Muutke küpsiste eelistusi

E-raamat: CCNP Security Identity Management SISE 300-715 Official Cert Guide

4.25/5 (8 hinnangut Goodreads-ist)
,
  • Formaat: 750 pages
  • Sari: Official Cert Guide
  • Ilmumisaeg: 30-Oct-2020
  • Kirjastus: Cisco Press
  • Keel: eng
  • ISBN-13: 9780136677734
Teised raamatud teemal:
  • Formaat - EPUB+DRM
  • Hind: 53,81 €*
  • * hind on lõplik, st. muud allahindlused enam ei rakendu
  • Lisa ostukorvi
  • Lisa soovinimekirja
  • See e-raamat on mõeldud ainult isiklikuks kasutamiseks. E-raamatuid ei saa tagastada.
CCNP Security Identity Management SISE 300-715 Official Cert GuideSuurem pilt
  • Formaat: 750 pages
  • Sari: Official Cert Guide
  • Ilmumisaeg: 30-Oct-2020
  • Kirjastus: Cisco Press
  • Keel: eng
  • ISBN-13: 9780136677734
Teised raamatud teemal:

DRM piirangud

  • Kopeerimine (copy/paste):

    ei ole lubatud

  • Printimine:

    ei ole lubatud

  • Kasutamine:

    Digitaalõiguste kaitse (DRM)
    Kirjastus on väljastanud selle e-raamatu krüpteeritud kujul, mis tähendab, et selle lugemiseks peate installeerima spetsiaalse tarkvara. Samuti peate looma endale  Adobe ID Rohkem infot siin. E-raamatut saab lugeda 1 kasutaja ning alla laadida kuni 6'de seadmesse (kõik autoriseeritud sama Adobe ID-ga).

    Vajalik tarkvara
    Mobiilsetes seadmetes (telefon või tahvelarvuti) lugemiseks peate installeerima selle tasuta rakenduse: PocketBook Reader (iOS / Android)

    PC või Mac seadmes lugemiseks peate installima Adobe Digital Editionsi (Seeon tasuta rakendus spetsiaalselt e-raamatute lugemiseks. Seda ei tohi segamini ajada Adober Reader'iga, mis tõenäoliselt on juba teie arvutisse installeeritud )

    Seda e-raamatut ei saa lugeda Amazon Kindle's. 

Trust the best-selling Official Cert Guide series from Cisco Press to help you learn, prepare, and practice for exam success. They are built with the objective of providing assessment, review, and practice to help ensure you are fully prepared for your certification exam.

CCNP Security Identity Management SISE 300-715 Official Cert Guide presents you with an organized test preparation routine using proven series elements and techniques. Do I Know This Already? quizzes open each chapter and enable you to decide how much time you need to spend on each section. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly.









Master CCNP Security Identity Management SISE 300-715 exam topics Assess your knowledge with chapter-opening quizzes Review key concepts with exam preparation tasks Practice with realistic exam questions in the practice test software





CCNP Security Identity Management SISE 300-715 Official Cert Guide, from Cisco Press allows you to succeed on the exam the first time and is the only self-study resource approved by Cisco. Two leading Cisco technology experts share preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills.

This complete study package includes









A test-preparation routine proven to help you pass the exams Do I Know This Already? quizzes, which allow you to decide how much time you need to spend on each section Chapter-ending and part-ending exercises, which help you drill on key concepts you must know thoroughly The powerful Pearson Test Prep Practice Test software, with two full exams comprised of well-reviewed, exam-realistic questions, customization options, and detailed performance reports A final preparation chapter, which guides you through tools and resources to help you craft your review and test-taking strategies Study plan suggestions and templates to help you organize and optimize your study time





Well regarded for its level of detail, study plans, assessment features, and challenging review questions and exercises, this official study guide helps you master the concepts and techniques that ensure your exam success.

This official study guide helps you master all the topics on the CCNP Security Identity Management SISE 300-715 exam, including









Architecture and deployment Policy enforcement Web Auth and guest services Profiler BYOD Endpoint compliance Network access device administration





Companion Website:

The companion website contains two full practice exams, an interactive Flash Cards application, and much more.

Includes Exclusive Offers for Up to 80% Off Video Training, Practice Tests, and more

Pearson Test Prep online system requirements:

Browsers: Chrome version 73 and above, Safari version 12 and above, Microsoft Edge 44 and above.

Devices: Desktop and laptop computers, tablets running on Android v8.0 and iOS v13, smartphones with a minimum screen size of 4.7. Internet access required.

Pearson Test Prep offline system requirements:

Windows 10, Windows 8.1; Microsoft .NET Framework 4.5 Client; Pentium-class 1 GHz processor (or equivalent); 512 MB RAM; 650 MB disk space plus 50 MB for each downloaded practice exam; access to the Internet to register and download exam databases

Also available from Cisco Press for CCNP Security study is the CCNP Security Identity Management SISE 300-715 Official Cert Guide Premium Edition eBook and Practice Test. This digital-only certification preparation product combines an eBook with enhanced Pearson Test Prep Practice Test.

This integrated learning package:









Allows you to focus on individual topic areas or take complete, timed exams Includes direct links from each question to detailed tutorials to help you understand the concepts behind the questions Provides unique sets of exam-realistic practice questions Tracks your performance and provides feedback on a module-by-module basis, laying out a complete assessment of your knowledge to help you focus your study where it is needed most
Introduction xxxvi
Part I Authentication, Authorization, and Accounting
Chapter 1 Fundamentals of AAA
2(16)
"Do I Know This Already?" Quiz
3(2)
Foundation Topics
5(1)
Comparing and Selecting AAA Options
5(2)
Device Administration AAA
6(1)
Network Access AAA
7(1)
TACACS+
7(5)
TACACS+ Authentication Messages
9(1)
TACACS+ Authorization and Accounting Messages
10(2)
RADIUS
12(4)
AV Pairs
15(1)
Change of Authorization (CoA)
16(1)
Comparing RADIUS and TACACS+
16(1)
Exam Preparation Tasks
16(1)
Review All Key Topics
16(1)
Define Key Terms
17(1)
Q&A
17(1)
Chapter 2 Identity Management
18(20)
"Do I Know This Already?" Quiz
18(2)
Foundation Topics
20(1)
What Is an Identity?
20(1)
Identity Stores
20(14)
Internal Identity Stores
21(1)
Internal User Identities
21(1)
User Identity Groups
22(1)
Endpoint Groups
22(1)
External Identity Stores
23(1)
Active Directory
24(1)
LDAP
25(1)
Multifactor Authentication
26(3)
One-Time Password (OTP) Services
29(1)
Smart Cards
29(1)
Certificate Authorities
30(1)
Has the Digital Certificate Been Signed by a Trusted CA?
31(1)
Has the Certificate Expired?
32(1)
Has the Certificate Been Revoked?
33(1)
Identity Source Sequences
34(1)
Special Identity Sources
35(1)
SAMLId Ps
35(1)
Social Login
35(1)
Exam Preparation Tasks
36(1)
Review All Key Topics
36(1)
Define Key Terms
36(1)
Q&A
36(2)
Chapter 3 Extensible Authentication Protocol (EAP) over LAN: 802.1X
38(38)
"Do I Know This Already?" Quiz
38(3)
Foundation Topics
41(1)
Extensible Authentication Protocol
41(1)
EAP over LAN (802.1X)
41(9)
EAP Types
42(1)
Native EAP Types (Non-Tunneled EAP)
43(1)
Tunneled EAP Types
44(3)
All Tunneled EAP Types
47(2)
EAP Authentication Type Identity Store Comparison
49(1)
Network Access Devices
49(1)
Supplicant Options
50(23)
Windows Native Supplicant
50(8)
User Authentication
58(1)
Machine Authentication (Computer Authentication)
58(1)
Cisco AnyConnect NAM Supplicant
59(2)
Client Policy
61(1)
Authentication Policy
62(1)
Networks
62(9)
Network Groups
71(1)
Implementing AnyConnect NAM Profiles
71(2)
EAP Chaining
73(1)
Exam Preparation Topics
73(1)
Review All Key Topics
73(1)
Define Key Terms
74(1)
Q&A
74(2)
Chapter 4 Non-802.1X Authentication
76(16)
"Do I Know This Already?" Quiz
76(3)
Foundation Topics
79(1)
Devices Without a Supplicant
79(1)
MAC Authentication Bypass
80(3)
Web Authentication
83(5)
Local Web Authentication
84(1)
Local Web Authentication with a Centralized Portal
84(1)
Centralized Web Authentication
85(2)
Centralized Web Authentication with Third-Party Network Device Support
87(1)
Remote-Access Connections
88(1)
EasyConnect
89(1)
Exam Preparation Tasks
90(1)
Review All Key Topics
90(1)
Define Key Terms
91(1)
Q&A
91(1)
Chapter 5 Introduction to Advanced Concepts
92(12)
"Do I Know This Already?" Quiz
92(3)
Foundation Topics
95(1)
Change of Authorization
95(1)
Automating MAC Authentication Bypass (MAB)
96(3)
Posture Assessment
99(2)
Mobile Device Management (MDM)
101(1)
Exam Preparation Tasks
102(1)
Review All Key Topics
102(1)
Define Key Terms
102(1)
Q&A
103(1)
Part II Cisco Identity Services Engine
Chapter 6 Cisco Identity Services Engine Architecture
104(18)
"Do I Know This Already?" Quiz
104(2)
Foundation Topics
106(1)
What Is Cisco ISE?
106(2)
Personas
108(3)
Administration Persona
109(1)
Monitoring Persona
109(1)
Policy Services Persona
110(1)
pxGrid Persona
111(1)
Physical or Virtual Appliances
111(2)
ISE Deployment Scenarios
113(1)
Single-Node Deployment
113(1)
Two-Node Deployment
114(2)
Distributed Deployments
116(4)
Exam Preparation Tasks
120(1)
Review All Key Topics
120(1)
Define Key Terms
120(1)
Q&A
120(2)
Chapter 7 A Guided Tour of the Cisco ISE Graphical User Interface (GUI)
122(52)
"Do I Know This Already?" Quiz
123(2)
Foundation Topics
125(1)
Logging in to ISE
125(17)
Initial Login
125(7)
ISE Home Dashboards
132(5)
Administration Portal
137(2)
Global Search for Endpoints
139(1)
Help Menu
140(1)
ISE Setup Wizards
141(1)
Settings Menu
142(1)
Organization of the ISE GUI
142(29)
Context Visibility
143(1)
Operations
143(1)
RADIUS
144(2)
Threat-Centric NAC Live Logs
146(1)
TACACS Live Log
147(1)
Troubleshoot
147(1)
Adaptive Network Control
148(2)
Reports
150(1)
Policy
150(1)
Policy Sets
150(2)
Profiling
152(1)
Posture
152(1)
Client Provisioning
153(1)
Policy Elements
154(1)
Administration
155(1)
System
155(6)
Identity Management
161(2)
Network Resources
163(3)
Device Portal Management
166(3)
pxGrid Services
169(1)
Feed Service
169(1)
Threat Centric NAC
170(1)
Work Centers
170(1)
Types of Policies in ISE
171(2)
Authentication
171(1)
Authorization
171(1)
Profiling
172(1)
Posture
172(1)
Client Provisioning
172(1)
TrustSec
172(1)
Exam Preparation Tasks
173(1)
Review All Key Topics
173(1)
Define Key Term
173(1)
Q&A
173(1)
Chapter 8 Initial Configuration of Cisco ISE
174(32)
"Do I Know This Already?" Quiz
174(3)
Foundation Topics
177(1)
Cisco Identity Services Engine Form Factors
177(1)
Bootstrapping Cisco ISE
177(15)
Where Are Certificates Used with Cisco Identity Services Engine?
181(1)
Self-Signed Certificates
181(1)
CA-Signed Certificates
182(10)
Network Devices
192(2)
Network Device Groups
192(1)
Network Access Devices
192(2)
ISE Identity Stores
194(10)
Local User Identity Groups
194(1)
Local Endpoint Groups
195(1)
Local Users
195(1)
External Identity Stores
196(1)
Active Directory
196(1)
Prerequisites for Joining an Active Directory Domain
196(1)
Joining an Active Directory Domain
197(5)
Certificate Authentication Profile (CAP)
202(1)
Identity Source Sequences
202(2)
Exam Preparation Topics
204(1)
Review All Key Topics
204(1)
Define Key Terms
204(1)
Q&A
205(1)
Chapter 9 Authentication Policies
206(26)
"Do I Know This Already?" Quiz
207(2)
Foundation Topics
209(1)
The Relationship Between Authentication and Authorization
209(1)
Authentication Policy
210(1)
Goal 1 Accept Only Allowed Protocols
210(1)
Goal 2 Select the Correct Identity Store
210(1)
Goal 3 Validate the Identity
211(1)
Goal 4 Pass the Request to the Authorization Policy
211(1)
Understanding Policy Sets
211(5)
Allowed Protocols
213(3)
Understanding Authentication Policies
216(4)
Conditions
217(2)
Identity Store
219(1)
Options
220(1)
Common Authentication Policy Examples
220(7)
Using the Wireless SSID
220(3)
Remote Access VPN
223(1)
Alternative ID Stores Based on EAP Type
224(3)
More on MAB
227(2)
Restore the Authentication Policy
229(1)
Exam Preparation Tasks
230(1)
Review All Key Topics
230(1)
Q&A
230(2)
Chapter 10 Authorization Policies
232(26)
"Do I Know This Already?" Quiz
232(3)
Foundation Topics
235(1)
Authentication Versus Authorization
235(1)
Authorization Policies
235(14)
Goals of Authorization Policies
235(1)
Understanding Authorization Policies
236(5)
Role-Specific Authorization Rules
241(1)
Authorization Policy Example
241(1)
Employee Full Access Rule
241(2)
Internet Only for Smart Devices Rule
243(3)
Employee Limited Access Rule
246(3)
Saving Conditions for Reuse
249(7)
Combining AND with OR Operators
252(4)
Exam Preparation Tasks
256(1)
Review All Key Topics
256(1)
Define Key Terms
256(1)
Q&A
256(2)
Part III Implementing Secure Network Access
Chapter 11 Implement Wired and Wireless Authentication
258(48)
"Do I Know This Already?" Quiz
259(2)
Foundation Topics
261(1)
Authentication Configuration on Wired Switches
261(15)
Global Configuration AAA Commands
261(1)
Global Configuration RADIUS Commands
262(1)
IOS 12.2.x
262(1)
IOS 15.x and IOS XE
263(1)
IOS 12.2.x, 15.x, and IOS XE
264(2)
Global 802.1X Commands
266(1)
Device Tracking in IOS XE 16.x and Later
267(1)
Creating Local Access Control Lists
268(1)
Interface Configuration Settings for All Cisco Switches
269(1)
Configure Interfaces as Switch Ports
269(1)
Configure Flexible Authentication and High Availability
269(3)
Host Mode of the Switch Port
272(2)
Configure Authentication Settings
274(1)
Configure Authentication Timers
275(1)
Apply the Initial ACL to the Port and Enable Authentication
275(1)
Authentication Configuration on WLCs
276(19)
Configure the AAA Servers
276(1)
Add the RADIUS Authentication Servers
277(1)
Add the RADIUS Accounting Servers
278(1)
Configure RADIUS Fallback (High Availability)
279(1)
Configure the Airespace ACLs
280(1)
Create the Web Authentication Redirection ACL
280(2)
Add Google URLs for ACL Bypass
282(1)
Create the Posture Agent Redirection ACL
283(1)
Create the Dynamic Interfaces for the Client VLANs
284(1)
Create the Employee Dynamic Interface
284(1)
Create the Guest Dynamic Interface
285(1)
Create the Wireless LANs
286(1)
Create the Guest WLAN
287(4)
Create the Corporate WLAN
291(4)
Verifying Dotlx and MAB
295(8)
Endpoint Supplicant Verification
295(1)
Network Access Device Verification
296(1)
Verifying Authentications with Cisco Switches
296(3)
Sending Syslog to ISE
299(1)
Verifying Authentications with Cisco WLCs
300(2)
Cisco ISE Verification
302(1)
RADIUS Live Log
302(1)
Live Sessions
303(1)
Looking Forward
303(1)
Exam Preparation Tasks
303(1)
Review All Key Topics
303(1)
Define Key Terms
304(1)
Q&A
304(2)
Chapter 12 Web Authentication
306(28)
"Do I Know This Already?" Quiz
306(3)
Foundation Topics
309(1)
Web Authentication Scenarios
309(4)
Local Web Authentication (LWA)
310(1)
Centralized Web Authentication (CWA)
311(2)
Configuring Centralized Web Authentication
313(9)
Cisco Switch Configuration
313(1)
Configure Certificates on the Switch
313(1)
Enable the Switch HTTP/HTTPS Server
314(1)
Verify the URL-Redirect ACL
314(1)
Cisco WLC Configuration
315(1)
Validate That MAC Filtering Is Enabled on the WLAN
315(1)
Validate That ISE NAC Is Enabled on the WLAN
315(1)
Validate That the URL-Redirection ACL Is Configured
316(1)
Configure ISE for Centralized Web Authentication
317(1)
Configure MAB Continue for the Authentication
318(1)
Verify the Web Authentication Identity Source Sequence
319(1)
Configure a dACL for Pre-WebAuth Authorization
319(1)
Configure an Authorization Profile
320(2)
Building CWA Authorization Policies
322(2)
Create the Rule to Redirect Users to the CWA Portal
323(1)
Create the Rules to Authorize Users Who Authenticate via CWA
323(1)
Verifying Centralized Web Authentication
324(7)
Check the Experience from the Client
324(3)
Verify CWA Through the ISE UI
327(1)
Check Live Log
327(1)
Check the NAD
327(1)
Show Commands on the Wired Switch
328(1)
Viewing the Client Details on the WLC
329(2)
Exam Preparation Tasks
331(1)
Review All Key Topics
331(1)
Define Key Terms
331(1)
Q&A
332(2)
Chapter 13 Guest Services
334(68)
"Do I Know This Already?" Quiz
334(3)
Foundation Topics
337(1)
Guest Services Overview
337(4)
Portals, Portals, and More Portals!
341(10)
Guest Portal Types
341(1)
Hotspot Guest Portal
342(1)
Self-Registered Guest Portal
342(1)
Sponsored Guest Portal
342(1)
Guest Types
343(1)
Contractor
344(2)
Daily
346(1)
Weekly
347(1)
Social
348(1)
Guest Portals and Authorization Policy Rules
348(3)
Configuring Guest Portals and Authorization Rules
351(30)
Configuring a Hotspot Guest Portal
351(1)
Portal Behavior and Flow' Settings
351(7)
Portal Page Customization
358(4)
Authorization Rule Configuration
362(3)
Configuring a Self-Registered Guest Portal
365(1)
Portal Settings
366(1)
Login Page Settings
367(1)
Registration Form Settings
368(3)
Self-Registration Success
371(1)
Guest Change Password Settings and Guest Device Registration Settings
371(1)
BYOD Settings
372(1)
Guest Device Compliance Settings
373(1)
Authorization Rule Configuration
373(7)
Configuring a Sponsored Guest Portal
380(1)
Sponsors
381(13)
Sponsor Groups
381(3)
Sponsor Portals
384(1)
Portal Settings
385(1)
Login Settings and AUP Page Settings
386(1)
The Remaining Settings
387(1)
Notification Services
388(1)
SMTP Servers
388(1)
SMS Gateway Providers
388(1)
Provisioning Guest Accounts from a Sponsor Portal
389(5)
SAML Authentication
394(6)
Call to Action
400(1)
Exam Preparation Tasks
400(1)
Review All Key Topics
400(1)
Define Key Terms
401(1)
Q&A
401(1)
Chapter 14 Profiling
402(58)
"Do I Know This Already?" Quiz
402(2)
Foundation Topics
404(1)
ISE Profiler
404(20)
Anomalous Behaviour
406(3)
Cisco ISE Probes
409(1)
Probe Configuration
409(2)
DHCP and DHCPSPAN
411(3)
RADIUS
414(1)
Network Scan (Nmap)
415(2)
DNS
417(1)
SNMPQUERY and SNMPTRAP
417(2)
NETFLOW
419(1)
HTTP Probe
420(2)
Active Directory Probe
422(1)
pxGrid Probe
423(1)
Infrastructure Configuration
424(5)
DHCP Helper
424(1)
SPAN Configuration
424(1)
VLAN Access Control Lists (VACLs)
425(1)
Device Sensor
426(1)
VMware Configurations to Allow Promiscuous Mode
427(2)
Profiling Policies
429(13)
Profiling Feed Service
429(1)
Configuring the Profiler Feed Service
429(1)
Verifying the Profiler Feed Service
429(2)
Endpoint Profile Policies
431(10)
Logical Profiles
441(1)
ISE Profiler and CoA
442(8)
Global CoA
442(1)
Per-Profile CoA
443(1)
Global Profiler Settings
444(1)
Configure SNMP Settings for Probes
444(1)
Endpoint Attribute Filtering
444(1)
Custom Attributes for Profiling
445(5)
Publishing Endpoint Probe Data on pxGrid
450(1)
Profiles in Authorization Policies
450(4)
Endpoint Identity Groups
450(3)
EndPointPolicy
453(1)
Verify Profiling
454(4)
The Dashboard
454(1)
Global Search
454(1)
Endpoint Identities
455(2)
Device Sensor show Commands
457(1)
Exam Preparation Topics
458(1)
Review All Key Topics
458(1)
Define Key Terms
458(1)
Q&A
458(2)
Part IV Advanced Secure Network Access
Chapter 15 Certificate-Based Authentication
460(22)
"Do I Know This Already?" Quiz
460(3)
Foundation Topics
463(1)
Certificate Authentication Primer
463(6)
Determine If a Trusted Authority Has Signed the Digital Certificate
463(2)
Examine Both the Start and End Dates to Determine If the Certificate Has Expired
465(1)
Verify If the Certificate Has Been Revoked
466(2)
Validate That the Client Has Provided Proof of Possession
468(1)
A Common Misconception About Active Directory
469(1)
EAP-TLS
470(1)
Configuring ISE for Certificate-Based Authentications
470(9)
Validate Allowed Protocols
470(1)
Certificate Authentication Profile
471(1)
Verify the Authentication Policy Is Using the CAP
472(2)
Authorization Policies
474(1)
Ensure the Client Certificates Are Trusted
475(1)
Import the Certificate Authority's Public Certificate
476(2)
Configure Certificate Status Verification (Optional)
478(1)
Exam Preparation Tasks
479(1)
Review All Key Topics
479(1)
Define Key Terms
480(1)
Q&A
480(2)
Chapter 16 Bring Your Own Device
482(66)
"Do I Know This Already?" Quiz
483(2)
Foundation Topics
485(1)
BYOD Challenges
485(2)
Onboarding Process
487(2)
BYOD Onboarding
487(1)
Dual SSID
487(1)
Single SSID
488(1)
Configuring NADs for Onboarding
489(6)
Configuring a WLC for Dual SSID Onboarding
489(1)
Review of the WLAN Configuration
490(2)
Verify the Required ACLs
492(3)
ISE Configuration for Onboarding
495(28)
The End-User Experience
496(1)
Single SSID with Apple iOS Example
496(7)
Dual SSID with Android Example
503(5)
Unsupported Mobile Device: BlackBerry Example
508(2)
Configuring ISE for Onboarding
510(1)
Creating the Native Supplicant Profile
510(2)
Configure the Client Provisioning Policy
512(2)
Configure the WebAuth
514(1)
Verify Default Unavailable Client Provisioning Policy Action
515(1)
Create the Authorization Profiles
516(1)
Create the Authorization Rules for Onboarding
517(1)
Create the Authorization Rules for the EAP-TLS Authentications
518(1)
ISE as a Certificate Authority
519(1)
Configuring SCEP
520(1)
Configuring ISE as an Intermediate CA
521(2)
BYOD Onboarding Process Detailed
523(11)
iOS Onboarding Flow
523(1)
Phase 1 Device Registration
523(2)
Phase 2 Device Enrollment
525(1)
Phase 3 Device Provisioning
526(1)
Android Flow
526(1)
Phase 1 Device Registration
526(2)
Phase 2 NSP App Download App
528(1)
Phase 3 Device Provisioning
529(2)
Windows and macOS Flow
531(1)
Phase 1 Device Registration
531(1)
Phase 2 Device Provisioning
532(2)
Verifying BYOD Flows
534(1)
RADIUS Live Logs
534(1)
Reports
534(1)
Identity Group
535(1)
MDM Onboarding
535(7)
Integration Points
536(1)
Configuring MDM Integration
537(2)
Configuring MDM Onboarding Rules
539(1)
Create the Authorization Profile
539(1)
Create the Authorization Rules
540(2)
Managing Endpoints
542(3)
Self-Management
543(2)
Administrative Management
545(1)
The Opposite of BYOD: Identify Corporate Systems
545(1)
Exam Preparation Topics
546(1)
Review All Key Topics
547(1)
Define Key Terms
547(1)
Q&A
547(1)
Chapter 17 TrustSec and MACsec
548(78)
"Do I Know This Already?" Quiz
548(3)
Foundation Topics
551(1)
Ingress Access Control Challenges
551(4)
VLAN Assignment
551(2)
Ingress Access Control Lists
553(1)
East-West Segmentation
554(1)
What Is TrustSec?
555(1)
What Is a Security Group Tag?
556(1)
What Is the TrustSec Architecture?
557(1)
TrustSec-Enabled Network Access Devices
558(8)
Defining the TrustSec Settings for a Network Access Device
559(1)
Configuring an IOS XE Switch for TrustSec
560(4)
Configuring an ASA for TrustSec
564(2)
Network Device Admission Control (NDAC)
566(6)
Configuring the Seed Device
566(1)
Configuring the Non-Seed Device
567(5)
Defining the SGTs
572(3)
Classification
575(6)
Dynamically Assigning SGT via 802.1X
577(1)
Manually Assigning SGTs to a Port
577(1)
Manually Binding IP Addresses to SGTs in ISE
578(2)
Access-Layer Devices That Do Not Support SGTs
580(1)
Mapping a Subnet to an SGT
580(1)
Mapping a VLAN to an SGT
580(1)
Transport: SGT Exchange Protocol (SXP)
581(12)
SXP Design
582(2)
Configuring SXP on ISE
584(3)
Configuring SXP on IOS Devices
587(3)
Configuring SXP on Wireless LAN Controllers
590(1)
Configuring SXP on Cisco ASA
591(1)
Verifying SXP Connections in ASDM
592(1)
Transport: Native Tagging
593(4)
Configuring Native SGT Propagation (Tagging)
594(1)
Configuring Manual SGT Propagation on Cisco IOS XE Switches
595(2)
Enforcement
597(16)
SGACL
597(4)
Configuring Security Group ACLs
601(3)
TrustSec Policy Matrix
604(1)
Configuring the TrustSec Policy Matrix
605(6)
Security Group Firewalls
611(1)
Security Group Firewall on the ASA
612(1)
Security Group Firewall on the Firepower
612(1)
Security Group Firewall on the ISR and ASR
613(1)
Software-Defined Access (SD-Access)
613(1)
MACsec
614(9)
Downlink MACsec
616(2)
Switch Configuration Modes
618(1)
ISE Configuration
619(1)
Uplink MACsec
619(1)
Manually Configuring Uplink MACsec
620(2)
Verifying the Manual Configuration
622(1)
Exam Preparation Tasks
623(1)
Review All Key Topics
623(1)
Define Key Terms
623(1)
Q&A
624(2)
Chapter 18 Posture Assessment
626(88)
"Do I Know This Already?" Quiz
626(3)
Foundation Topics
629(1)
Posture Assessment with ISE
629(7)
A Bit of a History Lesson
629(4)
ISE Posture Flows
633(3)
Configuring Posture
636(59)
Update the Compliance Modules
637(1)
Configure Client Provisioning
638(1)
Protect Your Sanity
638(2)
Download AnyConnect
640(2)
Upload AnyConnect Headend Deployment Packages to ISE
642(8)
Configure the Client Provisioning Portal
650(2)
Configure the Client Provisioning Policy
652(1)
Configuring Posture Policy Elements
653(1)
Conditions
654(25)
Remediations
679(8)
Requirements
687(1)
Configure Posture Policies
688(2)
Other Important Posture Settings
690(1)
Posture Lease
691(1)
Cache Last Known Posture Compliant Status
691(1)
Reassessment Configurations
691(2)
Authorization Rules
693(1)
Create an Authorization Profile for Redirection
693(1)
Create the Authorization Rules
694(1)
The Endpoint Experience
695(12)
Scenario 1 AnyConnect Not Installed on Endpoint Yet
696(4)
Scenario 2 AnyConnect Already Installed, Endpoint Not Compliant
700(3)
Scenario 3 Stealth Mode
703(2)
Scenario 4 Temporal Agent and Posture Compliant
705(2)
Mobile Posture
707(6)
Create Mobile Posture Authorization Conditions
709(1)
Create Mobile Posture Authorization Rules
710(3)
Exam Preparation Tasks
713(1)
Review All Key Topics
713(1)
Define Key Terms
713(1)
Q&A
713(1)
Part V Safely Deploying in the Enterprise
Chapter 19 Deploying Safely
714(20)
"Do I Know This Already?" Quiz
714(3)
Foundation Topics
717(1)
Why Use a Phased Approach?
717(2)
Comparing authentication open to Standard 802.1X
719(1)
Prepare ISE for a Staged Deployment
720(2)
Monitor Mode
722(3)
Low-Impact Mode
725(3)
Closed Mode
728(2)
Transitioning from Monitor Mode to Your End State
730(1)
Wireless Networks
731(1)
Exam Preparation Tasks
731(1)
Review All Key Topics
731(1)
Q&A
732(2)
Chapter 20 ISE Scale and High Availability
734(30)
"Do I Know This Already?" Quiz
734(3)
Foundation Topics
737(1)
Configuring ISE Nodes in a Distributed Environment
737(6)
Make the First Node a Primary Device
738(1)
Registering an ISE Node to the Deployment
739(3)
Ensure That the Persona of Each Node Is Accurate
742(1)
Understanding the High Availability Options Available
743(8)
Primary and Secondary Nodes
743(1)
Monitoring and Troubleshooting Nodes
743(2)
Policy Administration Nodes
745(1)
Promoting the Secondary PAN to Primary
745(1)
Auto PAN Switchover
745(1)
Configuring Automatic Failover for the Primary PAN
746(1)
Licensing in a Multi-Node ISE Cube
747(1)
Node Groups
748(2)
Add the Policy Services Nodes to the Node Group
750(1)
Using Load Balancers
751(6)
General Guidelines
752(1)
Failure Scenarios
753(1)
Anycast High Availability for ISE PSNs
753(3)
IOS Load Balancing
756(1)
Maintaining ISE Deployments
757(4)
Patching ISE
757(2)
Backup and Restore
759(2)
Exam Preparation Tasks
761(1)
Review All Key Topics
761(1)
Define Key Term
761(1)
Q&A
762(2)
Chapter 21 Troubleshooting Tools
764(54)
"Do I Know This Already?" Quiz
764(2)
Foundation Topics
766(1)
Logging
766(19)
Live Log
766(5)
Advanced Filtering
771(1)
Authentication Details Report
771(3)
The Blank Lines
774(2)
Live Sessions
776(1)
Logging and Remote Logging
777(1)
Logging Targets
777(1)
Logging Categories
778(1)
Debug Logs
779(1)
Downloading Debug Logs from the GUI
780(1)
Viewing Log Files from the CLI
781(1)
Support Bundles
782(3)
Diagnostic Tools
785(19)
RADIUS Authentication Troubleshooting Tool
785(2)
Execute Network Device Command
787(1)
Evaluate Configuration Validator
788(6)
Posture Troubleshooting
794(2)
Endpoint Debug
796(2)
TCP Dump
798(3)
Session Trace Tests
801(3)
Troubleshooting Methodology
804(4)
Log De-duplication
805(2)
The USERNAME User
807(1)
Troubleshooting Outside of ISE
808(7)
Endpoint Diagnostics
809(1)
Cisco AnyConnect Diagnostics and Reporting Tool (DART)
809(3)
Supplicant Provisioning Logs
812(1)
Network Device Troubleshooting
812(1)
Show Authentication Session Interface
812(1)
Viewing Client Details on the WLC
813(2)
Debug Commands
815(1)
Exam Preparation Tasks
815(1)
Review All Key Topics
815(1)
Q&A
816(2)
Part VI Extending Secure Access Control
Chapter 22 ISE Context Sharing and Remediation
818(50)
"Do I Know This Already?" Quiz
818(2)
Foundation Topics
820(1)
Integration Types in the ISE Ecosystem
820(5)
MDM Integration
820(1)
Rapid Threat Containment
821(3)
Platform Exchange Grid
824(1)
pxGrid
825(42)
pxGrid in Action
826(1)
Context-In
827(1)
Configuring ISE for pxGrid
828(3)
Configuring pxGrid Participants
831(1)
Configuring Firepower Management Center for Identity with pxGrid
831(19)
Configuring the Web Security Appliance
850(7)
Integrating Stealthwatch and ISE
857(10)
Exam Preparation Tasks
867(1)
Review All Key Topics
867(1)
Define Key Terms
867(1)
Q&A
867(1)
Chapter 23 Threat Centric NAC
868(38)
"Do I Know This Already?" Quiz
868(3)
Foundation Topics
871(1)
Vulnerabilities and Threats, Oh My!
871(1)
Integrating Vulnerability Assessment Sources
872(18)
TC-NAC Flows
873(1)
Enable TC-NAC
874(4)
Configure the Integration with a Vulnerability Assessment Vendor
878(6)
Authorization Profile and Authorization Rules
884(3)
Seeing TC-NAC with Vulnerability Scanners in Action
887(1)
Verifying What Happened
888(2)
Integrating with Threat Sources
890(14)
Cognitive Threat Analytics (CTA)
890(2)
Create a CTA STIX/TAXII API Account
892(2)
Create a CTA Integration for TC-NAC
894(2)
Using CTA with Authorization
896(1)
AMP for Endpoints
897(2)
Normalized Events
899(1)
Configuring the AMP Adapter
900(4)
Exam Preparation Tasks
904(1)
Review All Key Topics
904(1)
Define Key Terms
905(1)
Q&A
905(1)
Part VII Device Administration AAA
Chapter 24 Device Administration AAA with ISE
906(24)
"Do I Know This Already?" Quiz
906(3)
Foundation Topics
909(1)
Device Administration AAA Refresher
909(1)
Device Administration in ISE
910(7)
Device Administration Design
911(1)
Large Deployments
912(1)
Medium Deployments
913(1)
Small Deployments
913(1)
Enabling TACACS+ in ISE
914(2)
Network Devices
916(1)
Device Administration Global Settings
917(2)
Connection Settings
918(1)
Password Change Control
918(1)
Session Key Assignment
918(1)
Device Administration Work Center
919(9)
Identities
920(1)
Network Resources
921(1)
Policy Elements
922(1)
TACACS Command Sets
922(1)
TACACS Profiles
923(2)
Policy Sets
925(2)
Reports
927(1)
Exam Preparation Tasks
928(1)
Review All Key Topics
928(1)
Q&A
928(2)
Chapter 25 Configuring Device Administration AAA with Cisco IOS
930(38)
"Do I Know This Already?" Quiz
930(2)
Foundation Topics
932(1)
Overview of IOS Device Administration AAA
932(4)
TACACS Profile
932(2)
TACACS+ Command Sets
934(2)
Configure ISE and an IOS Device for Device Administration AAA
936(15)
Prepare ISE for IOS Device Administration AAA
937(1)
Ensure That the Device Administration Service Is Enabled
937(1)
Prepare the Network Device
937(2)
Prepare the Policy
939(1)
Configure the TACACS Profiles
939(2)
Configure the TACACS Command Sets
941(2)
Configure the Policy Set
943(3)
IOS Configuration for TACACS+
946(1)
Configure TACACS+ Authentication and Fallback
946(2)
Configure TACACS+ Command Authorization
948(3)
Configure TACACS+ Command Accountings
951(1)
Testing and Troubleshooting
951(15)
Testing and Troubleshooting in ISE
952(2)
Troubleshooting at the IOS Command Line
954(12)
Exam Preparation Tasks
966(1)
Review All Key Topics
966(1)
Define Key Terms
967(1)
Q&A
967(1)
Chapter 26 Configuring Device Admin AAA with the Cisco WLC
968(20)
"Do I Know This Already?" Quiz
968(3)
Foundation Topics
971(1)
Overview of WLC Device Administration AAA
971(1)
Configure ISE and the WLC for Device Administration AAA
972(9)
Prepare ISE for WLC Device Administration AAA
972(1)
Prepare the Network Device
972(2)
Prepare the Policy Results
974(3)
Configure the Policy Set
977(2)
Adding ISE to the WLC TACACS+ Servers
979(2)
Testing and Troubleshooting
981(5)
Exam Preparation Tasks
986(1)
Review All Key Topics
986(1)
Q&A
987(1)
Part VIII Final Preparation
Chapter 27 Final Preparation
988(3)
Hands-on Activities
988(1)
Suggested Plan for Final Review and Study
988(1)
Summary
989(2)
Part IX Appendixes
Glossary of Key Terms
991(11)
Appendix A Answers to the "Do I Know This Already?" Quizzes and Q&A Sections 1002(30)
Appendix B CCNP Security Implementing and Configuring Cisco Identity Services Engine (SISE 300-715) Exam Updates 1032(2)
Appendix C Sample Switch Configurations 1034(28)
Index 1062
Online Element
Appendix D Study Planner
Aaron Woland, CCIE No. 20113, is a Principal Engineer in Ciscos Advanced Threat Security & Integrations group and works with Ciscos Largest Customers all over the world. His primary job responsibilities include security design, solution enhancements, standards development, advanced threat solution design, endpoint security, and futures. Aaron joined Cisco in 2005 and is currently a member of numerous security advisory boards and standards body working groups. Prior to joining Cisco, Aaron spent 12 years as a Consultant and Technical Trainer.

Aarons other publications include Integrated Security Technologies and Solutions, Volume I; both Volumes I and II of the Cisco ISE for BYOD and Secure Unified Access book; the All-in-one Cisco ASA Firepower Services, NGIPS and AMP book; the CCNP Security SISAS 300-208 Official Cert Guide; the CCNA Security 210-260 Complete Video Course; and many published white papers and design guides. Aaron is one of only five inaugural members of the Hall of Fame Elite for Distinguished Speakers at Cisco Live and is a security columnist for Network World where he blogs on all things related to security. His other certifications include GHIC, GCFE, GSEC, Certified Ethical Hacker, MCSE, VCP, CCSP, CCNP, CCDP, and many other industry certifications.

You can follow Aaron on Twitter: @aaronwoland.

Katherine McNamara, CCIE No. 50931, is a Cybersecurity Technical Solutions Architect at Cisco Systems and has worked with large enterprise and public sector customers. Katherine joined Cisco in 2014 and has worked in IT since 2007 in multiple networking and security roles. She graduated with a Bachelor of Science in IT Security and a Master of Science in Information Security and Assurance. Her many certifications include CCIE Data Center, CCIE Security, MCSE, VCP, CISSP, CCNP, CCDP, and more.

Outside of her day job, she runs a blog called network-node.com, which provides training articles and videos about Cisco Security products. She also helps co-organize the largest Cisco study Meetup group in the world named Routergods.

You can follow Katherine on Twitter: @kmcnam1
Lisainfo e-raamatute kohta Lisainfo e-raamatute kohta
Püsilink: https://www.kriso.ee/db/97801366777346e.html
Märksõnad: