CCNP Security FAQ: Cisco Identity Services Engine Architecture
Figure: Single-node/standalone ISE configuration.
Q1. Cisco Identity Services Engine (ISE) is which of the following?
a. A switch that provides authenticated access to the network
b. A network management platform
c. A network security and policy platform
d. A unified computing system that incorporates virtualization of endpoints
Q2. The four key personas of Cisco ISE are which of the following? (Select four.)
a. Administration
b. Authentication Server
c. File Download
d. Monitoring and Troubleshooting
e. Policy Services Node
f. Identity Management
g. Inline Posture Node
Q3. The Cisco ISE Administration Node persona is which of the following?
a. The node where policy configuration changes are made
b. The network management platform for the network
c. The engine where policy decisions are made
d. Responsible for logging and reporting data
Q4. The Cisco ISE Monitoring and Troubleshooting Node persona is which of the following?
a. The node where policy configuration changes are made
b. The network management platform for the network
c. The engine where policy decisions are made
d. Responsible for logging and reporting data
Q5. The Cisco ISE Policy Service Node persona is which of the following?
a. The node where policy configuration changes are made
b. The network management platform for the network
c. The engine where policy decisions are made
d. Responsible for logging and reporting data
Q6. Which of the following is true about the Cisco ISE Inline Posture Node persona?
a. A gatekeeper that enforces access policies and handles CoA requests, specifically for those that cannot process CoA requests
b. Is an ergonomic tool included within Cisco ISE to ensure that network administrators are not slouching on the job
c. Allows users to always bypass authentication and authorization, giving them unfettered access to the network.
d. Sniffs all the packets sent from an endpoint, inline, making sure that the endpoint is not distributing viruses and malware onto the network.
Q7. A virtual ISE appliance should do which of the following?
a. Be kept as small as possible for speed and agility
b. Be appropriately sized to match the equivalent physical appliance
c. Reserve the appropriate resources to ensure that other virtualized applications do notcannibalize the ISE resources
d. A and B
e. B and C
f. A, B, and C
Q8. In a single-node/standalone deployment of ISE which of the following is true?
a. Each ISE appliance services a single network access device.
b. Each ISE appliance services only a single ISE persona.
c. All endpoints bypass authentication.
d. All core ISE personas reside on a single ISE appliance.
Q9. In a four-node deployment of Cisco ISE, the ____ and ____ personas are combined on two of the appliances, while the ____ persona is by itself on each of the other two appliances.
a. PAN, PSN, MNT
b. PAN, IPN, MNT
c. PSN, MNT, IPN
d. PSN, PAN, MNT
e. PAN, MNT, IPN
f. PAN, MNT, PSN
Q10. The maximum number of PSNs supported with ISE 1.2 in a fully distributed deployment model is ____, resulting in a maximum number of supported endpoints of ______.
a. 5; 5,000
b. 5; 10,000
c. 5; 50,000
d. 40; 5,000
e. 40; 20,000
f. 40; 250,000