Which three options focus of the current digital business era? (Choose three.)
loT scale
automation
connectivity
centralized enterprise and web applications
Human scale
Virtualized services
The current digital business era is characterized by the rapid growth and adoption of digital technologies that enable companies to improve their business capabilities, operational efficiencies, and customer experiences. According to various sources, such as McKinsey1 and Forbes23, some of the key focus areas of the current digital business era are:
References:
1: Digital strategy in the postpandemic era | McKinsey 2: The Business Benefits Of Living In The Most Digital Era Yet - Forbes 3: Why The Era Of Digital Transformation Is Important For … - Forbes 4: [What is IoT? How Smart Devices Impact Businesses in 2021] 5: [The Internet of Things: How IoT is changing the world - Forbes] 6: [What is Automation? Definition, Benefits, and Examples] : [How Automation Is Changing The Future Of Work - Forbes] : [What is Connectivity? Definition, Types, and Examples] : [How Connectivity Is Driving Business Transformation - Forbes]
Which two options help you sell Cisco ISE? (Choose two.)
Showcasing the entire ISE feature set
Referring to TrustSec as being only supported on Cisco networks
Discussing the importance of custom profiling
Explaining ISE support for 3rd party network devices
Downplaying the value of pxGrid as compared to RESTful APIs
Cisco ISE is a comprehensive solution that enables enterprises to enforce consistent and secure access policies across wired, wireless, and VPN connections. It also provides visibility, control, and automation for the network devices, endpoints, users, and applications. To sell Cisco ISE effectively, it is important to highlight the benefits and features of the solution that address the customer’s pain points and needs. Among the options given, two options help you sell Cisco ISE:
The other three options are not helpful for selling Cisco ISE:
References:
Cisco Identity Services Engine (ISE) Use Cases1 : Cisco Identity Services Engine Network Component Compatibility, Release 2.72 : Cisco TrustSec3 : Cisco pxGrid4 : Cisco ISE Network Discovery5 : Cisco Identity Services Engine Administrator Guide, Release 2.7 - Configure Custom Profiling Policies [Cisco Identity Services Engine] - Cisco : Cisco Identity Services Engine API Reference Guide, Release 2.7 - Cisco ISE REST APIs [Cisco Identity Services Engine] - Cisco
What should you do if you are looking at a strategic win with a customer and the customer wants to examine Cisco ISE for longer than a few weeks?
Point them to our dCloud demo library.
Give them our ISE YouTube videos.
Set them up with a dCloud account.
Give them some of our flash files that can be played on any browser.
Provide them with a downloadable POV kit.
Set them up with an account on a Cisco UCS server that hosts ISE.
If you are looking at a strategic win with a customer and the customer wants to examine Cisco ISE for longer than a few weeks, you should provide them with a downloadable POV kit. A POV kit is a proof of value kit that contains a pre-configured virtual machine of Cisco ISE with licenses, sample data, and documentation. A POV kit allows the customer to quickly and easily deploy and test Cisco ISE in their own environment, without requiring any hardware or installation. A POV kit can help the customer to evaluate the features and benefits of Cisco ISE, such as identity-based access control, device profiling, posture assessment, guest management, and threat mitigation12.
The other options are not suitable for a customer who wants to examine Cisco ISE for longer than a few weeks. Pointing them to our dCloud demo library, giving them our ISE YouTube videos, or giving them some of our flash files that can be played on any browser are good ways to introduce Cisco ISE to the customer, but they do not provide a hands-on experience or a realistic scenario of how Cisco ISE works in their network. Setting them up with a dCloud account or an account on a Cisco UCS server that hosts ISE are also possible ways to provide a demo or a trial of Cisco ISE, but they may have limitations on the duration, availability, scalability, or customization of the environment. A POV kit gives the customer more flexibility and control over their evaluation of Cisco ISE.
References :=
Which component of the SD-Access fabric is responsible for communicating with networks that are external to the fabric?
border nodes
edge nodes
control plane nodes
intermediate nodes
= Border nodes are the component of the SD-Access fabric that is responsible for communicating with networks that are external to the fabric. Border nodes serve as the gateway between the fabric domain and the network outside of the fabric. Border nodes are responsible for network virtualization inter-working and SGT propagation from the fabric to the rest of the network1. Border nodes also perform LISP Proxy Tunnel Router (PxTR) functions, which convert policy and reachability information, such as SGT and VRF information, from one domain to another2. Border nodes can connect to internal networks, such as data center or WAN, or external networks, such as internet or cloud3.
Edge nodes, control plane nodes, and intermediate nodes are not responsible for communicating with networks that are external to the fabric. Edge nodes are the access-layer switches where all of the endpoints reside. Edge nodes detect clients and register them with the control plane nodes. Edge nodes also provide an anycast L3 gateway for the connected endpoints and perform encapsulation and de-encapsulation of data traffic4. Control plane nodes are the devices that run a host tracking database to map location information. Control plane nodes receive endpoint ID map registrations from edge and/or border nodes and resolve lookup requests from edge and/or border nodes to locate destination endpoint IDs5. Intermediate nodes are the devices that provide underlay connectivity between edge nodes and border nodes. Intermediate nodes do not participate in the fabric overlay and do not have any fabric roles6.
References :=
Which two statements regarding Cisco SD-WAN vEdge routers can mitigate DoS attacks against the infrastructure? (Choose two.)
The vEdge routers run on hardened Linux operating systems.
Only authorized controllers are allowed to communicate back to the vEdg e router after the vEdge router establishes connection with the controllers.
In case of direct Internet access, the only traffic allowed back is the traffic matching the state table entries on the vEdge router.
Open Certificate Authority and automated enrollment feature.
By default, all incoming traffic is denied at the transport (WAN) side interfaces.
Cisco SD-WAN vEdge routers can mitigate DoS attacks against the infrastructure by using two mechanisms:
References:
Which protocol runs between the vSmart controllers and between the vSmart controllers and the vEdge routers, and unifies all control plane functions under a single protocol umbrella?
OMP
BGP
VRRP
IKE
OSPF
The protocol that runs between the vSmart controllers and between the vSmart controllers and the vEdge routers, and unifies all control plane functions under a single protocol umbrella is the Overlay Management Protocol (OMP)12. OMP is a proprietary protocol that is designed to enable the Cisco SD-WAN solution, which provides a software overlay that runs over standard network transport, including MPLS, broadband, and internet to deliver applications and services3. OMP provides the following services12:
OMP is an all-encompassing information management and distribution protocol that enables the overlay network by separating services from transport. Services provided in a typical VPN setting are usually located within a VPN domain, and they are protected so that they are not visible outside the VPN. In such a traditional architecture, it is a challenge to extend VPN domains and service connectivity. OMP addresses these scalability challenges by providing an efficient way to manage service traffic based on the location of logical transport end points. This method extends the data plane and control plane separation concept from within routers to across the network2.
References:
1: Routing Configuration Guide for vEdge Routers, Cisco SD-WAN Release 20.x - Unicast Overlay Routing 2: Introduction to Overlay Management Protocol in Viptela 3: Cisco SD-WAN vEdge vManage vSmart IBM
Which two activities should occur during an SE's discovery process? (Choose two.)
Gathering information about the current state of the customer ’s network environment
Working with the customer to develop a reference architecture
Referencing the PPDIOO model to effectively facilitate the discussion
Establishing credibility with the customer
Mapping Cisco innovation to customer ’s needs
The discovery process is a critical phase in the sales cycle, where the SE gathers information about the customer’s network environment, business goals, challenges, and needs. The discovery process helps the SE to understand the customer’s pain points, identify opportunities, and propose solutions that align with the customer’s objectives and address their problems. The discovery process also helps the SE to establish credibility, trust, and rapport with the customer, and to map Cisco innovation to the customer’s needs.
Some of the activities that should occur during the SE’s discovery process are:
References:
1: Cisco Discovery Service 2: Cisco Network Assessment Services 3: Cisco Catalyst SD-WAN Demos 4: Cisco Business Critical Services
Which two Cisco ISE use cases typically involve the highest level of implementation complexity? (Choose two.)
Device management
Asset visibility
Software-defined segmentation
Software-defined access
Guest and wireless access
Cisco ISE use cases can be classified into four categories: device management, asset visibility, software-defined segmentation, and software-defined access. Each of these use cases has a different level of implementation complexity, depending on the network size, topology, security requirements, and integration with other technologies. Among these use cases, software-defined segmentation and software-defined access typically involve the highest level of implementation complexity, because they require:
References:
Cisco Identity Services Engine (ISE) Use Cases, : Cisco Enterprise Network Architecture and Design, : Cisco ISE Network Discovery, : Cisco TrustSec, : Cisco DNA Center, : Cisco SD-Access, : Cisco ISE Software-Defined Access, : Cisco SD-Access Migration Guide, : Cisco Stealthwatch, : Cisco Tetration, : Cisco ISE Monitoring and Troubleshooting,
Which three key differentiators that DNA Assurance provides that our competitors are unable match? (Choose three.)
Proactive approach to guided remediation
VXLAN support
Apple Insights
Support for Overlay Virtual Transport
Network time travel
On-premise and cloud-based analytics
Cisco DNA Assurance provides three key differentiators that our competitors are unable to match:
References:
1: Cisco DNA Assurance: AI/ML guided IT operations (AIOps) At-a-Glance 2: Leveraging Cisco Intent-Based Networking DNA Assurance (DNAAS) 3: Cisco DNA Assurance Unlocking the Power of Data, page 39 : Cisco DNA Assurance Unlocking the Power of Data, page 74
Which two statements describes Cisco SD-Access? (Choose two.)
an overlay for the wired infrastructure in which traffic is tunneled via a GRE tunnel to a mobility controller for policy and application visibility
software-defined segmentation and policy enforcement based on user identity and group membership
an automated encryption/decryption engine for highly secured transport requirements
a collection of tools and applications that are a combination of loose and tight couping
programmable overlays enabling network virtualization across the campus
Cisco SD-Access is a solution within Cisco DNA, which is built on intent-based networking principles. Cisco SD-Access provides visibility-based, automated end-to-end segmentation to separate user, device, and application traffic without redesigning the underlying physical network1. Cisco SD-Access also enables programmable overlays that allow network virtualization across the campus, branch, data center, and cloud2. Cisco SD-Access has two main components: the fabric and the policy3.
The fabric is the network overlay that consists of interconnected nodes that provide a consistent and scalable way of delivering network services and functions. The fabric nodes are classified into four types: edge nodes, border nodes, control plane nodes, and intermediate nodes. The edge nodes are the access switches or wireless controllers that connect to the end devices. The border nodes are the routers or switches that connect the fabric to external networks, such as the Internet, WAN, or data center. The control plane nodes are the routers or switches that maintain the mapping between the endpoint identifiers and the network locators. The intermediate nodes are the routers or switches that provide transit services within the fabric3.
The policy is the network configuration that defines the network behavior and outcomes, based on the business intent and requirements. The policy is composed of three elements: the endpoint groups, the contracts, and the virtual networks. The endpoint groups are the logical containers that group the endpoints based on their attributes, such as user identity, device type, or application. The contracts are the rules that specify the allowed interactions between the endpoint groups, such as the protocols, ports, and quality of service. The virtual networks are the logical partitions that isolate the endpoint groups and contracts from each other, based on the network scope and security3.
Cisco SD-Access addresses the following challenges and benefits:
References:
Copyright © 2014-2024 Examstrust. All Rights Reserved