Which two options are primary functions of Cisco ISE? (Choose two.)
allocating resources
enforcing endpoint compliance with network security policies
enabling WAN deployment over any type of connection
automatically enabling, disabling, or reducing allocated power to certain devices
providing VPN access for any type of device
providing information about every device that touches the network
Cisco ISE is a security policy management platform that provides secure access to network resources. Cisco ISE functions as a policy decision point and enables enterprises to ensure compliance, enhance infrastructure security, and streamline service operations1. Two of the primary functions of Cisco ISE are:
The other options are not primary functions of Cisco ISE, because:
References:
1: Cisco Content Hub - Cisco ISE Features 2: Cisco ISE Posture Service Overview 3: [Cisco ISE Profiler Service Overview]
Which two statements are true regarding SD-WAN demonstrations? (Choose two.)
As a Cisco SD-WAN SE, you should you should spend your time learning about the technology rather than contributing to demo innovation.
During a demo, you should demonstrate and discuss what the team considers important
details.
During a demo, you should consider the target audience and the desired outcome.
Use demonstrations primarily for large opportunities and competitive situations.
There is a big difference between demos that use a top down approach and demos that use a bottom up approach.
SD-WAN demonstrations are an effective way to showcase the benefits and features of Cisco SD-WAN solutions to potential customers. However, not all demos are created equal, and there are some best practices to follow to ensure a successful and engaging demo. Here are some explanations for why C and E are true statements regarding SD-WAN demonstrations:
References :=
Which node enables Cisco ISE to share contextual information on a device with Cisco Stealth watch?
Inline Posture Node
pXGrid Controller
Monitoring and Troubleshooting Node
Policy Administration Node
The node that enables Cisco ISE to share contextual information on a device with Cisco Stealthwatch is the pXGrid Controller. The pXGrid Controller is a component of the ISE Policy Service Node (PSN) that facilitates the exchange of contextual data between ISE and other security products, such as Stealthwatch, via the Platform Exchange Grid (pxGrid) protocol. The pXGrid Controller acts as a broker that registers, authenticates, and authorizes pxGrid clients, and allows them to publish and subscribe to topics of interest. For example, Stealthwatch can subscribe to the Session Directory topic to obtain user and device information from ISE, and use it to enrich the network flow data and provide better visibility and security analytics. Stealthwatch can also publish topics, such as Rapid Threat Containment (RTC), to allow ISE to take mitigation actions on compromised endpoints, such as quarantine or re-authentication. References:
Which two primary categories are displayed on the overall health page of the assurance component in the Cisco DNA Center? (Choose two.)
Client
Server
Access-Distribution
Core
Wired
Network
The overall health page of the assurance component in the Cisco DNA Center displays two primary categories: Client and Network1. The Client category shows the health score of all the wired and wireless clients connected to the network, along with the number of clients, the top issues affecting the clients, and the distribution of clients by type, OS, and SSID1. The Network category shows the health score of all the network devices, such as switches, routers, wireless controllers, and access points, along with the number of devices, the top issues affecting the devices, and the distribution of devices by site, family, and role1.
The other options are not primary categories on the overall health page. Server is not a category, but a type of client that can be filtered in the Client category1. Access-Distribution and Core are not categories, but roles of network devices that can be filtered in the Network category1. Wired is not a category, but a subcategory of the Client category that shows the health score of the wired clients only1.
References:
Which two statements regarding Cisco SD-WAN vEdge routers can mitigate DoS attacks against the infrastructure? (Choose two.)
The vEdge routers run on hardened Linux operating systems.
Only authorized controllers are allowed to communicate back to the vEdg e router after the vEdge router establishes connection with the controllers.
In case of direct Internet access, the only traffic allowed back is the traffic matching the state table entries on the vEdge router.
Open Certificate Authority and automated enrollment feature.
By default, all incoming traffic is denied at the transport (WAN) side interfaces.
Cisco SD-WAN vEdge routers can mitigate DoS attacks against the infrastructure by using two mechanisms:
References:
Which two activities should occur during an SE’s demo process? (Choose two.)
identifying which capabilities require demonstration
highlighting opportunities that although not currently within scope would result in lower operational costs and complexity
asking the customer to provide network drawings or white board the environment for you
determining whether the customer would like to dive deeper during a follow -up
leveraging a company such as Complete Communications to build a financial case
According to the Cisco Design Zone website1, an SE’s demo process should include the following activities:
The other activities are not recommended or necessary during an SE’s demo process, because:
References:
1: Cisco Design Zone 2: [Cisco Demo Best Practices], page 3 3: [Cisco Demo Best Practices], page 6 : [Cisco Demo Best Practices], page 4 : [Cisco Demo Best Practices], page 2 : [Cisco Demo Best Practices], page 5
How would Cisco ISE handle authentication for your printer that does not have a supplicant?
ISE would authenticate the printer using 802.1X authentication.
ISE would authenticate the printer using MAC RADIUS authentication.
ISE would authenticate the printer using MAB.
ISE would not authenticate the printer as printers are not subject to ISE authentication.
ISE would authenticate the printer using web authentication.
Cisco ISE can handle authentication for printers that do not have a supplicant using MAB (MAC Authentication Bypass). MAB is a method of authenticating devices based on their MAC address. MAB is useful for devices that do not support 802.1X or other authentication protocols, such as printers, cameras, or IoT devices. MAB works as follows:
MAB is less secure than 802.1X, as MAC addresses can be spoofed or cloned. Therefore, MAB should be used with caution and combined with other security measures, such as profiling, posture, or endpoint protection. MAB should also be restricted to specific ports or VLANs that are isolated from the rest of the network.
References: