Which statement about configuring an identification profile for machine authentication is true?
Click on the arrows to vote for the correct answer
A. B. C. D.C.
https://www.cisco.com/c/en/us/td/docs/security/wsa/wsa11-0/user_guide/b_WSA_UserGuide/b_WSA_UserGuide_chapter_01001.htmlAn identification profile is a configuration in Cisco Web Security Appliance (WSA) that specifies the criteria for identifying network traffic. In the context of machine authentication, the identification profile is used to identify the machine ID of a client device that is attempting to access the network. Here are the explanations for each answer:
A. Cloud Web Security Connector mode with an active directory enabled supports machine authentication
This statement is true. Cloud Web Security (CWS) Connector is a deployment mode that allows organizations to extend web security policies to users who are not on the corporate network. When CWS Connector is used with an active directory (AD), machine authentication is supported. In this case, the WSA can authenticate the machine ID of a client device using the AD credentials.
B. Identification profile machine ID is supported locally, but the Cisco WSA does not support machine ID authentication
This statement is not true. The WSA does support machine ID authentication. The identification profile can be used to identify the machine ID of a client device. Once the machine ID is identified, the WSA can use it to enforce web security policies specific to that device.
C. Cloud Web Security with Kerberos enabled supports machine authentication
This statement is also true. Kerberos is a network authentication protocol that is used to authenticate client devices. When CWS is used with Kerberos enabled, machine authentication is supported. In this case, the WSA can authenticate the machine ID of a client device using the Kerberos credentials.
D. If an Active Directory realm is used, identification can be performed for an authenticated user or IP address but not for a machine ID.
This statement is false. If an AD realm is used, identification can be performed for a machine ID as well as an authenticated user or IP address. The identification profile can be configured to identify the machine ID of a client device using the AD credentials. Once the machine ID is identified, the WSA can use it to enforce web security policies specific to that device.
In summary, statements A, C, and D are true, and statement B is false.