PrepAway - Latest Free Exam Questions & Answers

Which of the following applications is used by ISE to detect new endpoints on a subnet?

Which of the following applications is used by ISE to detect new endpoints on a subnet?

A. Nessus

B. Nmap

C. Wireshark

D. Snort

Explanation:
Cisco Identity Services Engine (ISE) uses Nmap to detect new endpoints on a subnet. ISE is a next-generation Authentication, Authorization, and Accounting (AAA) platform with integrated posture assessment, network access control, and client provisioning. Nmap is a port scanner that can be used to determine the open or closed ports on hosts within a particular IP address range. Unlike most port scanners, which generally cannot determine the operating system (OS) or application software running on each host, Nmap can use fingerprinting techniques to determine the OS and application versions running on a scanned host. You can configure ISE to probe a subnet for devices and then use the results from that probe to create endpoint groups and policies. For example, you could use the Nmap probe results to create a policy that will group all of the detected devices with the same Organizationally Unique Identifier (OUI) into a specific endpoint group.

ISE does not use Nessus to detect endpoints on a subnet. Nessus is a vulnerability scanner that is produced by Tenable Network Security. A vulnerability scanner can be a dedicated hardware appliance or a software program that can scan a range of IP addresses to determine the open or closed ports on each host in that range. In addition, a vulnerability scanner can determine the OS revision running on each host and whether any known exploits currently exist for that OS. Finally, most vulnerability scanners can determine whether any patches are available for any of the software services running on each host.

ISE does not use Wireshark to detect endpoints on a subnet. Wireshark is a network sniffer, which is a passive tool that enables you to capture network data as it passes through a network interface that has been configured to operate in promiscuous mode.

ISE does not use Snort to detect endpoints on a subnet. Snort is an intrusion detection system (IDS), which can passively monitor network traffic. An IDS can examine the network for predefined traffic signatures and can alert an administrator if matching traffic is identified.

Reference: https://www.cisco.com/c/en/us/td/docs/security/ise/1-3/admin_guide/b_ise_admin_guide_13/b_ise_admin_guide_sample_chapter_010101.html#concept_57A4A7ADE3DA429A821900C5CBEA8BF0


Leave a Reply