Domain Written Exam Written Exam

Domain
Number Percentage (%) Study hours
1 Perimeter Security and Intrusion Prevention 21
2 Advanced Threat Protection and Content Security 17
3 Secure Connectivity and Segmentation 17
4 Identity Management, Information Exchange, and Access Control 22
5 Infrastructure Security, Virtualization, and Automation 13
6 Evolving Technologies 10
Total 100
 Lab Exam LAB Exam
Percentage (%) Study hours
23
19
19
24
15
N/A
100
Identity Management, Information Exchange, and Access Control

Task ID

4.1

4.2

4.3

4.4

4.5

4.6

4.7

4.8

4.9

4.1

4.11

4.12

4.13

4.14

4.15
4.16

4.17

4.18
Identity Management, Information Exchange, and Access Control

Task

Describe, implement, and troubleshoot various personas of ISE in a multinode deployment

Describe, implement, and troubleshoot network access device (NAD), ISE, and ACS configuration for AAA

Describe, implement, and troubleshoot AAA for administrative access to Cisco network devices using ISE and ACS

Describe, implement, verify, and troubleshoot AAA for network access with 802.1X and MAB using ISE.

Describe, implement, verify, and troubleshoot cut-through proxy/auth-proxy using ISE as the AAA server

Describe, implement, verify, and troubleshoot guest life cycle management using ISE and Cisco network
infrastructure

Describe, implement, verify, and troubleshoot BYOD on-boarding and network access flows with an internal or
external CA

Describe, implement, verify, and troubleshoot ISE and ACS integration with external identity sources such as LDAP
AD, and external RADIUS

Describe ISE and ACS integration with external identity sources such as RADIUS Token, RSA SecurID, and SAML

Describe, implement, verify, and troubleshoot provisioning of AnyConnect with ISE and ASA

Describe, implement, verify, and troubleshoot posture assessment with ISE

Describe, implement, verify, and troubleshoot endpoint profiling using ISE and Cisco network infrastructure includi
device sensor

Describe, implement, verify, and troubleshoot integration of MDM with ISE

Describe, implement, verify, and troubleshoot certificate based authentication using ISE

Describe, implement, verify, and troubleshoot authentication methods such as EAP Chaining and Machine Access
Restriction (MAR)
Describe the functions and security implications of AAA protocols such as RADIUS, TACACS+, LDAP/LDAPS, EAP
(EAP-PEAP, EAP-TLS, EAP-TTLS, EAP-FAST, EAP-TEAP, EAP-MD5, EAP-GTC), PAP, CHAP, and MS-CHAPv2

Describe, implement, and troubleshoot identity mapping on ASA, ISE, WSA and FirePOWER

Describe, implement, and troubleshoot pxGrid between security devices such as WSA, ISE, and Cisco FMC
Cisco Configuration Guide

http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/installation_guide/b_ise_InstallationGuide13/b_ise_InstallationGuide

http://www.cisco.com/c/en/us/td/docs/security/ise/2-0/admin_guide/b_ise_admin_guide_20.html

AAA Identity Management Security (ISBN-10: 1587141442)

http://www.cisco.com/c/en/us/support/security/identity-services-engine/products-configuration-examples-list.html

Cisco ISE for BYOD and Secure Unified Access (ISBN-10: 1-58714-325-9)

http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_man_id_stores.html

http://www.kovacevic.be/c/en/us/td/docs/security/ise/2-0/admin_guide/b_ise_admin_guide_20.pdf

http://www.cisco.com/c/en/us/support/security/anyconnect-secure-mobility-client/products-configuration-examples-list.html

http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/116143-config-cise-posture-00.html

http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_man_id_stores.html
http://www.cisco.com/c/dam/en/us/td/docs/security/ise/how_to/HowTo-88-Configuring-pxGrid-in-an-ISE-Distributed-Environ

https://communities.cisco.com/servlet/JiveServlet/downloadBody/68284-102-1-125501/How-To_88_Configuring_pxGrid_in_a
Cisco Docs

http://www.cisco.com/c/en/us/td/docs/security/ise/2-0/ise_active_directory_integration/b_ISE_AD_integration_20.html

http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/identity-based-networking-services/config_guide_c17-6

http://www.cisco.com/c/dam/global/cs_cz/assets/expo2012/pdf/T_SECA4_ISE_Posture_Gorgy_Acs.pdf

http://www.cisco.com/c/dam/en/us/td/docs/security/ise/how_to/HowTo-66-MDM-Goods.pdf

http://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/design-zone-security/howto_60_byod_certificates.pdf
https://developer.cisco.com/fileMedia/download/63e057cc-beb1-4f66-9836-68d3391f7f0a
Cisco Live Sessions Webinars YouTube

https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=90093&tclass=popup

https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=90044&tclass=popup
Books

1. AAA Identity Management Security (ISBN-10: 1587141442)

Domain 4: Identity Management, Information Exchnage and
Access Control (Chapter 1 to 15)

2. Cisco ISE for BYOD and Secure Unified Access (ISBN-10: 1-58714-
325-9)
Domain 4: Identity Management, Information Exchnage and
Access Control (Chapter 1 to 7)