Free Cisco 300-715 SISE Actual Exam Questions - Question 14 Discussion

Option A seems off because ISE BYOD doesn’t always require an endpoint certificate; it depends on your deployment. Also, the CN field being the device hostname (C) feels less likely since user identity usually takes priority in certs for BYOD to tie it back to the user, not just the device. D is interesting, but SAN can hold different info, not just the username, so it’s not guaranteed either. The enrollment protocol difference in B is a solid clue since Android’s EST support is distinct, making B a strong candidate here.

It’s B. Android devices use EST for certificate enrollment mainly because it supports the newer protocols and security features that Android favors, while other OSes typically stick with SCEP. This difference is pretty consistent across Cisco ISE setups and helps streamline the process for different platforms. So, the protocol variance is definitely something to keep in mind when configuring BYOD certs. Options A, C, and D seem more about specifics that can vary depending on the deployment or certificate template, but B highlights a clear protocol distinction tied to the device type itself.

Maybe D is the way to go here. The SAN field often carries user-related info, and since BYOD ties devices to users, using the end user name in SAN makes sense for identifying who owns the device. A and B feel too specific or possibly outdated, and CN is usually for device identity, not user names. So D fits if you think about certificate fields serving different identification purposes.

Option C makes sense since the CN usually identifies the device, so using the endpoint hostname fits. That feels more standard than tying the SAN to a username like in D.

Actually, this one is tricky. I’m not sure about the difference in enrollment protocols for Android versus others (B), but A sounds too rigid to be true. Anyone got a clear take?