500-490 Exam Dumps : Designing Cisco Enterprise Networks (ENDESIGN) exam

 = A business case is an option that will help build your customers platform during the discovery phase. A business case is a document that outlines the rationale, objectives, benefits, costs, risks, and alternatives of a proposed project or solution. A business case helps to justify the investment and align the stakeholders on the value proposition of the project or solution12.

During the discovery phase, the goal is to understand the problem that needs to be solved, the user needs and context, the constraints and opportunities, and the underlying policy intent. A business case can help to achieve this goal by providing a clear and concise summary of the problem statement, the desired outcomes, the potential solutions, and the evaluation criteria34. A business case can also help to communicate the vision and scope of the project or solution to the customers and other stakeholders, and to secure their buy-in and support56.

A business case is not the same as a POV report, a detailed design, a high-level design, or a PO. A POV report is a document that summarizes the findings and recommendations from a proof of value (POV) exercise, which is a short-term trial of a solution to demonstrate its feasibility and benefits7. A detailed design is a document that specifies the technical and functional requirements, architecture, and configuration of a solution8. A high-level design is a document that provides an overview of the solution, such as the main components, interfaces, and interactions9. A PO is a purchase order, which is a document that authorizes a purchase transaction between a buyer and a seller.

References :=

What is a business case? Definition and examples

Business Case - Project Management Knowledge

How the discovery phase works - Service Manual - GOV.UK

Discovery Phase – Service Design – The Beginner’s Guide

How to Write a Business Case ― 4 Steps to a Perfect Business Case Template

How to Write a Business Case: 4 Steps to a Perfect Business Case Template

What is a Proof of Value (POV)?

What is a Detailed Design Document (DDD)?

What is a High-Level Design Document?

[What is a Purchase Order (PO)?]

Cisco ISE is a security policy management platform that provides secure access to network resources. Cisco ISE functions as a policy decision point and enables enterprises to ensure compliance, enhance infrastructure security, and streamline service operations1. Two of the statements that are true regarding Cisco ISE are:

ISE can detect endpoints whose addresses have been translated via NAT: Cisco ISE can discover, profile, and monitor the endpoint devices on the network, and classify them according to their associated policies and identity groups. Cisco ISE can leverage the pxGrid framework to share the contextual information with other security tools and platforms, and enhance the network visibility and security1. Cisco ISE can also detect endpoints whose addresses have been translated via NAT by using various methods, such as passive and active discovery, NMAP scanning, DHCP snooping, and RADIUS accounting234.

The number of logs that ISE can retain is determined by your disk space: Cisco ISE provides a logging mechanism that is used for auditing, faultmanagement, and troubleshooting. The logging mechanism helps you to identify fault conditions in deployed services and troubleshoot issues efficiently. You can configure your Cisco ISE node to collect the logs in the local systems using a virtual loopback address5. The number of logs that ISE can retain is determined by your disk space, as well as the data purging settings that you can configure under Administration > System > Maintenance > Data Purging6. You can also configure Cisco ISE to send its logs to a remote system for greater retention history7.

The other statements are not true regarding Cisco ISE, because:

In distributed deployments, failover from primary to secondary Policy Administration Nodes happens automatically: Cisco ISE supports high availability for the Administration persona, which provides centralized configuration and management of the distributed deployment. You can configure one primary Administration ISE node and one secondary Administration ISE node for high availability. However, the failover from primary to secondary Policy Administration Nodes does not happen automatically, unless you enable the automatic failover feature and configure a health check node to monitor the primary node’s status8. Otherwise, you have to manually promote the secondary node to become the primary node in case of a failure9.

In two-node standalone ISE deployments, failover must be done manually: Cisco ISE supports high availability for the Policy Service persona, which provides network access, posture, guest access, client provisioning, and profiling services. You can configure multiple Policy Service Nodes (PSNs) in a node group to provide session failover and load balancing for the endpoints. In a two-nodestandalone ISE deployment, where each node assumes all the personas, the failover for the Policy Service persona does not need to be done manually, as long as the network access devices are configured to use both nodes for RADIUS and TACACS services10.

ISE supports IPv6 downloadable ACLs: Cisco ISE supports downloadable ACLs (DACLs), which are configured and implemented through authorization profiles. DACLs are used to enforce granular access control policies for the endpoints based on their identity and other attributes. However, Cisco ISE does not support IPv6 downloadable ACLs, as it only supports IPv4 ACLs for RADIUS and TACACS protocols1112.

References:

1: Cisco Content Hub - Cisco ISE Features 2: Cisco ISE Profiler Service Overview 3: ISE Deployment through NAT Boundaries - Cisco Community 4: Configure ISE 3.3 Native IPSec to Secure NAD (IOS-XE) Communication - Cisco 5: Logging [Cisco Identity Services Engine] - Cisco Systems 6: ISE maximum logging time / data retention - Cisco Community 7: Logs retention on ISE - Cisco Community 8: Cisco Identity Services Engine Administrator Guide, Release 2.4 9: Setting Up Cisco ISE in a Distributed Environment 10: Cisco Content Hub - Network Deployments in Cisco ISE 11: Cisco Identity Services Engine Administrator Guide, Release 2.2 12: Solved: ISE: support for IPv6 DACL’s - Cisco Community

"There is no automatic failover for the Administration persona." platforms and ISE versions appear to support ipv6 dacl just fine now

The Cisco vEdge platform supports IPv6 transport (WAN) as one of its features. This means that the vEdge routers can use IPv6 addresses to establish secure control and data plane connections with other vEdge routers over the WAN network. The vEdge routers can also use IPv6 addresses to communicate with the vSmart controllers and the vManage network management system. The vEdge routers can also support IPv6 routing protocols, such as OSPFv3 and BGP, to exchange IPv6 routes with other routers in the network12.

The other features listed in the question are not supported on the Cisco vEdge platform. License enforcement is not applicable to the vEdge routers, as they do not require any license to operate. Reporting is a function of the vManage network management system, which collects and displays various statistics and analytics from the vEdge routers. Non-Ethernet interfaces, such as serial, T1/E1, or DSL, are not available on the vEdge routers, which only support Ethernet and cellular interfaces. Single sign-on and 2-factor authentication are not supportedon the vEdge routers, which use local or remote authentication methods, such as TACACS+, RADIUS, or LDAP3.

References:

1: Cisco SD-WAN vEdge Routers Data Sheet 2: Cisco SD-WAN Configuration Guide, Release 20.3 3: Cisco SD-WAN Command Reference, Release 20.3