Professional Documents
Culture Documents
Domain
Number Percentage (%) Study hours
1 Perimeter Security and Intrusion Prevention 21
2 Advanced Threat Protection and Content Security 17
3 Secure Connectivity and Segmentation 17
4 Identity Management, Information Exchange, and Access Control 22
5 Infrastructure Security, Virtualization, and Automation 13
6 Evolving Technologies 10
Total 100
Lab Exam LAB Exam
Percentage (%) Study hours
23
19
19
24
15
N/A
100
Identity Management, Information Exchange, and Access Control
Task ID
4.1
4.2
4.3
4.4
4.5
4.6
4.7
4.8
4.9
4.1
4.11
4.12
4.13
4.14
4.15
4.16
4.17
4.18
Identity Management, Information Exchange, and Access Control
Task
Describe, implement, and troubleshoot network access device (NAD), ISE, and ACS configuration for AAA
Describe, implement, and troubleshoot AAA for administrative access to Cisco network devices using ISE and ACS
Describe, implement, verify, and troubleshoot AAA for network access with 802.1X and MAB using ISE.
Describe, implement, verify, and troubleshoot cut-through proxy/auth-proxy using ISE as the AAA server
Describe, implement, verify, and troubleshoot guest life cycle management using ISE and Cisco network
infrastructure
Describe, implement, verify, and troubleshoot BYOD on-boarding and network access flows with an internal or
external CA
Describe, implement, verify, and troubleshoot ISE and ACS integration with external identity sources such as LDAP
AD, and external RADIUS
Describe ISE and ACS integration with external identity sources such as RADIUS Token, RSA SecurID, and SAML
Describe, implement, verify, and troubleshoot provisioning of AnyConnect with ISE and ASA
Describe, implement, verify, and troubleshoot endpoint profiling using ISE and Cisco network infrastructure includi
device sensor
Describe, implement, verify, and troubleshoot certificate based authentication using ISE
Describe, implement, verify, and troubleshoot authentication methods such as EAP Chaining and Machine Access
Restriction (MAR)
Describe the functions and security implications of AAA protocols such as RADIUS, TACACS+, LDAP/LDAPS, EAP
(EAP-PEAP, EAP-TLS, EAP-TTLS, EAP-FAST, EAP-TEAP, EAP-MD5, EAP-GTC), PAP, CHAP, and MS-CHAPv2
Describe, implement, and troubleshoot identity mapping on ASA, ISE, WSA and FirePOWER
Describe, implement, and troubleshoot pxGrid between security devices such as WSA, ISE, and Cisco FMC
Cisco Configuration Guide
http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/installation_guide/b_ise_InstallationGuide13/b_ise_InstallationGuide
http://www.cisco.com/c/en/us/td/docs/security/ise/2-0/admin_guide/b_ise_admin_guide_20.html
http://www.cisco.com/c/en/us/support/security/identity-services-engine/products-configuration-examples-list.html
Cisco ISE for BYOD and Secure Unified Access (ISBN-10: 1-58714-325-9)
http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_man_id_stores.html
http://www.kovacevic.be/c/en/us/td/docs/security/ise/2-0/admin_guide/b_ise_admin_guide_20.pdf
http://www.cisco.com/c/en/us/support/security/anyconnect-secure-mobility-client/products-configuration-examples-list.html
http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/116143-config-cise-posture-00.html
http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_man_id_stores.html
http://www.cisco.com/c/dam/en/us/td/docs/security/ise/how_to/HowTo-88-Configuring-pxGrid-in-an-ISE-Distributed-Environ
https://communities.cisco.com/servlet/JiveServlet/downloadBody/68284-102-1-125501/How-To_88_Configuring_pxGrid_in_a
Cisco Docs
http://www.cisco.com/c/en/us/td/docs/security/ise/2-0/ise_active_directory_integration/b_ISE_AD_integration_20.html
http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/identity-based-networking-services/config_guide_c17-6
http://www.cisco.com/c/dam/global/cs_cz/assets/expo2012/pdf/T_SECA4_ISE_Posture_Gorgy_Acs.pdf
http://www.cisco.com/c/dam/en/us/td/docs/security/ise/how_to/HowTo-66-MDM-Goods.pdf
http://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/design-zone-security/howto_60_byod_certificates.pdf
https://developer.cisco.com/fileMedia/download/63e057cc-beb1-4f66-9836-68d3391f7f0a
Cisco Live Sessions Webinars YouTube
https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=90093&tclass=popup
https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=90044&tclass=popup
Books
2. Cisco ISE for BYOD and Secure Unified Access (ISBN-10: 1-58714-
325-9)
Domain 4: Identity Management, Information Exchnage and
Access Control (Chapter 1 to 7)