500-470 Exam Dumps : Cisco Enterprise Networks SDA, SDWAN and ISE Exam for System Engineers

Cisco ISE is a network access control solution that uses policy-based decision making to determine if a device is allowed access to the network and, if allowed, what level of access this device is given1.Cisco ISE can also provide authentication, authorization, and accounting (AAA) through the RADIUS protocol and device administration through TACACS+ service1.

Some of the use cases of Cisco ISE are:

• Access Control: Cisco ISE can grant and control the right level of network access for both wired and wireless devices by employing mainly the 802.1x protocol and EAPoL (EAP over LAN)1.Cisco ISE can also use MAC authentication bypass (MAB) to authenticate devices that are unable to use the EAP protocol1.Additionally, Cisco ISE can integrate with Microsoft Active Directory for confirming user identity1.
• Assurance: Cisco ISE can monitor and troubleshoot the various features on ISE and analyze trends of the network activities from a centralized admin node2.Cisco ISE can also provide reports on user andentity behavior analytics (UEBA), enterprise mobility management/mobile device management (EMM/MDM), security incident and event management (SIEM), and segmentation34.
• Monitoring: Cisco ISE can provide endpoint visibility with context by collecting and analyzing data from various sources such as endpoints, users, applications, devices, networks, and cloud services4.Cisco ISE can also provide real-time alerts and notifications on security events and anomalies4.

Some of the statements that are true regarding Cisco SD-WAN license tiers are:

• With Pro license, control and data policies are supported2. This license tier enables network operators to define and enforce policies for traffic shaping, quality of service (QoS), application optimization, and security2.
• With Plus license, split-tunnel is supported3. This license tier enables network operators to use split-tunneling technology to route traffic through different paths based on application or user preferences3.
• With Enterprise license, vAnalytics is included4. This license tier enables network operators to use vAnalytics feature to collect and analyze data from various sources such as endpoints, applications, devices, networks, and cloud services4.

The Cisco V-Edge Router performs QoS traffic classification on the ingress interface, before the traffic enters the VPN. The classification is based on the match criteria specified in the access lists, which can include the source and destination IP addresses, ports, protocols, DSCP values, and application-aware NBAR attributes. The classification results in assigning a forwarding class and a QoS group to each packet. The forwarding class determines the output queue and the scheduling policy for the packet on the egress interface. The QoS group is an internal label that can be used to remark the DSCP value of the packet or to match the packet in another access list for further processing. References:

• : Forwarding and QoS Configuration Guide for vEdge Routers, Cisco SD-WAN Release 20, Chapter 2: Configuring Localized Data Policy, https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/qos/vEdge-20-x/qos-book/localized-data-policy.html#id_1050591
• : Cisco SD-WAN Design Guide, Release 20, Chapter 6: Quality of Service, https://www.cisco.com/c/en/us/td/docs/solutions/CVD/SDWAN/2020/b_SD-WAN_Design_Guide_Aug_2020/b_SD-WAN_Design_Guide_Aug_2020_chapter_0110.html2