Exam Number 500-254 ISE
Duration 65 minutes (50-60 questions)
Available Languages English
Register Pearson VUE
Exam Policies Read current policies and requirements
Exam Tutorial Review type of exam questions
The Implementing and Configuring Identity Services Engine (ISE) (500-254) exam tests a candidate’s knowledge on how to setup, configure, and implement Cisco ISE services to authenticate and authorize users before allowing access to the network. Topics covered include implementing 802.1X authentication, MAC Authentication Bypass, Web Authentication, ISE profiling, guest, posture services, and creating high-level-design document.
The exam is closed book and no outside reference materials are allowed. The following topics are general guidelines for the content that is likely to be included on the practical exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the following guidelines may change at any time without notice.
6% 1.0 Building a Network Design for the ISE Platform
1.1 Introducing the TrustSec Solution and ISE Platform Architecture
24% 2.0 Deploying the Cisco Identity Services Engine
2.1 Installing the ISE Software
2.2 Integrating the ISE into Microsoft Active Directory
2.3 Configuring The ISE for Redundancy and Scaling
47% 3.0 Implementing Classification and Policy Enforcement
3.1 Configuring the ISE for MAC Address Bypass (MAB)
3.2 Configuring the ISE for wired and wireless 802.1X authentication
3.3 Deploying VPN-based services using the Cisco ASA and Inline Posture
3.4 Configuring web authentication using the ISE
3.5 Using the ISE for policy enforcement
18% 4.0 Configuring and verifying Profiling, Posturing, and Guest Services
4.1 Configuring ISE profiling services
4.2 Configuring ISE posture services
4.3 Configuring ISE guest services
4% 5.0 TrustSec Fundamentals Collapse
5.1 Introducing TrustSec fundamentals
1% 6.0 Creating a Low-Level Design for the ISE Collapse
6.1 Creating a high-level and low-level design for the ISE
Which two elements must you configure on a Cisco Wireless LAN Controller to allow Cisco ISE to
authenticate wireless users? (Choose two.)
A. Configure Cisco ISE as a RADIUS authentication server and enter a shared secret.
B. Configure Cisco ISE as a RADIUS accounting server and enter a shared secret.
C. Configure all attached LWAPs to use the configured Cisco ISE node.
D. Configure RADIUS attributes for each SSID.
E. Configure each WLAN to use the configured Cisco ISE node.
F. Configure the Cisco Wireless LAN Controller to join a Microsoft Active Directory domain.
Which three Cisco TrustSec enforcement modes are used to help protect network operations
when securing the network? (Choose three.)
A. logging mode
B. monitor mode
C. semi-passive mode
D. low-impact mode
E. closed mode
Which statement is correct about Change of Authorization?
A. Change of Authorization is a fundamental component of Cisco TrustSec and Cisco ISE.
B. Change of Authorization can be triggered dynamically based on a matched condition in a
policy, and manually by being invoked by an administrator operation.
C. It is possible to trigger Change of Authorization manually from the ISE interface.
D. Authentication is the supported Change of Authorization action type.
The default Cisco ISE node configuration has which role or roles enabled by default?
A. Administration only
B. Inline Posture only
C. Administration and Policy Service
D. Policy Service, Monitoring, and Administration
Inline Posture nodes support which enforcement mechanisms?
A. VLAN assignment
B. downloadable ACLs
C. security group access
D. dynamic ACLs