CCNP Security FAQ: Troubleshooting Tools
Q1. Which ISE diagnostic tool can be used to find misconfigurations in a Cisco NAD?
a. TCP Dump
b. Live Sessions Log
c. RADIUS Authentication Troubleshooting Tool
d. Evaluate Configuration Validator
Q2. Which ISE diagnostic tool can be used to examine different aspects of a session and provide some additional details that might not have been available in the detailed authentication report?
a. TCP Dump
b. Live Sessions Log
c. RADIUS Authentication Troubleshooting Tool
d. Evaluate Configuration Validator
Q3. True or False? Logging levels in ISE can be set to debug level only from the command-line interface.
a. True
b. False
Q4. Which ISE tool displays a correlated view of authentications, change of authorizations, and state changes of an endpoint through its lifecycle on a network?
a. Live Log
b. Live Sessions Log
c. RADIUS Authentication Troubleshooting Tool
d. Evaluate Configuration Validator
Q5. Which ISE tool displays a near real-time view of passed and failed authentications?
a. Live Log
b. Live Sessions Log
c. RADIUS Authentication Troubleshooting Tool
d. Evaluate Configuration Validator
Q6. Choose the option that best describes how external syslog servers can receive logs from ISE.
a. Each PSN must be configured locally to send syslog to all sources.
b. It is not possible to configure ISE to log to external logging servers.
c. The MnT node is configured to forward all received syslog to the external recipients.
d. Each PSN sends syslog to the MNT nodes, and the external syslog receivers at the same time.
Q7. Where does an ISE admin disable all event de-duplication?
a. Administration > System > Logging > Message Catalog
b. Administration > System > Protocols > RADIUS
c. Administration > System > Logging > Remote Logging Targets
d. Administration > System > Protocols > IEEE 802.1X
Q8. Which tool will gather all the important log files and combine them into a single bundle for TAC?
a. Cisco AnyConnect Network Access Manager (NAM)
b. Cisco AnyConnect Diagnostic and Reporting Tool (DART)
c. Cisco NAC Agent
d. Cisco ISE Agent
Q9. What are the three main locations to troubleshoot network access authentication?
a. ISE, firewall, NAD
b. ISE, endpoint, firewall
c. ISE, endpoint, NAD
d. Endpoint, firewall, NAD
Q10. Which debug command will provide the best detail to identify why a URL redirection might not be working?
a. debug authentication
b. debug epm all
c. debug dot1x all
d. debug aaa all