Which is a benefit of a cloud-based SD-WAN deployment?
Correct Answer: A
A cloud-based SD-WAN deployment is a model of delivering SD-WAN services from the cloud, rather than from on-premises hardware or software appliances. A cloud-based SD-WAN deployment has several benefits, such as: * Instant scale: A cloud-based SD-WAN deployment can scale up or down the network resources and bandwidth on demand, without requiring additional hardware or manual configuration. This enables the network to adapt to the changing traffic patterns and user demands, while optimizing the network performance and efficiency12. * Reduced costs: A cloud-based SD-WAN deployment can lower the capital and operational expenses of the network, by eliminating the need for expensive and complex WAN infrastructure, such as MPLS circuits, routers, firewalls, and WAN optimization devices. A cloud-based SD-WAN deployment can also leverage the economies of scale and the pay-as-you-go model of the cloud, which can reduce the network costs per megabit12. * Simplified management: A cloud-based SD-WAN deployment can simplify the network management and operation, by providing a centralized and unified dashboard that can monitor, configure, and troubleshoot the network across multiple sites and regions. A cloud-based SD-WAN deployment can alsoautomate the network provisioning, orchestration, and optimization, by applying intelligent policies and analytics based on the business intent and network conditions12. * Enhanced security: A cloud-based SD-WAN deployment can enhance the network security and compliance, by providing built-in and integrated security features, such as encryption, firewall, VPN, IPS, and antivirus. A cloud-based SD-WAN deployment can also leverage the cloud security services, such as SASE, toprovide secure and direct access to the cloud applications and platforms, without compromising the network performance and user experience123. * Improved cloud readiness: A cloud-based SD-WAN deployment can improve the cloud readiness and * agility of the network, by enabling seamless and optimized connectivity to the public cloud, SaaS, and cloud interconnect providers. A cloud-based SD-WAN deployment can also support the multicloud and hybrid-cloud strategies, by allowing the network to operate as a cloud-native WAN overlay, using software-defined automation and orchestration tools123. References: * What Is SD-WAN? - Software-Defined WAN (SDWAN) - Cisco * SD-WAN Benefits: 5 Business Advantages of SD-WAN - Fortinet * What are the Benefits of SD-WAN? - Cisco * What are the Benefits of SD-WAN? * SD-WAN and SASE: The new landscape of networking https://salesconnect.cisco.com/sc/s/learning-activity-from-plan?ltui__urlRecordId=a0c8c00000P3hKMAAZ<u
Question 22
Which node enables Cisco ISE to share contextual information on a device with Cisco Stealth watch?
Correct Answer: B
Explanation The node that enables Cisco ISE to share contextual information on a device with Cisco Stealthwatch is the pXGrid Controller. The pXGrid Controller is a component of the ISE Policy Service Node (PSN) that facilitates the exchange of contextual data between ISE and other security products, such as Stealthwatch, via the Platform Exchange Grid (pxGrid) protocol. The pXGrid Controller acts as a broker that registers, authenticates, and authorizes pxGrid clients, and allows them to publish and subscribe to topics of interest. For example, Stealthwatch can subscribe to the Session Directory topic to obtain user and device information from ISE, and use it to enrich the network flow data and provide better visibility and security analytics. Stealthwatch can also publish topics, such as Rapid Threat Containment (RTC), to allow ISE to take mitigation actions on compromised endpoints, such as quarantine or re-authentication. References: Cisco Identity Services Engine Administrator Guide, Release 2.4 - Manage Platform Exchange Grid Services [Cisco Identity Services Engine] - Cisco1 Deploying Cisco Stealthwatch 7.x with Cisco ISE 2.4 using pxGrid - Cisco Community2 Stealthwatch - Networking fun3 pxGrid in Depth > Sharing the Context | Cisco Press4
Question 23
Which two options are primary functions of Cisco ISE? (Choose two.)
Correct Answer: B,F
Cisco ISE is a security policy management platform that provides secure access to network resources. Cisco ISE functions as a policy decision point and enables enterprises to ensure compliance, enhance infrastructure security, and streamline service operations1. Two of the primary functions of Cisco ISE are: * Enforcing endpoint compliance with network security policies: Cisco ISE can assess the posture of all endpoints that access the network, including 802.1X environments, and enforce the appropriate policies based on the device type, identity, location, and other attributes. Cisco ISE can also provide comprehensive client provisioning measures to ensure that the endpoints are compliant with the network security policies before granting them access. Cisco ISE can also quarantine or remediate non-compliant endpoints to prevent potential threats or vulnerabilities12. * Providing information about every device that touches the network: Cisco ISE can gather real-time contextual information from networks, users, and devices, and use that information to make governance decisions and apply policies. Cisco ISE can also discover, profile, and monitor the endpoint devices on the network, and classify them according to their associated policies and identity groups. Cisco ISE can also leverage the pxGrid framework to share the contextual information with other security tools and platforms, and enhance the network visibility and security13. The other options are not primary functions of Cisco ISE, because: * Allocating resources: Cisco ISE does not allocate resources to the endpoints or the network devices. Cisco ISE can assign services or access levels based on the policies, but not resources such as bandwidth, memory, or CPU1. * Enabling WAN deployment over any type of connection: Cisco ISE does not enable WAN deployment over any type of connection. Cisco ISE can support VPN access for remote endpoints, but not WAN deployment for the network infrastructure1. * Automatically enabling, disabling, or reducing allocated power to certain devices: Cisco ISE does * not automatically enable, disable, or reduce allocated power to certain devices. Cisco ISE can control the access and authorization of the devices, but not their power consumption or management1. * Providing VPN access for any type of device: Cisco ISE does not provide VPN access for any type of device. Cisco ISE can authenticate and authorize the VPN access for the endpoints, but not provide the VPN service or connection itself. Cisco ISE relies on other network devices, such as VPN gateways or routers, to provide the VPN access1. References: 1: Cisco Content Hub - Cisco ISE Features 2: Cisco ISE Posture Service Overview 3: [Cisco ISE Profiler Service Overview]
Question 24
What is the easiest way to enable SD-Access for all your remote site after you have your campus SD-Access fabric up and running?
Correct Answer: B
Question 25
How would cisco ISE handle authentication for your printer that does not have a supplicant?
