Which two combinations of nodes are allowed in a Cisco ISE distributed deployment?
A. ISE cluster with eight nodes
B. Pair of passive ISE nodes for automatic failover
C. One or more policy service ISE nodes for session failover standalone
D. Primary and second administration ISE nodes for high availability
E. Active and standby ISE notes for high availability
I would concur with Lblc for CD. If you choose A you are hard setting the total nodes to 8 which is not true as you can scale up to 40 depending on your design and scale.
In C for “standalone” they most likely mean that the each node is only running the PSN service and nothing else (i.e. standalone).
A and D
in ISE 2.2 you can scale to 40 PSNs so 8 nodes is acceptable
https://community.cisco.com/t5/security-documents/ise-performance-amp-scale/ta-p/3642148#toc-hId–1992574445
Its not B or E. There is no such thing as a passive or standby node. Just Secondary
The word standalone in C makes me eliminate this as an option
C and D
In a distributed deployment, you can have the following combination of nodes on your network:
Primary and secondary Administration nodes for high availability
A single or a pair of non-administration nodes for health check of Administration nodes for automatic failover
A pair of health check nodes or a single health check node for Primary Administration Node (PAN) automatic failover
One or more Policy Service Nodes (PSN) for session failover
https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ise_admin_guide_24/b_ise_admin_guide_24_new_chapter_011.html
B is not correct as there can only be single “passive” node as it is node monitoring Secondary PAN.
The health check node for Primary PAN is called the active health check node. The health check node for Secondary PAN is called the passive health check node. The active health check node is responsible for checking status of Primary PAN, and managing the automatic failover of Administration nodes. We recommended using two non-administration ISE nodes as health check nodes, one for the Primary and one for the Secondary PAN. IF you use only one health check node, and that node goes down, automatic failover will not happen.
https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_010.html