Default Flashcards
(31 cards)
Which personas can a Cisco ISE node assume?
Administration, Policy Service, Monitoring
What occurs when a Cisco ISE distributed deployment has two nodes and the secondary node is deregistered?
The secondary node restarts
Configure a Cisco ISE node as a primary administration node from the left into the correct order on the right.
Step 1: Choose Administration > System > Deployment.
Step 2: Select the check box next to the current node, and then click Edit.
Step 3: Click Make Primary.
Step 4: Click Save.
Which two features are available when the primary admin node is down and the secondary admin node has not been promoted?
New AD user 802.1X authentication and Posture
Which supplicant(s) and server(s) are capable of supporting EAP-CHAINING?
Cisco AnyConnect NAM and Cisco Identity Service Engine
What is a requirement for Feed Service to work?
Cisco ISE has Internet access to download feed update.
What is a method for transporting security group tags throughout the network?
By the Security Group Tag Exchange Protocol.
An engineer is configuring a virtual Cisco ISE deployment and needs each persona to be on a different node. Which persona should be configured with the largest amount of storage in this environment?
Monitoring and Troubleshooting
In a standalone Cisco ISE deployment, which two personas are configured on a node?
Administration and Policy service
A network engineer must enforce access control using special tags, without re-engineering the network design. Which feature should be configured to achieve this in a scalable manner?
SGT(Security Group Tags)
A network engineer is configuring a network device that needs to filter traffic based on security group tags using a security policy on a routed interface. Which command should be used to accomplish this task?
cts role-based enforcement
In a Cisco ISE split deployment model, which load is split between the nodes?
AAA (Authentication, Authorization, and Accounting)
What is the deployment mode when two Cisco ISE nodes are configured in an environment?
Distributed
An engineer is testing Cisco ISE policies in a lab environment with no support for a deployment server. In order to push supplicant profiles to the workstations for testing, firewall ports will need to be opened. From which Cisco ISE persona should this traffic be originating?
Policy Service
What does a fully distributed Cisco ISE deployment include?
All Cisco ISE personas on their own dedicated nodes.
An engineer is configuring 802.1X and wants it to be transparent from the users’ point of view. The implementation should provide open authentication on the switch ports while providing strong levels of security for non-authenticated devices. Which deployment mode should be used to achieve this?
low-impact
A network administrator changed a Cisco ISE deployment from pilot to production and noticed that the JVM memory utilization increased significantly. The administrator suspects this is due to replication between the nodes. What must be configured to minimize performance degradation?
Enable the endpoint attribute filter.
An administrator is attempting to replace the built-in self-signed certificates on a Cisco ISE appliance. The CA is requesting some information about the appliance in order to sign the new certificate. What must be done in order to provide the CA this information?
Generate the CSR.
An administrator is adding network devices for a new medical building into Cisco ISE. These devices must be in a network device group that is identifying them as Medical Switch so that the policies can be made separately for the endpoints connecting through them. Which configuration item must be changed in the network device within Cisco ISE to accomplish this goal?
Change the device type to Medical Switch.
An organization wants to split their Cisco ISE deployment to separate the device administration functionalities from the main deployment. For this to work, the administrator must deregister any nodes that will become a part of the new deployment, but the button for this option is grayed out. Which configuration is causing this behavior?
One of the nodes is the Primary PAN.
A network administrator must configure Cisco ISE Personas in the company to share session information via syslog. Which Cisco ISE personas must be added to syslog receivers to accomplish this goal?
Monitor
What is the maximum number of PSN nodes supported in a medium-sized deployment?
Five
How is policy services node redundancy achieved in a deployment?
By creating a node group
Which two fields are available when creating an endpoint on the context visibility page of Cisco ISE?
Policy Assignment and Identity Group Assignment
