Config Router

  • Google Sheets
  • CCNA Online training
    • CCNA
  • CISCO Lab Guides
    • CCNA Security Lab Manual With Solutions
    • CCNP Route Lab Manual with Solutions
    • CCNP Switch Lab Manual with Solutions
  • Juniper
  • Linux
  • DevOps Tutorials
  • Python Array
You are here: Home / Cisco / CCNP Security FAQ: Profiling

CCNP Security FAQ: Profiling

March 24, 2020 by James Palmer

CCNP Security FAQ: Profiling

Q1. True or False? The profiling service is enabled by default on ISE policy service nodes.
a. True
b. False

Answer: A. Profiler is enabled by default on all policy service nodes and standalone nodes. However, not a single probe is enabled by default in ISE 1.2.

Q2. Name three ways in which an endpoint profile can be used in an authorization policy rule?
a. Logical profiles
b. Endpoint identity groups
c. NMAP OS-Scan result
d. EndPointPolicy attribute
e. EndPointProfile attribute

Answer: A, B, D. There is no such thing as an EndPointProfile attribute. Although OS-Scan is used as a condition to determine the endpoint’s profile, it cannot be used directly in an authorization policy. The authorization policy can use identity groups (which contain a list of MAC addresses), EndPoint Policy attribute (which is the actual endpoint profile), and logical profiles (a group of profiles).

Q3. Which probe is used to trigger the SNMPQUERY probe to query a NAD?
a. RADIUS
b. SNMPQUERY
c. HTTP
d. SNMPTRAP
e. Both A and D
f. Both C and D

Answer: E. The SNMPQUERY probe will periodically query all the NADs configured with SNMP strings, but it is also a reactive probe. The SNMPQUERY probe will reactively query a NAD when the RADIUS probe receives an accounting START message or when an SNMP trap is received.

Q4. Which three probes exist with device sensor?
a. CDP, DHCP, RADIUS
b. HTTP, CDP, RADIUS
c. CDP, DHCP, LLDP
d. CDP, HTTP, SNMP

Answer: C. The three probes that exist in device sensor on Cisco switches are CDP, DHCP, and LLDP. Wireless controllers have two probes: DHCP and HTTP.


Figure: DHCP SPAN logical design.

Q5. How are updated profiles distributed to customer ISE deployments?
a. Cisco’s Profiler Feed Service.
b. Each new version of ISE or ISE patch includes new profile policies.
c. The profiles are distributed together with the posture checks and compliance modules.
d. Import the update packs that are downloaded from Cisco.com.

Answer: A. Cisco no longer includes profile updates within the ISE version updates or patches. All new profiles are included and downloaded as part of the Cisco Profiler Feed Service.

Q6. What determines when an endpoint is assigned to a profile?
a. The profile that matches the most conditions will be assigned.
b. All profiles are manually assigned by the administrator.
c. The certainty value must equal or exceed the minimum certainty value of the profile.
d. The ISE posture agent will identify the profile of an endpoint to ISE.

Answer: C. Profiling is all about the certainty value. Each profile has a minimum certainty value, and matching the conditions will increase the certainty value. A higher the certainty value of any profile means it will be assigned.

Q7. Which ISE tool enables an administrator to drill down in to the profiles that have been assigned to locate a specific endpoint with that profile?
a. Endpoints Drill-down
b. Cisco Endpoint Profiling Examination Tool (CEPET)
c. Profiled Endpoints Counter
d. Profiler Activity Window

Answer: A. The Endpoints Drill-down tool is an excellent way to look into the profiled endpoints and verify that the profiling service is working.

Q8. What are two ways to collect HTTP user agent strings?
a. Through the AnyConnect HTTP User Agent Reporting Tool
b. SPAN port mirroring
c. The Cisco WSA device sensor
d. Directly from ISE web portals
e. Device sensor in the switch

Answer: B, D. HTTP user agent strings could be gleaned through SPAN monitoring and VACLS and directly from the ISE web portals. Wired switches do not currently have an HTTP device sensor probe, but wireless controllers do.

Q9. True or False? ISE deployments must wait for Feed Service updates for new profiles.
a. True
b. False

Answer: B. ISE provides the ability for administrators to create their own custom profiles using any of the attributes available to the profiling engine.

Q10. What will happen when an ISE administrator has modified a profile and then a Feed Service update is downloaded that contains an updated version of that profile?
a. The profile is overwritten with the version in the Feed Service Update.
b. The admin will be prompted to choose to overwrite or ignore the profile update.
c. All nonconflicting profiles will be downloaded and installed. The conflicting profiles will be ignored.
d. The update will fail and an alarm will be triggered on the dashboard and in email.

Answer: C. Profiles are classified as Cisco provided, administratively modified, or administrator created. Only Cisco-provided profiles will be overwritten.

More Resources

  • CCNP Security FAQ
  • CCNP Security VPN FAQ
  • CCNP Secure IPS FAQ
  • CCNA Security FAQ
  • Network Security FAQ
  • CCNA Exam Answers Cisco Learning Network
  • CCNA Frequently Asked Questions
  • CCNA Exam Questions with Explanation
  • CCNA Cyber Ops FAQ

Related

Filed Under: Cisco Tagged With: CCNP, CCNP Security, CCNP Security FAQ, CCNP Security FAQ: Profiling

Recent Posts

  • How do I give user access to Jenkins?
  • What is docker volume command?
  • What is the date format in Unix?
  • What is the difference between ARG and ENV Docker?
  • What is rsync command Linux?
  • How to Add Music to Snapchat 2021 Android? | How to Search, Add, Share Songs on Snapchat Story?
  • How to Enable Snapchat Notifications for Android & iPhone? | Steps to Turn on Snapchat Bitmoji Notification
  • Easy Methods to Fix Snapchat Camera Not Working Black Screen Issue | Reasons & Troubleshooting Tips to Solve Snapchat Camera Problems
  • Detailed Procedure for How to Update Snapchat on iOS 14 for Free
  • What is Snapchat Spotlight Feature? How to Make a Spotlight on Snapchat?
  • Snapchat Hack Tutorial 2021: Can I hack a Snapchat Account without them knowing?

Copyright © 2023 · News Pro Theme on Genesis Framework · WordPress · Log in