Implementing and Configuring Cisco Identity Services Engine (SISE) 試験
Question No : 1
What occurs when a Cisco ISE distributed deployment has two nodes and the secondary node ,s deregistered?
if your deployment has two nodes and you deregister the secondary node, both nodes in this primary- secondary pair are restarted. (The former primary and secondary nodes become standalone.)
Question No : 2
What allows an endpoint to obtain a digital certificate from Cisco ISE during a BYOD flow?
Question No : 3
Which two task types are included in the Cisco ISE common tasks support for TACACS+ profiles? (Choose two.)
https://www.cisco.com/c/en/us/td/docs/security/ise/2- 1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_0100010.html TACACS+ Profile
TACACS+ profiles control the initial login session of the device administrator. A session refers to
each individual authentication, authorization, or accounting request. A session authorization
request to a network device elicits an ISE response. The response includes a token that is
interpreted by the network device, which limits the commands that may be executed for the
duration of a session. The authorization policy for a device administration access service can
contain a single shell profile and multiple command sets.
The TACACS+ profile definitions are split into two components:
There are two views in the TACACS+ Profiles page (Work Centers > Device Administration > Policy Elements > Results > TACACS Profiles)--Task Attribute View and Raw View. Common tasks can be entered using the Task Attribute View and custom attributes can be created in the Task Attribute View as well as the Raw View.
The Common Tasks section allows you to select and configure the frequently used attributes for a profile. The attributes that are included here are those defined by the TACACS+ protocol draft specifications. However, the values can be used in the authorization of requests from other services. In the Task Attribute View, the ISE administrator can set the privileges that will be assigned to the device administrator.
The common task types are:
The Custom Attributes section allows you to configure additional attributes. It provides a list of attributes that are not recognized by the Common Tasks section. Each definition consists of the attribute name, an indication of whether the attribute is mandatory or optional, and the value for the attribute. In the Raw View, you can enter the mandatory attributes using a equal to (=) sign between the attribute name and its value and optional attributes are entered using an asterisk (*) between the attribute name and its value. The attributes entered in the Raw View are reflected in the Custom Attributes section in the Task Attribute View and vice versa. The Raw View is also used to copy paste the attribute list (for example, another product's attribute list) from the clipboard onto ISE. Custom attributes can be defined for nonshell services.
Question No : 4
A user reports that the RADIUS accounting packets are not being seen on the Cisco ISE server.
Which command is the user missing in the switch's configuration?
Question No : 5
If a user reports a device lost or stolen, which portal should be used to prevent the device from accessing the network while still providing information about why the device is blocked?
https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Borderless_Networks/Unified_Access/ BY OD_Design_Guide/Managing_Lost_or_Stolen_Device.html#90273
The Blacklist identity group is system generated and maintained by ISE to prevent access to lost or stolen devices. In this design guide, two authorization profiles are used to enforce the permissions for wireless and wired devices within the Blacklist: Blackhole WiFi Access
Blackhole Wired Access
Question No : 6
How is policy services node redundancy achieved in a deployment?
Question No : 7
Client provisioning resources can be added into the Cisco ISE Administration node from which three of these? (Choose three.)
Question No : 8
What are two benefits of TACACS+ versus RADIUS for device administration? (Choose two)
Question No : 9
Which Cisco ISE component intercepts HTTP and HTTPS requests and redirects them to the Guest User Portal?
Question No : 10
Which two values are compared by the binary comparison function in authentication that is based on Active Directory? (Choose Two)
Basic certificate checking does not require an identity source. If you want binary comparison checking for the certificates, you must select an identity source. If you select Active Directory as an identity source, subject and common name and subject alternative name (all values) can be used to look up a user.
Question No : 11
Which supplicant(s) and server(s) are capable of supporting EAR-CHAINING?
Question No : 12
Which profiling probe collects the user-agent string?
Question No : 13
Which two ports must be open between Cisco ISE and the client when you configure posture on Cisco ISE? (Choose two).
Question No : 14
What is a method for transporting security group tags throughout the network?
Question No : 15
What are two components of the posture requirement when configuring Cisco ISE posture? (Choose two)