Exam 350-701 topic 1 question 266 discussion

D FQDN in DNS is a pre-req, NTP is a good call as well.

The answer is D it needs to be reached by name from the other nodes.

D is the Answer. A couldnt be more wrong. Many companies have ISE appliances on seperate segments. DNS is a 10000000% requirement, sine the PAN node cannot add the new ISE node if it cannot resolve it based on its hostname!

Response B. Is correct

The nature of an FQDN is that it resolves the name to the IP and DNS is 100% a requirement of this. https://en.wikipedia.org/wiki/Fully_qualified_domain_name

These answers are getting annoying... It's D, they can be on different networks.

I believe Answer is D: When adding a new Cisco ISE node to an existing deployment and inputting the Fully Qualified Domain Name (FQDN) of the new node, it is essential to ensure that the DNS entry for the new node is added into the DNS server. This allows the other nodes in the deployment to resolve and communicate with the new node using its FQDN. Option A, changing the IP address of the new Cisco ISE node to the same network as the others, is not necessary for ensuring the successful addition of the node. It is generally recommended to have the new node on the same network as the existing nodes, but it is not directly related to the inputting of the FQDN.

The correct answer is D. Add the DNS entry for the new Cisco ISE node into the DNS server. When adding a new Cisco ISE node to an existing deployment, the administrator must ensure that the new node can be resolved by the DNS server. This can be done by adding a DNS entry for the new node into the DNS server. The DNS entry should include the FQDN of the new node and its IP address.

Ensure that the primary PAN and the node being registered are DNS resolvable to each other. If the node that is being registered uses an untrusted self-signed certificate, you are prompted with a certificate warning along with details of the certificate. If you accept the certificate, it is added to the trusted certificate store of the primary PAN to enable TLS communication with the node.

you cannot enable md5: from: https://docs.amp.cisco.com/en/SecureEndpoint/Secure%20Endpoint%20User%20Guide.pdf You can enter a file’s SHA-256 value to find any devices that observed the file. !!!You can also drag a file to the Search box!!! and its SHA-256 value will be computed for you. If you only have a file’s MD5 or SHA-1 value, Search will attempt to match it to a corresponding SHA-256, then search for that SHA-256.

D. Add the DNS entry for the new Cisco ISE node into the DNS server. The Fully Qualified Domain Name (FQDN) is used to resolve the hostname of a device to its IP address. When adding a new Cisco ISE node, it is important to ensure that the FQDN of the node can be resolved to its IP address through the DNS server. This can be accomplished by adding a DNS entry for the new node into the DNS server, so that the FQDN can be resolved to the IP address of the new node. This is a crucial step in ensuring that the addition of the new node to the existing deployment will be successful.

100% D . I work with ISE and Join many to the cluster. If DNS is not correct the node fails to join.

It´s D

Enter the DNS-resolvable fully qualified domain name (FQDN) of the standalone node that you are going to register (in the format hostname.domain-name, for example, abc.xyz.com). The FQDN of the primary PAN and the node being registered must be resolvable from each other. https://www.cisco.com/c/en/us/td/docs/security/ise/2- 7/admin_guide/b_ise_27_admin_guide/b_ISE_admin_27_deployment.html

To add a new ISE node to an existing deployment it asks for the FQDN of the new node not the IP address. As long as the firewall rules (if any firewall is installed in the environment) permit comms between the existing deployment and the new node, the FQDN is sufficient. NTP servers ensure that the nodes are in sync The answer is D