- Home
- Networking
- CCNP Security 300-208
31.
Which is true of the Cisco ISE GUI?
- A.Requires a separate application to access it
- B.Uses a “standard,” Adobe Flash-capable web-browser
- C.Does not exist—ISE is only configurable via command-line interface (CLI)
- D.Requires Cisco Network Assistant
- Answer & Explanation
- Report
Answer : [B]
Explanation :
Explanation :
| The Cisco ISE GUI is available via an Adobe Flash-capable web-browser. As of Cisco ISE 1.2, the two supported browsers are Mozilla Firefox and Microsoft Internet Explorer. |
32.
To ensure the highest level of security, the ISE administrative GUI uses which of the following?
- A.SSH
- B.SCP
- C.HTTP
- D.HTTPS
- Answer & Explanation
- Report
Answer : [D]
Explanation :
Explanation :
| The best way to ensure a secure connection is by encrypting the communications between the ISE and the device being used for the administrative portal. If HTTP were to be used, any device in the network flow, between the administrative device and ISE, could eavesdrop or play “manin- the middle” on the communications, either compromising the administrative credentials or surreptitiously injecting a different security policy. To prevent this from happening, ISE leverages HTTPS, encrypting all traffic between the administrative device and ISE, and ensuring that the traffic sent from the administrative device arrives securely without compromise. SSH and SCP are not protocols that are typically used for GUI-based portals. |
33.
The initial certificate presented by the ISE administrative GUI is typically which of the
following?
- A.Signed by a trusted, public certificate authority
- B.A self-signed certificate automatically generated by ISE
- C.Delivered in a separate envelope from the ISE appliance
- D.Put in a frame and hung over your desk at work
- Answer & Explanation
- Report
Answer : [B]
Explanation :
Explanation :
| To establish the initial, secure connection with ISE, ISE will generate a self-signed certificate. Because a trusted certificate authority, either a local CA or a third-party, public CA, has not signed it, the certificate can cause a security warning within the web browser that is being used for administrative access. If you are confident that a man-in-the-middle or other nefarious device is NOT presenting this certificate, you can permanently accept this certificate within the web browser to prevent these security warnings in the future. Ideally, it is best to install a certificate from a trusted CA (a CA that already exists in the browser store—either a local CA or a third-party public CA) onto ISE. This, too, will prevent these security warnings in the future. |
34.
Components within the Operations section of ISE allow an administrator to do which of the
following?
- A.Actively monitor, report, and troubleshoot active authentication and authorization sessions
- B.Configure how ISE will operate on the network
- C.Create the web portals for client provisioning
- D.Modify the security policy of ISE
- Answer & Explanation
- Report
Answer : [A]
Explanation :
Explanation :
| The Operations tab of Cisco ISE allows an administrator to monitor, report, and troubleshoot active authentication and authorization sessions. |
35.
The Policy tab of the Cisco ISE GUI allows an administrator to configure all of the following
EXCEPT which?
- A.Authorization
- B.Client provisioning
- C.Web portals
- D.Security group access
- Answer & Explanation
- Report
Answer : [C]
Explanation :
Explanation :
| The Policy tab of the Cisco ISE GUI allows an administrator to configure authentication, authorization, profiling, posture, client provisioning, and security group access—amongst others. web portals, however, are configured under the Administration tab. |
|
|
||||||||||||||||||||||||||||
