Cisco 500-490 Dumps

 Cisco ISE is a comprehensive solution that enables enterprises to enforce consistent and secure access policies across wired, wireless, and VPN connections. It also provides visibility, control, and automation for the network devices, endpoints, users, and applications. To sell Cisco ISE effectively, it is important to highlight the benefits and features of the solution that address the customer’s pain points and needs. Among the options given, two options help you sell Cisco ISE:

Showcasing the entire ISE feature set: ISE has a rich and diverse feature set that covers various use cases, such as device management, asset visibility, software-defined segmentation, software-defined access, guest and wireless access, BYOD, posture assessment, threat detection and response, and more1. By showcasing the entire ISE feature set, you can demonstrate the value proposition and differentiation of ISE from other solutions, and how it can help the customer achieve their business and technical goals.

Explaining ISE support for 3rd party network devices: ISE is not limited to Cisco networks only. It can also support 3rd party network devices that comply with the standard protocols and interfaces, such as RADIUS, SNMP, TACACS+, 802.1X, MAB,CoA, and EAP2. By explaining ISE support for 3rd party network devices, you can show the customer that ISE is a flexible and interoperable solution that can work with their existing network infrastructure, and that they do not need to replace their non-Cisco devices to deploy ISE.

The other three options are not helpful for selling Cisco ISE:

Referring to TrustSec as being only supported on Cisco networks: TrustSec is a Cisco technology that enables software-defined segmentation based on security group tags (SGTs) and security group access control lists (SGACLs)3. TrustSec is not only supported on Cisco networks, but also on 3rd party network devices that can integrate with ISE through pxGrid, which is a platform for sharing contextual information across multiple security products4. By referring to TrustSec as being only supported on Cisco networks, you can create a false impression that ISE is a proprietary and closed solution that requires a complete Cisco network overhaul, which can discourage the customer from adopting ISE.

Discussing the importance of custom profiling: Profiling is a feature of ISE that allows it to identify and classify the endpoints on the network based on their attributes, such as MAC address, IP address, device type, operating system, etc.5. Custom profiling is the ability to create custom profiles and policies for the endpoints that are not recognized by the default ISE profiles. While custom profiling is an important feature of ISE, it is not a key selling point, because it is a complex and time-consuming process that requires a deep understanding of the endpoint attributes and behaviors, and it may not be relevant or applicable for all customers. By discussing the importance of custom profiling, you can confuse or overwhelm the customer with technical details that are not essential for their use case, and divert their attention from the core benefits and features of ISE.

Downplaying the value of pxGrid as compared to RESTful APIs: pxGrid is a platform that enables ISE to share contextual information, such as identity, location, posture, device type, etc., with other security products, such as firewalls, SIEMs, threat detection systems, etc.4. RESTful APIs are a standard way of communicating with web services, such as ISE, using HTTP methods, such as GET, POST, PUT, DELETE, etc… Both pxGrid and RESTful APIs are valuable for ISE, because they provide different capabilities and benefits. pxGrid allows ISE to exchange real-time and bidirectional information with other security products, and to enforce consistent policies across the network4. RESTful APIs allow ISE to be integrated with external applications and systems, such as portals, dashboards, workflows, etc., and to automate and customize the network operations. By downplaying the value of pxGrid as compared to RESTful APIs, you can misrepresent the functionality and potential of ISE, and miss the opportunity to showcase how ISE can enhance the security and efficiency of the network.

References:

Cisco Identity Services Engine (ISE) Use Cases1 : Cisco Identity Services Engine Network Component Compatibility, Release 2.72 : Cisco TrustSec3 : Cisco pxGrid4 : Cisco ISE Network Discovery5 : Cisco Identity Services Engine Administrator Guide, Release 2.7 - Configure Custom Profiling Policies [Cisco Identity Services Engine] - Cisco : Cisco Identity Services Engine API Reference Guide, Release 2.7 - Cisco ISE REST APIs [Cisco Identity Services Engine] - Cisco

The three focus areas for reinventing the WAN are:

Secure Elastic Connectivity: This refers to the ability to provide secure and flexible connectivity to any application, anywhere, and anytime. Secure elastic connectivity enables the network to adapt to the changing business needs and user demands, while maintaining security and performance. Secure elastic connectivity leverages SD-WAN technologies, such as Cloud OnRamp, SASE, and ThousandEyes, to optimize the network path, encrypt the traffic, and monitor the end-to-end visibility across the WAN12.

Application Quality of Experience: This refers to the ability to ensure optimal and consistent user experience for any application, regardless of the network conditions. Application quality of experience uses SD-WAN technologies, such as vAnalytics, to measure and improve the application performance, availability, and reliability across the WAN3. Application quality of experience also uses intelligent policies and real-time analytics to prioritize the critical applications and steer the traffic to the best-performing path4.

Cloud First: This refers to the ability to embrace the cloud as the primary platform for delivering applications and services to the users. Cloud first enables the network to support the multicloud strategy and accelerate the cloud adoption. Cloud first leverages SD-WAN technologies, such as Cloud OnRamp, to simplify and automate the connectivity to the public cloud, SaaS, and cloud interconnect providers4. Cloud first also enables the network to operate as a cloud-native WAN overlay, using software-defined automation and orchestration tools5.

References:

Cisco SD-WAN Architecture Overview

SD-WAN and SASE: The new landscape of networking

Under the vAnalytics Hood: Enabling Total Network Visibility, Total Network Control

SD-WAN Capabilities - The New Landscape of Networking

Software-defined WAN (SD-WAN): the new landscape of networking

The 4 Focus areas for reinventing the WAN are:

• Secure Elastic Connectivity

• Cloud First

• Application Quality of Experience

• Agile Operations

<ui__urlRedirect=learning-activity-from-plan<ui__parentUrl=learning-activity-from-plan

<ui__urlRedirect=learning-activity-from-plan<ui__parentUrl=learning-activity-from-plan

 The vBond orchestrator is an SD-WAN router responsible for authenticating and orchestratingconnectivity between the vSmart controllers and SD-WAN routers. It is the sole device in the network that requires a public IP address for all SD-WAN devices to connect to it. The vBond orchestrator has three major functions:

Controller discovery: The vBond orchestrator acts as the initial point of contact for all SD-WAN components that join the network. It authenticates the devices using pre-installed credentials and assigns them to a vSmart controller. The vBond orchestrator also provides the IP addresses of the vSmart controllers and the vManage NMS to the SD-WAN routers.

NAT traversal: The vBond orchestrator facilitates the establishment of secure DTLS or TLS tunnels between the SD-WAN components that are behind NAT devices. The vBond orchestrator acts as a rendezvous point for the NATed devices and helps them exchange their public IP addresses and port numbers. The vBond orchestrator also performs NAT keepalive and hole punching to maintain the NAT bindings and prevent the NAT devices from timing out the sessions.

Certificate management: The vBond orchestrator acts as the certificate authority (CA) for the SD-WAN network. It generates and signs the certificates for the SD-WAN components and distributes them to the devices. The certificates are used to authenticate the devices and encrypt the control and data plane traffic.

References:

Cisco SD-WAN Architecture Overview

Cisco Catalyst SD-WAN Getting Started Guide

New Training: Identify Cisco SD-WAN Components

 SD-WAN demonstrations are an effective way to showcase the benefits and features of Cisco SD-WAN solutions to potential customers. However, not all demos are created equal, and there are some best practices to follow to ensure a successful and engaging demo. Here are some explanations for why C and E are true statements regarding SD-WAN demonstrations:

C. During a demo, you should consider the target audience and the desired outcome. This is a true statement because different audiences may have different levels of technical knowledge, business needs, and expectations from the demo. For example, a demo for a C-level executive may focus more on the business outcomes and value proposition of SD-WAN, while a demo for a network engineer may dive deeper into the technical details and configuration options. Therefore, it is important to tailor the demo to the specific audience and the desired outcome, such as generating interest, building trust, or closing a deal.

E. There is a big difference between demos that use a top down approach and demos that use a bottom up approach. This is also a true statement because the two approaches have different advantages and disadvantages, and may suit different scenarios. A top down approach starts with the high-level overview of the SD-WAN solution, such as the architecture, components, benefits, and use cases, and then drills down into the specific features and functionalities. A bottom up approach starts withthe low-level details of the SD-WAN solution, such as the configuration, troubleshooting, and testing, and then builds up to the big picture and value proposition. A top down approach may be more suitable for a non-technical or business-oriented audience, while a bottom up approach may be more suitable for a technical or hands-on audience.

References :=

Cisco SD-WAN Demonstration Guide

SD-WAN Best Practices | Kentik Blog

SD-WAN best practices for a successful implementation

SD-WAN best practices - VMware Blogs

Stay focused and develop a custom story guide taking into consideration the target audience, desired outcome and story to tell while demonstrating the Viptela solution capabilities Slide 151 = There is a big difference demoing using a top down vs. bottom up approach <ui__urlRedirect=learning-activity-from-plan<ui__parentUrl=learning-activity-from-plan

 Cisco ISE benefits our customers by providing network access control and helping them stop and contain real-time threats. Network access control is the ability to enforce policies on who and what can access the network, based on the identity and context of users, devices, and applications. Cisco ISE allows customers to authenticate, authorize, and audit network access, as well as to segment and isolate network traffic based on security and compliance requirements. Cisco ISE also helps customers stop and contain real-time threats by leveraging intel from across the network and security ecosystem, and by automating threat response actions. Cisco ISE can integrate with various security solutions, such as Cisco Stealthwatch, Cisco Firepower, and Cisco Umbrella, to detect and mitigate attacks on the network quickly and effectively. References:

Cisco Identity Services Engine (ISE) - Cisco1

Cisco Identity Services Engine (ISE) - Cisco2

Network Visibility and Segmentation (NVS) - Cisco3

Rapid Threat Containment - Cisco4

<ui__urlRedirect=learning-activity-from-plan<ui__parentUrl= Slide 3 - ISE is critical to your customer – • Visibility in to users, devices & applications • Access control and segmentation • Stop and contain threats in real-time

 Cisco ISE use cases can be classified into four categories: device management, asset visibility, software-defined segmentation, and software-defined access. Each of these use cases has a different level of implementation complexity, depending on the network size, topology, security requirements, and integration with other technologies. Among these use cases, software-defined segmentation and software-defined access typically involve the highest level of implementation complexity, because they require:

A thorough understanding of the network architecture and design principles, such as hierarchical, modular, and scalable design.

A comprehensive assessment of the network devices, endpoints, users, applications, and policies, and their interdependencies and interactions.

A careful planning and testing of the network segmentation and access policies, using tools such as Cisco TrustSec, Cisco DNA Center, Cisco SD-Access, and Cisco ISE .

A smooth and secure migration from the existing network to the software-defined network, with minimal disruption and downtime.

A continuous monitoring and optimization of the network performance, security, and compliance, using tools such as Cisco Stealthwatch, Cisco Tetration, and Cisco ISE .

References:

Cisco Identity Services Engine (ISE) Use Cases, : Cisco Enterprise Network Architecture and Design, : Cisco ISE Network Discovery, : Cisco TrustSec, : Cisco DNA Center, : Cisco SD-Access, : Cisco ISE Software-Defined Access, : Cisco SD-Access Migration Guide, : Cisco Stealthwatch, : Cisco Tetration, : Cisco ISE Monitoring and Troubleshooting,

 The discovery process is a critical phase in the sales cycle, where the SE gathers information about the customer’s network environment, business goals, challenges, and needs. The discovery process helps the SE to understand the customer’s pain points, identify opportunities, and propose solutions that align with the customer’s objectives and address their problems. The discovery process also helps the SE to establish credibility, trust, and rapport with the customer, and to map Cisco innovation to the customer’s needs.

Some of the activities that should occur during the SE’s discovery process are:

Gathering information about the current state of the customer’s network environment. This includes collecting data about the network topology, devices, protocols, applications, performance, security, availability, scalability, and management. The SE can use various tools and methods to gather this information, such as interviews, questionnaires, surveys, audits, assessments, and network analysis tools. Gathering information about the current state helps the SE to understand the customer’s existing network capabilities, limitations, and gaps, and to benchmark the network against best practices and industry standards12

Mapping Cisco innovation to the customer’s needs. This involves identifying how Cisco products, solutions, and services can help the customer achieve their desired outcomes, address their challenges, and overcome their pain points. The SE can use various tools and methods to map Cisco innovation to the customer’s needs, such as value proposition, business case, return on investment (ROI) analysis, proof of value (POV), proof of concept (POC), and demonstrations. Mapping Cisco innovation to the customer’s needs helps the SE to show the value and benefits of Cisco solutions, differentiate Cisco from competitors, and influence the customer’s decision making34

References:

1: Cisco Discovery Service 2: Cisco Network Assessment Services 3: Cisco Catalyst SD-WAN Demos 4: Cisco Business Critical Services

 Cisco SD-Access is a solution within Cisco DNA, which is built on intent-based networking principles. Cisco SD-Access provides visibility-based, automated end-to-end segmentation to separate user, device, and application traffic without redesigning the underlying physical network1. Cisco SD-Access also enables programmable overlays that allow network virtualization across the campus,branch, data center, and cloud2. Cisco SD-Access has two main components: the fabric and the policy3.

The fabric is the network overlay that consists of interconnected nodes that provide a consistent and scalable way of delivering network services and functions. The fabric nodes are classified into four types: edge nodes, border nodes, control plane nodes, and intermediate nodes. The edge nodes are the access switches or wireless controllers that connect to the end devices. The border nodes are the routers or switches that connect the fabric to external networks, such as the Internet, WAN, or data center. The control plane nodes are the routers or switches that maintain the mapping between the endpoint identifiers and the network locators. The intermediate nodes are the routers or switches that provide transit services within the fabric3.

The policy is the network configuration that defines the network behavior and outcomes, based on the business intent and requirements. The policy is composed of three elements: the endpoint groups, the contracts, and the virtual networks. The endpoint groups are the logical containers that group the endpoints based on their attributes, such as user identity, device type, or application. The contracts are the rules that specify the allowed interactions between the endpoint groups, such as the protocols, ports, and quality of service. The virtual networks are the logical partitions that isolate the endpoint groups and contracts from each other, based on the network scope and security3.

Cisco SD-Access addresses the following challenges and benefits:

It simplifies the network design and management, as it reduces the complexity and variability of the network elements and interfaces.

It enhances the network security and compliance, as it enforces granular and dynamic policies based on the endpoint identity and context, rather than the network topology and IP addresses.

It improves the network performance and user experience, as it optimizes the network path, load balancing, and traffic engineering based on the network conditions and application requirements.

It enables the network agility and scalability, as it supports the rapid deployment and integration of new devices, applications, and services, without affecting the existing network operations.

References:

Cisco Software-Defined Access - Cisco Software-Defined Access Solution Overview

What Is Software-Defined Access? - SD-Access - Cisco

Cisco SD-Access Architecture Overview