CCNP Security FAQ: Cisco Identity Services Engine Architecture Figure: Single-node/standalone ISE configuration. Q1. Cisco Identity Services Engine (ISE) is which of the following? a. A switch that provides authenticated access to the network b. A network management platform c. A network security and policy platform d. A unified computing system that incorporates … [Read more...]
CCNP Security FAQ: Introduction to AAA Advanced Concepts
Q1. A RADIUS change of authorization enables an authentication server to do which of the following? a. Escalate an administrative user’s access level within the server’s administration portal b. Grant context appropriate network access after initial access has previously been granted c. Gain root-level access of all network devices d. Take over the world Answer: B. A … [Read more...]
CCNP Security FAQ: Troubleshooting Tools
CCNP Security FAQ: Troubleshooting Tools Figure: Live sessions Q1. Which ISE diagnostic tool can be used to find misconfigurations in a Cisco NAD? a. TCP Dump b. Live Sessions Log c. RADIUS Authentication Troubleshooting Tool d. Evaluate Configuration Validator Answer: D. The Evaluate Configuration Validator tool compares a switch configuration to a “template” … [Read more...]
CCNP Security FAQ: Non-802.1X Authentications
CCNP Security FAQ: Non-802.1X Authentications Figure:Web authentication. Q1. True or False? To allow endpoints without configured supplicants to connect to a network where IEEE 802.1X has been enabled, the administrator must disable 802.1X on the endpoints’ switch port. a. True b. False Answer: B. The available options for nonauthenticating endpoints are MAC Authentication … [Read more...]
CCNP Security FAQ: Deploying Safety
CCNP Security FAQ: Deploying Safety Figure: Phased deployments. Q1. What is Monitor Mode? a. Using the authentication open interface configuration command on 802.1X enabled interfaces b. A setting in ISE to record actions but not take them c. A method for identifying which device would have failed authentication and correcting the root cause prior to it taking … [Read more...]
CCNP Security FAQ: Posture Assessment
CCNP Security FAQ: Posture Assessment Figure: ISE authentication and authorization flow. Q1. The Posture Service is comprised of which of the following functional components? (Select three.) a. Profiling b. Client provisioning c. Authorization policy d. Mobile device managers e. Access lists f. Guest Services g. Posture Policy Answer: B, C, G. The three major … [Read more...]
CCNP Security FAQ: Identity Management
CCNP Security FAQ: Identity Management Figure ISE identity source sequence configuration Q1. What are two types of identities used in Cisco Identity Service Engine? a. SSID b. MAC address c. Username d. IP address Answer: B, C. An identity is a representation of who a user or device is. Cisco ISE uses an endpoint’s MAC address to uniquely identify that endpoint. A … [Read more...]
CCNP Security FAQ: TrustSec and MACSec
CCNP Security FAQ: TrustSec and MACSec Figure: MACSec Layer-2 hop-by-hop encryption. Q1. What is a security group tag? a. A luggage tag applied by TSA workers at airports to flag bags as they enter security checkpoints b. An internal assignment used in ISE to represent a local copy of an Active Directory group c. A 16-bit value that represents the context of a user … [Read more...]
CCNP Security FAQ: Bring Your Own Device
CCNP Security FAQ: Bring Your Own Device Figure: BYOD timeline. Q1. What is the process of onboarding as it relates to BYOD? a. It’s a form of torture used in military interrogations. b. It prepares an endpoint for network access with supplicant configuration, and possibly even certificate provisioning. c. It’s the process in which an IT department will prestage an … [Read more...]
CCNP Security FAQ : IPS and Advanced Protocol Handling
CCNP Security FAQ : IPS and Advanced Protocol Handling Q1. What does the ICMP inspection feature on the Security Appliance do? A. It prevents the Security Appliance from being flooded with water. B. It protects the inside network from being engulfed by rain. C. It protects against SYN flood attacks. D. It protects against AAA attacks. Answer: D Q2. Which Security … [Read more...]