https://www.ciscolive.com/c/dam/r/ciscolive/us/docs/2018/pdf/BRKDCN-2489.pdf Slide 20 -Overlay -VNID -Group Based Policy

https://www.ciscolive.com/c/dam/r/ciscolive/us/docs/2018/pdf/BRKDCN-2489.pdf

The overall health page of the assurance component in the Cisco DNA Center displays two primary categories: Client and Network1. The Client category shows the health score of all the wired and wireless clients connected to the network, along with the number of clients, the top issues affecting the clients, and the distribution of clients by type, OS, and SSID1. The Network category shows the health score of all the network devices, such as switches, routers, wireless controllers, and access points, along with the number of devices, the top issues affecting the devices, and the distribution of devices by site, family, and role1.

The other options are not primary categories on the overall health page. Server is not a category, but a type of client that can be filtered in the Client category1. Access-Distribution and Core are not categories, but roles of network devices that can be filtered in the Network category1. Wired is not a category, but a subcategory of the Client category that shows the health score of the wired clients only1.

References:

Cisco DNA Assurance User Guide, Release 1.3.1.0 - Monitor and Troubleshoot the Health of Your Network [Cisco DNA Center]

Designing Cisco Enterprise Networks (ENDESIGN) Exam Topics [Cisco]

Cisco Validated Design Guides [Cisco]

 Cisco ISE benefits our customers by providing network access control and helping them stop and contain real-time threats. Network access control is the ability to enforce policies on who and what can access the network, based on the identity and context of users, devices, and applications. Cisco ISE allows customers to authenticate, authorize, and audit network access, as well as to segment and isolate network traffic based on security and compliance requirements. Cisco ISE also helps customers stop and contain real-time threats by leveraging intel from across the network and security ecosystem, and by automating threat response actions. Cisco ISE can integrate with various security solutions, such as Cisco Stealthwatch, Cisco Firepower, and Cisco Umbrella, to detect and mitigate attacks on the network quickly and effectively. References:

Cisco Identity Services Engine (ISE) - Cisco1

Cisco Identity Services Engine (ISE) - Cisco2

Network Visibility and Segmentation (NVS) - Cisco3

Rapid Threat Containment - Cisco4

https://salesconnect.cisco.com/sc/s/learning-activity-from-plan?ltui__urlRecordId=a0c8c00000Kfw0AAAR <ui__urlRedirect=learning-activity-from-plan<ui__parentUrl= Slide 3 - ISE is critical to your customer – • Visibility in to users, devices & applications • Access control and segmentation • Stop and contain threats in real-time

 SD-WAN demonstrations are an effective way to showcase the benefits and features of Cisco SD-WAN solutions to potential customers. However, not all demos are created equal, and there are some best practices to follow to ensure a successful and engaging demo. Here are some explanations for why C and E are true statements regarding SD-WAN demonstrations:

C. During a demo, you should consider the target audience and the desired outcome. This is a true statement because different audiences may have different levels of technical knowledge, business needs, and expectations from the demo. For example, a demo for a C-level executive may focus more on the business outcomes and value proposition of SD-WAN, while a demo for a network engineer may dive deeper into the technical details and configuration options. Therefore, it is important to tailor the demo to the specific audience and the desired outcome, such as generating interest, building trust, or closing a deal.

E. There is a big difference between demos that use a top down approach and demos that use a bottom up approach. This is also a true statement because the two approaches have different advantages and disadvantages, and may suit different scenarios. A top down approach starts with the high-level overview of the SD-WAN solution, such as the architecture, components, benefits, and use cases, and then drills down into the specific features and functionalities. A bottom up approach starts withthe low-level details of the SD-WAN solution, such as the configuration, troubleshooting, and testing, and then builds up to the big picture and value proposition. A top down approach may be more suitable for a non-technical or business-oriented audience, while a bottom up approach may be more suitable for a technical or hands-on audience.

References :=

Cisco SD-WAN Demonstration Guide

SD-WAN Best Practices | Kentik Blog

SD-WAN best practices for a successful implementation

SD-WAN best practices - VMware Blogs

Stay focused and develop a custom story guide taking into consideration the target audience, desired outcome and story to tell while demonstrating the Viptela solution capabilities Slide 151 = There is a big difference demoing using a top down vs. bottom up approachhttps://salesconnect.cisco.com/sc/s/learning-activity-from-plan?ltui__urlRecordId=a0c8c00000P3hKMAAZ <ui__urlRedirect=learning-activity-from-plan<ui__parentUrl=learning-activity-from-plan

Cisco ISE is a security policy management platform that provides secure access to network resources. Cisco ISE functions as a policy decision point and enables enterprises to ensure compliance, enhance infrastructure security, and streamline service operations1. Two of the statements that are true regarding Cisco ISE are:

ISE can detect endpoints whose addresses have been translated via NAT: Cisco ISE can discover, profile, and monitor the endpoint devices on the network, and classify them according to their associated policies and identity groups. Cisco ISE can leverage the pxGrid framework to share the contextual information with other security tools and platforms, and enhance the network visibility and security1. Cisco ISE can also detect endpoints whose addresses have been translated via NAT by using various methods, such as passive and active discovery, NMAP scanning, DHCP snooping, and RADIUS accounting234.

The number of logs that ISE can retain is determined by your disk space: Cisco ISE provides a logging mechanism that is used for auditing, faultmanagement, and troubleshooting. The logging mechanism helps you to identify fault conditions in deployed services and troubleshoot issues efficiently. You can configure your Cisco ISE node to collect the logs in the local systems using a virtual loopback address5. The number of logs that ISE can retain is determined by your disk space, as well as the data purging settings that you can configure under Administration > System > Maintenance > Data Purging6. You can also configure Cisco ISE to send its logs to a remote system for greater retention history7.

The other statements are not true regarding Cisco ISE, because:

In distributed deployments, failover from primary to secondary Policy Administration Nodes happens automatically: Cisco ISE supports high availability for the Administration persona, which provides centralized configuration and management of the distributed deployment. You can configure one primary Administration ISE node and one secondary Administration ISE node for high availability. However, the failover from primary to secondary Policy Administration Nodes does not happen automatically, unless you enable the automatic failover feature and configure a health check node to monitor the primary node’s status8. Otherwise, you have to manually promote the secondary node to become the primary node in case of a failure9.

In two-node standalone ISE deployments, failover must be done manually: Cisco ISE supports high availability for the Policy Service persona, which provides network access, posture, guest access, client provisioning, and profiling services. You can configure multiple Policy Service Nodes (PSNs) in a node group to provide session failover and load balancing for the endpoints. In a two-nodestandalone ISE deployment, where each node assumes all the personas, the failover for the Policy Service persona does not need to be done manually, as long as the network access devices are configured to use both nodes for RADIUS and TACACS services10.

ISE supports IPv6 downloadable ACLs: Cisco ISE supports downloadable ACLs (DACLs), which are configured and implemented through authorization profiles. DACLs are used to enforce granular access control policies for the endpoints based on their identity and other attributes. However, Cisco ISE does not support IPv6 downloadable ACLs, as it only supports IPv4 ACLs for RADIUS and TACACS protocols1112.

References:

1: Cisco Content Hub - Cisco ISE Features 2: Cisco ISE Profiler Service Overview 3: ISE Deployment through NAT Boundaries - Cisco Community 4: Configure ISE 3.3 Native IPSec to Secure NAD (IOS-XE) Communication - Cisco 5: Logging [Cisco Identity Services Engine] - Cisco Systems 6: ISE maximum logging time / data retention - Cisco Community 7: Logs retention on ISE - Cisco Community 8: Cisco Identity Services Engine Administrator Guide, Release 2.4 9: Setting Up Cisco ISE in a Distributed Environment 10: Cisco Content Hub - Network Deployments in Cisco ISE 11: Cisco Identity Services Engine Administrator Guide, Release 2.2 12: Solved: ISE: support for IPv6 DACL’s - Cisco Community

"There is no automatic failover for the Administration persona."https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_dis_deploy.html...Newer platforms and ISE versions appear to support ipv6 dacl just fine now