What is a requirement for Feed Service to work?
Correct Answer: D
For the Feed Service to function, Cisco ISE needs Internet access to download feed updates. This allows the system to regularly update and maintain the most current profiles and policies necessary for network security and device profiling.
What is a method for transporting security group tags throughout the network?
Correct Answer: B
The correct method for transporting security group tags throughout the network is by using the Security Group Tag Exchange Protocol. This protocol is specifically designed to form peer relationships and exchange security-related data, including security group tag mappings and policies, across various network devices. It is particularly useful in environments where direct TrustSec client relationship or a contiguous security group access control list (SGACL) domain is not possible.
An engineer is configuring a virtual Cisco ISE deployment and needs each persona to be on a different node.
Which persona should be configured with the largest amount of storage in this environment?
Correct Answer: A
The Monitoring and Troubleshooting (MnT) node is designed for storing logs and other monitoring data, which can occupy a large amount of disk space. Therefore, it requires the largest amount of storage among the different personas in a Cisco ISE deployment.
In a standalone Cisco ISE deployment, which two personas are configured on a node? (Choose two.)
Correct Answer: CE
In a standalone Cisco ISE (Identity Services Engine) deployment, a node can be configured with multiple personas. The two relevant personas for this type of setup are the Administration persona and the Policy Service persona. The Administration persona is responsible for the administrative and management functions of Cisco ISE, such as configuring settings and managing policies. The Policy Service persona handles the policy enforcement, protocols, and network access control services. These two roles are essential for the functioning of a standalone deployment and are hence the correct options.
A network engineer must enforce access control using special tags, without re-engineering the network design.
Which feature should be configured to achieve this in a scalable manner?
Correct Answer: C
Scalable Group Tags (SGT) are specifically designed to enforce access control using tags, allowing for a flexible and scalable approach to network security without requiring changes to the network design. They enable the application of security policies based on the identity and role of users or devices, which aligns perfectly with the requirement of the question.