Question 8 - Cisco 350-701 Real Exam Questions [March 2026 Update]

Q: 8

[Endpoint Protection and Detection] An engineer needs a solution for TACACS+ authentication and authorization for device administration. The engineer also wants to enhance wired and wireless network security by requiring users and endpoints to use 802.1X, MAB, or WebAuth. Which product meets all of these requirements?

Options

Discussion

Sanjay X. Feb 19, 2026 4:58 pm

encountered exactly similar question in my exam, on my practice set, it's B.

Chris Feb 26, 2026 10:18 pm

These Cisco product names always trip people up, it's like they want us to confuse Prime and ISE every exam. Option B

Ava P. Mar 4, 2026 11:34 pm

Prime Infrastructure seems right since it manages devices, so A.

Chloe Mar 1, 2026 1:25 pm

ISE is the only one here that does both TACACS+ for admin and supports 802.1X, MAB, WebAuth for endpoints. Pretty sure it's B, but I'd double check the docs since Prime gets confused with AAA sometimes.

Robin W. Mar 3, 2026 6:06 pm

ISE is the only one that combines TACACS+, 802.1X, MAB, and WebAuth centralization. B

Quinn Mar 5, 2026 12:10 am

B tbh, Prime is a trap since it doesn't handle all the AAA stuff needed here.

Sanjay Y. Feb 27, 2026 12:11 am

A could work if you're just thinking about device management since Prime controls infrastructure, right? Doesn't it do some AAA too? Not totally sure but went with A here, since it's tempting for admin tasks.

Adam S. Feb 28, 2026 1:38 pm

Nah, it's B. A is always tempting because Prime does a lot, but it doesn't actually handle TACACS+ or all the 802.1X/AAA stuff like ISE. I've seen this type of trap in practice sets.

Aaron T. Feb 25, 2026 4:04 am

B fits since ISE does both TACACS+ for device admin and handles 802.1X, MAB, WebAuth for wired and wireless access. Prime is more for managing devices but doesn't do full AAA. Pretty sure it's B here, but correct me if I'm missing something.

Sean L. Feb 26, 2026 1:43 pm

Official guide and labs both stress ISE for these use cases. B

Be respectful. No spam.

Correct Answer:

Explanation

Cisco Identity Services Engine (ISE) is a comprehensive identity and access control policy platform. It is specifically designed to provide centralized Authentication, Authorization, and Accounting (AAA) services. ISE meets all the requirements by functioning as a TACACS+ server for device administration (controlling access to network devices like routers and switches) and as a RADIUS server to enforce network access policies for users and endpoints using protocols such as 802.1X, MAC Authentication Bypass (MAB), and Web Authentication (WebAuth) for both wired and wireless networks.

Why Incorrect

A. Cisco Prime Infrastructure: This is a network management platform for monitoring and configuration, not a policy enforcement engine for AAA services like TACACS+ or 802.1X.

C. Cisco Stealthwatch: Now called Cisco Secure Network Analytics, this tool provides network visibility and threat detection using telemetry like NetFlow. It does not perform AAA functions.

D. Cisco AMP for Endpoints: Now called Cisco Secure Endpoint, this is an endpoint protection (EPP) and detection/response (EDR) solution focused on malware. It does not provide network access control.

---

References

1. Cisco Identity Services Engine (ISE) Data Sheet. Cisco. "Cisco ISE is a centralized solution that automates and simplifies secure access control... It provides: [...] Device administration (via TACACS+)

[...] IEEE 802.1X

MAC Authentication Bypass (MAB)

web authentication". This document explicitly lists both core functionalities required by the question.

Source: Cisco Identity Services Engine (ISE) Data Sheet

"Features and benefits" table.

2. Cisco Identity Services Engine Administrator Guide

Release 3.2. Cisco. "Device administration access service provides a policy framework for controlling access to the network devices... Cisco ISE uses the TACACS+ protocol for device administration." This confirms the TACACS+ capability. The guide also extensively covers configuring authentication and authorization policies for 802.1X

MAB

and WebAuth.

Source: Chapter: "Device Administration"

Section: "Device Administration Access Service" and Chapter: "Authentication"

Section: "Authentication Policies".

3. SCOR 350-701 Official Cert Guide. Cisco Press. "ISE is the Cisco solution for network access control (NAC) and is the main product that implements AAA for users and devices connecting to a network... ISE also supports TACACS+ for device administration."

Source: Chapter 21

"Cisco Identity Services Engine (ISE)"

Section: "ISE Fundamentals".

📖 About this Domain

🎓 What You Will Learn

🛠️ Skills You Will Build

💡 Top Tips to Prepare

📖 About this Domain

🎓 What You Will Learn

🛠️ Skills You Will Build

💡 Top Tips to Prepare

📖 About this Domain

🎓 What You Will Learn

🛠️ Skills You Will Build

💡 Top Tips to Prepare

📖 About this Domain

🎓 What You Will Learn

🛠️ Skills You Will Build

💡 Top Tips to Prepare

📖 About this Domain

🎓 What You Will Learn

🛠️ Skills You Will Build

💡 Top Tips to Prepare

📖 About this Domain

🎓 What You Will Learn

🛠️ Skills You Will Build

💡 Top Tips to Prepare

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE