The correct answer is B and E.
When the primary admin node is down and the secondary admin node has not been promoted, the following features are available:
Hotspot: If you have configured a hotspot in Cisco ISE, users will still be able to connect to the hotspot and access the internet.
BYOD: If you have configured BYOD in Cisco ISE, users will still be able to register their devices and access network resources.
New AD user 802.1X authentication: When a new AD user is created, Cisco ISE needs to communicate with Active Directory to authenticate the user. If the primary admin node is down, this communication cannot happen and the user will not be able to authenticate using 802.1X.
Posture: Posture is a feature that allows Cisco ISE to assess the security posture of a device before it is allowed to access network resources. This assessment includes checking for software updates, virus signatures, and other security vulnerabilities. If the primary admin node is down, Cisco ISE cannot perform posture assessments and devices will be allowed to access network resources even if they are not up to date with security patches.
Guest AUP: Guest AUP is a feature that allows you to create a policy that guests must agree to before they can access network resources. If the primary admin node is down, guests will not be able to agree to the Guest AUP and will not be able to access network resources.
AC are correct.!!
Authentication service for 802.1X is always running on both node.
Posture service is always running on both node.
The service that is only active on the primary node is the Service for Guest Portal featrue and BYOD feature.
AC are correct.!!
Authentication service for 802.1X is always running on both node.
Posture service is always running on both node.
The service that is only active on the primary node is the Service for Guest Portal featrue and BYOD feature.
A&C, basically anything that changes the distributed policy is a no-go. New AD users are handled by AD not PAN--New Identity store would be a no-go. Posture is a session based function on PSN.
A and C are correct.
Look at the table in following link.
https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/admin_guide/b_ise_admin_guide_23/b_ise_admin_guide_23_chapter_011.html#ID57
The following table lists the features that are affected when the primary PAN goes down and the secondary PAN is yet to take over.
Features Name Available When Primary PAN is Down? (Yes/No)
Existing or new AD user RADIUS authentication Yes
Guest: AUP No
Posture Yes
BYOD with Internal CA No
802.1x and Posture will work without any policy. For any hotspot or redirection, it has to be configured in policy to point to ISE server which the request is received from. so A and C are correct.
New qns
Users in an organization report issues about having to remember multiple usernames and passwords. The network administrator wants the existing Cisco ISE deployment to utilize an external identity source to alleviate this issue.
Which two requirements must be met to implement this change? (Choose two.)
A. Enable IPC access over port 80. B. Ensure that the NAT address is properly configured C. Establish access to one Global Catalog server. D. Provide domain administrator access to Active Directory. E. Configure a secure LDAP connection.
Based on the Cisco Doc -- A and C are correct. https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/admin_guide/b_ise_admin_guide_23/b_ise_admin_guide_23_chapter_011.html#ID57
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Seawanderer
Highly Voted 2 years, 8 months agoGSTK
2 years, 4 months agodenverfly
Most Recent 3 months, 2 weeks agodenverfly
1 year, 6 months agoluismg
3 days agobeeker98106
10 months, 1 week agojcms700
1 year, 6 months agojcms700
1 year, 6 months agorhylos
1 year, 7 months agoTHEODORABLE
1 year, 8 months agoCnoteone
1 year, 9 months agog33k
1 year, 10 months agoiceise
2 years, 2 months agoAbhi0324
2 years agouser_topic
2 years, 6 months agoIETF1
1 year, 11 months agoMUKD
2 years, 6 months agokthekillerc
2 years, 9 months agoVenusia
2 years, 11 months agoPipi
3 years, 9 months agoNatcat
3 years, 11 months agotienld
3 years, 11 months ago