Config Router

  • Google Sheets
  • CCNA Online training
    • CCNA
  • CISCO Lab Guides
    • CCNA Security Lab Manual With Solutions
    • CCNP Route Lab Manual with Solutions
    • CCNP Switch Lab Manual with Solutions
  • Juniper
  • Linux
  • DevOps Tutorials
  • Python Array
You are here: Home / Cisco / CCNP Security FAQ: Initial Configuration of Cisco ISE

CCNP Security FAQ: Initial Configuration of Cisco ISE

March 24, 2020 by James Palmer

CCNP Security FAQ: Initial Configuration of Cisco ISE

Q1. Which rights and permissions are required for the account used to join Cisco ISE to the Active Directory domain?
a. Search Active Directory, Remove workstation from domain, Change passwords
b. Write to Active Directory, Add workstation to organizational unit, Read properties of computer objects
c. Search Active Directory, Add workstation to domain, Set attributes on the new machine account
d. Write to Active Directory, Add workstation to domain, Read properties of computer objects

Answer: C. The permissions needed to join ISE to AD are Search Active Directory (to see whether ISE machine account already exists), Add workstation to domain (if it does not already exist), and Set attributes on the new machine account (OS type and version—optional).

Q2. Which CLI command lists all the ISE processes and their statuses?
a. show status ise
b. show application status ise
c. show application status
d. show version

Answer: B. The show application status ise command lists all the ISE processes and their statuses.

Q3. Which two functions does a certificate fulfill when used with HTTPS and EAPoverLAN?
a. Authenticates the server to the client, and the encryption method is embedded in the transform-set field within the certificate.
b. Identifies the client to the NAD and is used as the basis for the encrypted transport between the client and the NAD.
c. Authenticates the server to the client and is used as the basis for the encrypted transport between the client and server.
d. Authenticates the client to the NAD, and the encryption method is embedded in the transformset field within the certificate.

Answer: C. In both HTTPS and TLS connections, certificates are used to authenticate the server to client and act as the basis for the encrypted transport between the client and the server.

Q4. True or False? When submitting a certificate signing request (CSR), the CSR and the private key are sent to the signing certificate authority (CA), so the CA can sign the key-pair.
a. True
b. False

Answer: B. Only the CSR is submitted to the signing CA. The private key should be backed up but never given out to a third party.


Figure: CSR form

Q5. True or False? Settings such as RADIUS shared secret keys and SNMP strings can be set on a per Network Device Group (NDG) level.
a. True
b. False

Answer: B. Settings such as RADIUS shared secret keys and SNMP strings can be set only on a per-NAD basis.

Q6. What is a valid use of network device groups?
a. Use NDG as the condition by which to build different policy sets for the staged deployment of ISE.
b. Use the incoming authentication protocol type to route the authentication to a network device group that is able to process that authentication type.
c. Use the NDG to determine to which ISE policy node to route the authentication request.
d. The result of an authorization policy will allow the user to log in and control devices within the assigned network device group.

Answer: A. Use NDG to build different policy sets for the staged deployment of ISE.

Q7. True or False? Local endpoint identity groups should be created per endpoint profile instead of using the attribute itself.
a. True
b. False

Answer: B. False. It is a best practice to use endpoint identity groups only for MAC address management instead of profiles.

Q8. True or False? Cisco ISE 1.2 can join 1 Active Directory Forest and process authentications for any domain in the forest with 2-way trusts.
a. True
b. False

Answer: A. ISE 1.2 is capable of joining only a single AD domain.

Q9. What is the purpose of a certificate authentication profile (CAP)?
a. Defines which CA to use for revocation checking via either certificate revocation lists (CRLs) or online certificate status protocol (OCSP).
b. Used with MSCHAPv2 for a client to validate the authentication server.
c. Serves as the identity source for certificate authentications and defines the field of a certificate whose data will be extracted and used as the principle identity for the authorization process.
d. Used with EAP-FAST to allow for faster reauthentications and secure transport without the use of X.509 certificates.

Answer: C. Serves as the identity source for certificate authentications and defines the field of a certificate whose data will be extracted and used as the principle identity for the authorization process.

Q10. True or False? It is critical to use Network Time Protocol (NTP) to ensure the time is synchronized correctly between Cisco ISE and Microsoft Active Directory.
a. True
b. False

Answer: A. The Network Time Protocol is critical for all network interactions that require timesensitive interactions, including the interaction between the Cisco ISE and the Active Directory. Endpoint identity certificates also require an NTP synchronized time on Cisco ISE.

More Resources

  • CCNP Security FAQ
  • CCNP Security VPN FAQ
  • CCNP Secure IPS FAQ
  • CCNA Security FAQ
  • Network Security FAQ
  • CCNA Exam Answers Cisco Learning Network
  • CCNA Frequently Asked Questions
  • CCNA Exam Questions with Explanation
  • CCNA Cyber Ops FAQ

Related

Filed Under: Cisco Tagged With: CCNP, CCNP Security, CCNP Security FAQ, CCNP Security FAQ: Initial Configuration of Cisco ISE, Initial Configuration of Cisco ISE

Recent Posts

  • How do I give user access to Jenkins?
  • What is docker volume command?
  • What is the date format in Unix?
  • What is the difference between ARG and ENV Docker?
  • What is rsync command Linux?
  • How to Add Music to Snapchat 2021 Android? | How to Search, Add, Share Songs on Snapchat Story?
  • How to Enable Snapchat Notifications for Android & iPhone? | Steps to Turn on Snapchat Bitmoji Notification
  • Easy Methods to Fix Snapchat Camera Not Working Black Screen Issue | Reasons & Troubleshooting Tips to Solve Snapchat Camera Problems
  • Detailed Procedure for How to Update Snapchat on iOS 14 for Free
  • What is Snapchat Spotlight Feature? How to Make a Spotlight on Snapchat?
  • Snapchat Hack Tutorial 2021: Can I hack a Snapchat Account without them knowing?

Copyright © 2023 · News Pro Theme on Genesis Framework · WordPress · Log in