CCNP Security FAQ: ISE Scale and High Availability
Q1. How does a PSN join an ISE cube?
a. From the Deployment screen on the secondary nodes, select Join Cube and enter the FQDN and credentials of the cube controller.
b. From the Deployment screen on the PAN, click Create Cube. Then click Register and add the FQDN and credentials for the other nodes.
c. From the Deployment screen on the PAN, click Register and add the FQDN and credentials for the other nodes.
d. PSNs are standalone. They do not join an ISE cube.
Q2. True or False? When joining a node to an ISE cube, you specify which personas the node should have.
a. True
b. False
Q3. Which three pieces of information are needed for an ISE license?
a. The output from the show license CLI command.
b. The unique device ID (UDID), version number (VPID), and serial number
c. The product ID (SPID), unique device ID (UDID), and serial number
d. The product ID (SPID), version number (VPID), and serial number
Q4. How does HA work for an ISE policy administration node?
a. Gigabit Ethernet 4 is used for stateful heartbeat. When the primary no longer responds, the secondary takes over.
b. The secondary is manually promoted from the secondary’s GUI.
c. The secondary is manually promoted from the primary’s GUI.
d. There is no HA for the policy administration node.
Q5. How does the monitoring persona’s high availability work?
a. ISE uses TCP syslog, and if the primary node does not respond, then the other nodes will send logs to the secondary.
b. Gigabit Ethernet 4 is used for stateful heartbeat. When the primary no longer responds, the secondary takes over.
c. Monitoring persona does not have an HA function.
d. Logs are sent to both MnT nodes automatically. If one MnT node goes down, the other node is still receiving logs.
Q6. What is the purpose of a node group?
a. Node groups are used for stateful sync between PSNs. If one PSN goes down, another PSN from the node group will assume its sessions automatically.
b. Node groups are used for a multicast heartbeat between PANs. If one PAN goes down, another PAN from the node group will take over.
c. Node groups are used for a multicast heartbeat between PSNs. If one PSN goes down, another PSN from the node group will send a change of authorization (CoA) for establishing sessions of the fallen node.
d. Node groups are used for a multicast heartbeat between MnT nodes. If one MnT goes down, another MnT from the node group will take over.
Q7. True or False? Cisco ISE cannot be used with load balancers.
a. True
b. False
Q8. How are patches applied to Cisco ISE?
a. Patches are downloaded and applied automatically using Cisco github.
b. Patches are downloaded from Cisco.com and applied through the GUI.
c. Patches are downloaded but not applied automatically. They are downloaded from Cisco github.
d. Patches are downloaded and applied automatically as part of the ISE feed service.
Q9. How do you verify the status of an ISE backup?
a. The status can be viewed only from the CLI.
b. The status of a restore is available in the GUI, but not backup status.
c. The status is not viewable in ISE version 1.2.
d. The status of a backup can be viewed from the GUI under Administration > System > Backup & Restore.
Q10. Where do you set the order for patching ISE nodes?
a. This is configured under Administration > System > Settings > Patch Management.
b. It is configured on the Administration > System > Maintenance > Patch Management page.
c. It is not configurable and will patch all nodes simultaneously.
d. It is not configurable and will patch all nodes in alphabetical order.