Architecture & Deployment

Question 1

2 Types of Identities used by ISE

Answer 1

Username & MAC address

Question 2

2 Types of Identity Stores used by ISE

Answer 2

Internal & External

Question 3

ISE internal Identity Stores are used to authenticate which type of identities

Answer 3

Users & Endpoints

Question 4

Which Identity Store attributes can be used in ISE authorization policy

Answer 4

User & Machine

Question 5

What is an individual Identity Store called

Answer 5

Identity Source

Question 6

How is Identity Source Sequence processed

Answer 6

Top Down

Question 7

WHich Idnetity Stores are suported by ISE for authentication

Answer 7

LDAP
Microsoft AD
RADIUS server

Question 8

MAB uses which type of Identity Store

Answer 8

Internal Identity store

Question 9

2 Types of Internal Identity Store used by ISE

Answer 9

User database

Endpoint Database

Question 10

Primary reason for using external Identity Store

Answer 10

Performance

Scalability

Question 11

What is an Identity Store

Answer 11

Database which can be used to authenticate User or Endpoint credentials

Question 12

Minimum certificate checks

Answer 12

Has Certificate been signed by a Trusted CA
Is certificate expired
Has certificate been revoked
Has client provided proof of possesion

Question 13

ISE Node Types

Answer 13

Policy Admin Node
Policy Services Node
Monitoring & Troubleshooting Node
pxGrid

Question 14

Policy Admin Node (PAN)

Answer 14

Node used to manage configuration changes to all nodes in the deployment.
These changes are then synced between Primary PAN and Backup PAN (and config updated to each PSN where applicable)

Question 15

Policy Services Node (PSN)

Answer 15

Node used to provide 
Network access, 
Posture, 
Client Provisioning, 
Profiling
Apply Authentication and Authorization Policies to endpoints

Question 16

Monitoring & Troubleshoting (MnT)

Answer 16

Node used to provides advanced troubleshooting options and stores monitoring logs.

Question 17

pxGrid

Answer 17

Node used to share context-sensitive data with approved 3rd party applications

Question 18

How Node Groups work

Answer 18

All PSNs are on same VLAN and maintain a heartbeat with each other.
If PSN dies while servicing an authentication request another PSN sends CoA to NAD which causes endpoint to restart session establishment.
Most commonly used behind Load Balancers

Question 19

ISE Personas

Answer 19

PAN
MnT
PSN

Question 20

Configure ISE Personas

Answer 20

Administration > System > Deployment > Select node

Question 21

Configure ISE as Primary PAN

Answer 21

Administration > System > Deployment
Select Node > Edit
Select Make Primary
Save

Question 22

Installing ISE Patches

Answer 22

Download Patch
Go to Administration > System > Maintenance > Patch Management
Select Install
Browse to Patch
Select Install
Confirm Md5 hash
Patch will be applied to all nodes in deployment

Question 23

Which Personas are configured in a Standalone Deployment

Answer 23

PAN

PSN

Question 24

Which Persona needs the latgest amont of storage

Answer 24

MnT

Question 25

Initial certificate presented by ISE is which type

Answer 25

Self-Signed

Question 26

Where can Authentication & Authorization sessions be viewed for troubleshooting purposes

Answer 26

Operations > Live Logs > TACACS+/RADIUS Live Logs

Question 27

Which details can be added to NAD when configuring in ISE

Answer 27

Device Name
IP address
RADIUS shared secret

Question 28

What is the Authentication Policy used for

Answer 28

Identify user or endpoint as they connect to the network

Question 29

Which Profiling Policies are available

Answer 29

Netflow
DHCP
DHCPSPAN
HTTP
RADIUS
NMAP
DNS
SNMPQUERY/SNMPTRAP
ACTIVE DIRECTORY