ISE Functionalities - Cisco 400-251 Exam

Functionalities of ISE - Cisco 400-251 Exam

Prev Question Next Question


Which four functionalities are built into the ISE? (Choose four.)



Click on the arrows to vote for the correct answer

A. B. C. D. E. F. G.


Sure, I can help you with that.

The Identity Services Engine (ISE) is a network policy management and access control solution that allows organizations to securely connect and manage devices and users across wired, wireless, and VPN networks. It provides a wide range of features and functionalities to help organizations enforce network security policies, ensure compliance, and streamline network access management.

Here are the explanations of the four functionalities that are built into the ISE:

A. Profiling Server: The ISE Profiling Server collects and analyzes endpoint device information to determine the device type, operating system, installed applications, and other attributes that can be used to create device profiles. These profiles are then used by ISE to enforce network access policies and provide visibility into the devices connected to the network. The profiling server can automatically discover and profile devices that connect to the network, allowing administrators to gain granular visibility and control over the network.

B. Profiling Collector: The ISE Profiling Collector is responsible for collecting endpoint device information from various sources, such as DHCP, NetFlow, SNMP, and Active Directory, and sending it to the Profiling Server for analysis. It can also perform deep packet inspection (DPI) to extract information from network traffic, such as HTTP headers and SSL certificates. The Profiling Collector can be deployed in distributed environments to collect endpoint information from multiple locations.

C. RADIUS AAA for Device Administration: The ISE supports RADIUS authentication, authorization, and accounting (AAA) for device administration, which enables administrators to control access to network devices, such as routers, switches, and firewalls. By using RADIUS AAA, administrators can enforce granular access policies based on user identity, device type, time of day, and other factors. The ISE can also log and report on device access activity for auditing purposes.

D. RADIUS AAA for Network Access: The ISE also supports RADIUS AAA for network access, which allows organizations to control access to the network based on user identity and other factors. By using RADIUS AAA, organizations can enforce policies such as device compliance, network segmentation, and guest access. The ISE can integrate with other security solutions, such as firewalls and VPNs, to provide comprehensive network access control.

E. TACACS+ for Device Administration: The ISE also supports TACACS+ for device administration, which provides an alternative to RADIUS AAA for controlling access to network devices. TACACS+ is a protocol that separates authentication, authorization, and accounting functions, providing more granular control over device access. By using TACACS+ with the ISE, organizations can enforce stricter device access policies and logging requirements.

F. TACACS+ for Network Access: The ISE does not support TACACS+ for network access. Instead, it provides RADIUS AAA for this purpose.

G. Guest Lifecycle Management: The ISE provides guest lifecycle management, which enables organizations to manage guest access to the network. This includes self-registration portals for guests to request access, approval workflows for guest access requests, and guest account provisioning and deprovisioning. The ISE can also enforce guest access policies, such as time-based access and network segmentation.