary comparison takes the public certificate used by the user or device attempting access and performs a bit-for-bit comparison to a copy stored elsewhere (usually on the issuing CA itself). This setting is configured within the CAP by checking the Perform Binary Certificate Comparison with Certificate Retrieved from LDAP or Active Directory option and selecting which LDAP or AD store will contain the copies of the public certificates.`
Answer A (if 1 Choice) and AD (if 2 choice)
ISE does comparison on the SAN and CN of the certificate. It also can do binary comparison of the certificates.
https://i.imgur.com/O050NJF.png
I would consider A or D, because C is not in compliance with employed EAP-TLS.
For more, see
https://www.cisco.com/c/en/us/td/docs/security/ise/2-0/ise_active_directory_integration/b_ISE_AD_integration_2x.html
Question is for two…
Correct Answer: AC
https://www.cisco.com/c/en/us/td/docs/security/ise/2- 0/ise_active_directory_integration/b_ISE_AD_integration_20.pdf