Cisco 500-470 Cisco Enterprise Networks SDA, SDWAN and ISE Exam for System Engineers Exam Practice Test

https://www.ciscolive.com/c/dam/r/ciscolive/latam/docs/2017/pdf/BRKEWN-2032.pdf

 A WAN design is a plan for how to connect multiple sites or locations over a wide area network (WAN). A WAN design can have various benefits, depending on the goals and requirements of the organization. Two of the possible benefits from a WAN design are:

• Ensure remote site uptime: A WAN design can help to ensure that remote sites or branches have reliable and consistent connectivity to the central site or the cloud. This can improve the availability and performance of critical applications and services, such as voice, video, collaboration, and data backup. A WAN design can also provide redundancy and resiliency in case of network failures or disasters, by using multiple WAN links, backup routes, or failover mechanisms. For example, SD-WAN is a WAN design that uses software to dynamically route traffic over the best available WAN link, based on the network conditions and the application requirements1.
• Prioritize and secure with granular control: A WAN design can also help to prioritize and secure the traffic and applications that flow over the WAN. This can enhance the quality of service (QoS) and the security of the network. A WAN design can use various techniques, such as traffic shaping, policy-based routing, encryption, firewall, or VPN, to classify, prioritize, and secure the WAN traffic according to the business needs and the security policies. For example, TrustSec is a WAN design that uses software-defined segmentation to enforce granular access policies based on the identity and context of users, devices, and applications2.

The other options, provide lower quality service to guest users, reduce cost and increase operational complexity, and lower circuit bandwidth requirements, are not benefits from a WAN design. Providing lower quality service to guest users is not a desirable outcome, as it can affect the user experience and the reputation of the organization. Reducing cost and increasing operational complexity is a trade-off that may not be worth it, as it can create more challenges and risks for the network management and maintenance. Lowering circuit bandwidth requirements is not a benefit in itself, but a means to achieve other benefits, such as reducing cost or improving performance. A WAN design should aim to optimize the bandwidth utilization and allocation, rather than simply lowering it. References := : 1: Cisco SD-WAN Solution Design Guide (CVD) - Cisco1, 2: Cisco TrustSec Solution Overview - Cisco

Some of the statements that are true regarding Cisco SD-WAN license tiers are:

• With Pro license, control and data policies are supported2. This license tier enables network operators to define and enforce policies for traffic shaping, quality of service (QoS), application optimization, and security2.
• With Plus license, split-tunnel is supported3. This license tier enables network operators to use split-tunneling technology to route traffic through different paths based on application or user preferences3.
• With Enterprise license, vAnalytics is included4. This license tier enables network operators to use vAnalytics feature to collect and analyze data from various sources such as endpoints, applications, devices, networks, and cloud services4.

Cisco ISE configuration capabilities include the following features:

• ISE Deployment Assistant (IDA) is a built-in application designed to accelerate the deployment of Cisco Identity Service Engine (ISE). IDA guides the user through the initial setup, configuration, and verification of ISE with a step-by-step wizard. IDA also provides best practices and recommendations for common deployment scenarios, such as wireless, wired, VPN, guest, and BYOD1.
• Cisco ISE includes wireless setup wizard and visibility wizard. The wireless setup wizard simplifies the configuration of ISE for wireless access by automating the tasks of adding network devices, creating authorization profiles, and applying policies. The visibility wizard helps the user to enable device profiling and posture services, and to view the endpoint information and compliance status on the ISE dashboard2.
• ISE wizards and per-canned configurations ease ISE roll-out significantly. ISE wizards are interactive tools that assist the user in configuring various features and functions of ISE, such as certificates, network access devices, authentication and authorization policies, guest access, BYOD, and TrustSec. Per-canned configurations are predefined templates that provide common settings and values for ISE components, such as policy sets, authorization profiles, and network conditions. The user can apply these templates to quickly configure ISE for specific use cases, such as 802.1X, MAB, or web authentication3.

The other options, Cisco Active Advisor and ISE command line, are not accurate descriptions of ISE configuration capabilities. Cisco Active Advisor is a separate cloud-based service that provides network health and security checks, device lifecycle management, and best practice recommendations for Cisco devices. It is not directly related to ISE deployments. ISE command line is an interface that allows the user to perform administrative tasks, such as backup and restore, password recovery, and troubleshooting. However, ISE does not require an understanding of the command line for set-up and configuration, as most of the functions can be done through the graphical user interface (GUI). References := : 1: ISE Deployment Assistant (IDA) - Cisco Identity Services Engine - Cisco, 2: Cisco Identity Services Engine Administrator Guide, Release 2.7 - Wireless Setup Wizard [Cisco Identity Services Engine] - Cisco, 3: Cisco Identity Services Engine Administrator Guide, Release 2.7 - ISE Wizards [Cisco Identity Services Engine] - Cisco, : Cisco Active Advisor - Cisco, : Cisco Identity Services Engine CLI Reference Guide, Release 2.7 - Using the Command-Line Interface [Cisco Identity Services Engine] - Cisco

Device Sensor is a feature that enables Cisco devices to collect and report information about the endpoints connected to them. This information can be used by ISE to identify and classify the endpoints, and apply appropriate policies based on their attributes. Device Sensor can collect information from various sources, such as DHCP, CDP, LLDP, and HTTP User-Agent. Among the options given, only DHCP and CDP are valid sources of information for Device Sensor. References := : Cisco Identity Services Engine Administrator Guide, Release 2.7 - Device Sensor [Cisco Identity Services Engine]- Cisco (https://learningnetworkstore.cisco.com/c/en/us/td/docs/security/ise/2-7/admin_guide/b_ise_admin_guide_27/b_ise_admin_guide_27_chapter_010100.html)

2of30

https://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise-networks/sd-wan/nb-07-clo ud-router-data-sheet-cte-en.pdf

A vEdge Cloud Router is a virtualized version of the vEdge router that can be deployed in various cloud environments. According to the Cisco vEdge Cloud Data Sheet1, the vEdge Cloud Router can be instantiated as a virtual machine (VM) on a KVM hypervisor or as a VM on a VMware ESXi hypervisor, as well as in public cloud environments, such as Amazon AWS or Google Cloud Platform. Therefore, the two platforms that can host a vEdge Cloud Router are AWS and Microsoft Azure.

References:

 1: [Solutions - Cisco vEdge Cloud Data Sheet - Cisco]

The maximum number of concurrent endpoints with a distributed deployment depends on the type of deployment and the hardware used. According to the Cisco documentation1, there are two types of distributed deployments: hybrid and dedicated.

• A hybrid deployment is where the Policy Administration Node (PAN) and the Monitoring Node (MnT) personas are co-located on the same node, and the Policy Service Node (PSN) persona is distributed across multiple nodes. A hybrid deployment can support up to 20,000 concurrent endpoints with a maximum of 5 PSNs on SNS-36xx or SNS-35xx hardware.
• A dedicated deployment is where the PAN, MnT, and PSN personas are separated on different nodes. A dedicated deployment can support up to 500,000 concurrent endpoints with a maximum of 50 PSNs on SNS-36xx or SNS-35xx hardware.

The main difference between the hybrid and dedicated deployments is the scalability and redundancy of the MnT persona, which collects and stores the logs and sessions from the PSNs. By breaking the PAN and MnT roles out on to their own servers, the dedicated deployment can handle more concurrent endpoints and PSNs, as well as provide failover and load balancing for the MnT persona2

References :=

• Performance and Scalability Guide for Cisco Identity Services Engine
• Solved: ISE concurrent connections query - Cisco Community

According to the Cisco DNA Center Compatibility Matrix1, the current DNA-C 1.1 release supports the following wireless product families:

• WLC 8540: This is a high-performance wireless controller that can support up to 6000 access points and 64,000 clients. It is designed for large-scale wireless deployments and offers advanced features such as application visibility and control, flexible radio assignment, and software-defined access2.
• AP 3800: This is a high-performance access point that can support up to 5.2 Gbps data rates and 4x4 MIMO with four spatial streams. It is designed for high-density environments and offers features such as flexible radio assignment, CleanAir, ClientLink, and Smart Antenna Connector3.
• WLC 3504: This is a compact wireless controller that can support up to 150 access points and 3000 clients. It is designed for small to medium-sized wireless deployments and offers features such as application visibility and control, software-defined access, and TrustSec4.

The other wireless product families, such as AP 1260 and WLC 5508, are not supported in the current DNA-C 1.1 release.

References:

• : Cisco DNA Center Compatibility Matrix
• : Cisco 8540 Wireless Controller Data Sheet - Cisco
• : Cisco Aironet 3800 Series Access Points Data Sheet - Cisco
• : Cisco 3504 Wireless Controller Data Sheet - Cisco

The current DNA-C 1.1 release supports the following wireless product families:

• WLC 3504: This is a wireless LAN controller that provides centralized control, management, and troubleshooting for small to medium-sized enterprises and branch offices. It supports up to 150 access points and 3,000 clients, and offers high availability, scalability, and security features. It is compatible with Cisco DNA Center 1.1 and later releases1.
• WLC 8540: This is a wireless LAN controller that provides centralized control, management, and troubleshooting for large enterprises and service providers. It supports up to 6,000 access points and 64,000 clients, and offers high performance, reliability, and flexibility. It is compatible with Cisco DNA Center 1.1 and later releases2.
• AP 3800: This is an access point that delivers high-performance wireless connectivity for indoor and outdoor environments. It supports 802.11ac Wave 2 technology, multiuser multiple-input multiple-output (MU-MIMO), flexible radio assignment, and modular design. It is compatible with Cisco DNA Center 1.1 and later releases3.

References:

 1: [Cisco Wireless LAN Controller 3504 Data Sheet - Cisco] : 2: [Cisco 8540 Wireless Controller Data Sheet - Cisco] : 3: [Cisco Aironet 3800 Series Access Points Data Sheet - Cisco]

https://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/Campus/CVD-Software-Defined-Access-Design-Guide-2019SEP.pdf

References :=

Some possible references are:

• Cisco Enterprise Networks SDA, SDWAN and ISE Exam for System Engineers (ENSDENG) Study Guide
• Cisco Identity Services Engine Administrator Guide, Release 2.7 - Configure Network Access Devices [Cisco Identity Services Engine]