Question 223 of 240 from exam 400-351: CCIE Wireless Written Exam

Question 223 of 240 from exam 400-351: CCIE Wireless Written Exam


Which two statements are true about adding Identity Services Engines 1.3 to Prime Infrastructure 2.2? (Choose two.)



A. B. C. D.


Sure, I can help explain the correct answers to this question in detail.

A. If you add two ISEs, one should be primary and the other should be standby.

This statement is true. When adding Identity Services Engines (ISEs) to Prime Infrastructure (PI), it is recommended to configure one ISE as the primary and the other as a standby. The primary ISE will handle all authentication and authorization requests, while the standby ISE will take over if the primary ISE fails. This provides high availability and ensures that there is no downtime in case of a failure.

B. You need to use superuser credentials on ISE for PI integration to work.

This statement is false. When adding ISEs to PI, it is not required to use superuser credentials. Instead, you can use a dedicated integration user account with the necessary permissions to access and configure the ISE. This integration user account should have read-only access to the ISE REST API and write access to the ISE configuration API.

C. Configuration templates within PI can be used to set up IS.

This statement is true. Configuration templates within PI can be used to configure ISEs and other network devices. This allows you to deploy consistent configurations across multiple devices and reduce the likelihood of errors or inconsistencies in the configuration. PI provides a range of pre-defined templates for ISE configuration, including templates for configuring ISE authentication, authorization, and accounting (AAA) policies.

D. A maximum of three ISEs can be added to PI.

This statement is false. PI does not have a limit on the number of ISEs that can be added. However, it is important to ensure that the PI server has sufficient resources to handle the additional load of managing multiple ISEs. Additionally, it is recommended to distribute the load of authentication and authorization requests across multiple ISEs to improve performance and scalability.

Overall, the correct answers are A and C.