CCNP Security FAQ: A Guided Tour of the Cisco ISE Graphical User Interface
Figure: Initial ISE administrative GUI login.
Q1. Which is true of the Cisco ISE GUI?
a. Requires a separate application to access it
b. Uses a “standard,” Adobe Flash-capable web-browser
c. Does not exist—ISE is only configurable via command-line interface (CLI)
d. Requires Cisco Network Assistant
Q2. To ensure the highest level of security, the ISE administrative GUI uses which of the following?
a. SSH
b. SCP
c. HTTP
d. HTTPS
Q3. The initial certificate presented by the ISE administrative GUI is typically which of the following?
a. Signed by a trusted, public certificate authority
b. A self-signed certificate automatically generated by ISE
c. Delivered in a separate envelope from the ISE appliance
d. Put in a frame and hung over your desk at work
Q4. Components within the Operations section of ISE allow an administrator to do which of the following?
a. Actively monitor, report, and troubleshoot active authentication and authorization sessions
b. Configure how ISE will operate on the network
c. Create the web portals for client provisioning
d. Modify the security policy of ISE
Q5. The Policy tab of the Cisco ISE GUI allows an administrator to configure all of the following EXCEPT which?
a. Authorization
b. Client provisioning
c. Web portals
d. Security group access
Q6. You can configure which of the following item(s) under the Administration tab of Cisco ISE?
a. Policy elements
b. Certificates
c. Dictionaries
d. Network devices
e. A, B, and C
f. B, C, and D
g. B and D
Q7. When adding a network access device to Cisco ISE, which of the following details can be configured under the network device? (Select three.)
a. MAC address
b. IP address
c. Device name
d. RADIUS server IP address
e. RADIUS shared secret key
f. Mobile device manager
g. SGA AAA Servers
Q8. An authentication policy within ISE is used to do which of the following?
a. Determine what the endpoint will be given access to
b. Identify the endpoint or the user of the endpoint as it connects to the network
c. Determine the type of security software that is running on the endpoint
d. Quarantine a user if the endpoint is on the Blacklist
Q9. Profiling policies within ISE can leverage all of the following protocols to determine the type of endpoint that is accessing the network EXCEPT which? (Select two.)
a. DHCP
b. RADIUS (by proxy)
c. SSH
d. HTTP(S)
e. FTP
Q10. Client provisioning is a process whereby all necessary _______ and _______ are deployed to the endpoint, allowing the endpoint to more easily, maybe even automatically, join the network in the future.
a. credentials, configurations
b. regulations, policies
c. IP addresses, ACLs
d. protocols, processes