A security engineer is deploying Cisco ISE for a company’s guest user services. Drag and drop the Cisco ISE persona on the left onto its function on the right.
Select and Place:
A security engineer is deploying Cisco ISE for a company’s guest user services. Drag and drop the Cisco ISE persona on the left onto its function on the right.
Inline Posture Node – Must be dedicated solely on its function.
https://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_ipep_deploy.html#84523
Note that there is no concept of primary or secondary role with the policy service persona.
Reference: https://i.imgur.com/m6T7OeU.png
Note that there is no concept of primary or secondary role with the policy service persona. Policy service nodes play the role of RADIUS server to the NADs in the deployment. A particular NAD may be configured to assign a higher priority to one policy service node over another, but the policy service nodes themselves are unaware of the perspective of the NAD.
Reference: https://i.imgur.com/5ZPxdta.png
Reference: https://i.imgur.com/m6T7OeU.png
Correct answer is : https://i.imgur.com/Q3S8m9L.png
The posture service has three main functional areas:
Client provisioning: Client provisioning automates network access control agent deployment by pushing the software to endpoints that do not have the required version of the expected network access control agent. The client provisioning is facilitated by the client provisioning portal.
Posture policy: Posture policy defines the terms compliant and noncompliant in a specific company policy. For example, compliance may mean a certain version of antivirus and antispyware software that is installed on the endpoint.
Authorization policy: The authorization policy is implemented in a way that reflects the noncompliant and compliant states of the endpoints. The authorization policy will enforce stricter security policy on noncompliant endpoints and grant more privileges to compliant endpoints. If the endpoint status is unknown, the authorization policy will redirect the traffic to the client provisioning portal.
Administration persona: This persona is the interface for configuring policies. This persona is the control center in the Cisco ISE deployment, and it also controls the licensing and contains the user interface. The administration persona is also responsible for pushing the configurations out to other nodes in a distributed deployment. Nodes that implement the administration persona are often referred to as admin nodes.
Policy service persona: This persona is the engine that makes policy decisions. This persona is the main runtime engine that processes all the network messaging that pertains to the Cisco ISE deployment. This massaging includes DHCP, Cisco Discovery Protocol, NetFlow, and RADIUS, among others. Nodes that implement the policy service persona are often referred to as policy service nodes.
Monitoring persona: This persona is the interface for logging and report data. This engine collects all logs and correlates them. In addition, it is used to generate reports and any alarms for the Cisco ISE system. Nodes that implement the monitoring persona are often referred to as monitoring nodes.
Reference: https://i.imgur.com/5ZPxdta.png
https://i.imgur.com/m6T7OeU.png