SISE (Implementing and Configuring the Cisco Identity Services Engine)

ここに注目!!

このトレーニングは、外国人講師によるオンライントレーニングです。

受講対象者

このトレーニングはこのような方におすすめです。

・CCNP Security認定の取得を目指す方
・シスコ認定スペシャリスト - Security Identity Management Implementationの取得を目指す方

このトレーニングの受講に適した職種は次のとおりです。
　・ネットワークセキュリティエンジニア
　・ネットワークセキュリティアーキテクト
　・Cisco ISE管理者
　・インシデントレスポンス担当のセキュリティオペレーションセンター（SOC）上級要員

「自分に合っているか不安…」という方は、事前にご相談いただくことも可能です。お気軽にお問い合わせください。お問い合わせは こちら

前提条件 / 前提知識

このコースを受講する前に受講者が習得しておく必要がある知識およびスキルは次のとおりです。

・有線および無線ネットワークデバイスのCisco IOS CLIに関する知識
・Cisco Secure Clientに関する知識
・Microsoft Windowsオペレーティングシステムの知識
・802.1Xに関する知識

目的

このコースを修了すると次のことができるようになります。

・Describe how Cisco ISE fits into contemporary network security architectures and the main functions, design motivations, and common use cases
・Examine the functional roles of Cisco ISE node personas, supported deployment models, licensing considerations, and their implications for design planning and scalability decisions
・Implement the installation workflows, platform requirements, and initial setup steps for deploying Cisco ISE on supported virtual and hardware platforms
・Evaluate the principles, message flow, and authorization outcomes of 802.1X-based network access, and Cisco ISE’s contribution to the security of wired and wireless connections with identity-based controls
・Describe how MAB works, including its fallback behavior, flow sequence, and policy application within Cisco ISE, and how MAB provides access to non-802.1X-compatible devices
・Establish the role of NADs in Cisco ISE authentication workflows, and provide an outline of the steps required to add, configure, and validate NADs within Cisco ISE to ensure secure policy enforcement
・Discuss the role of internal and external identity sources in Cisco ISE, how user and device identities are managed, and how certificates are used for identity-based authentication
・Evaluate how to configure Cisco ISE to integrate with Active Directory and LDAP, and outline the key settings and connectivity requirements needed to support external user authentication
・Interpret how Cisco ISE selects identity sources during authentication and the logic and conditions that determine identity store sequences, fallback behavior, and identity normalization techniques
・Discuss the structure and purpose of policy sets in Cisco ISE, including how global and local constructs interact, how policy sets are matched and evaluated, and how authentication and authorization logic is organized within each policy set
・Identify how Cisco ISE evaluates authentication policies using rule conditions, identity store sequences, and dictionaries, as well as how behavior is applied when no rules match
・Interpret how Cisco ISE applies authorization policies following authentication, including how rules are constructed using Conditions Studio and matched against user and device attributes to apply appropriate access profiles
・Analyze Cisco ISE policies based on logs, RADIUS flow data, and session context to resolve authentication and authorization issues across different access scenarios
・Analyze how Cisco ISE provides web-based guest access using CWA, and distinguish between hotspot, self-registration, and sponsored access flows
・Establish global guest settings in Cisco ISE to define account lifecycle behavior, credential policies, communication methods, and access types for guests across supported onboarding processes
・Configure Cisco ISE guest portals to support different access flows, manage account lifecycles, and implement deployment models that are consistent with organizational policies and scalability requirements
・Set up sponsor-drive guest access in Cisco ISE via access roles, linking guest types to sponsor groups, and customizing portal behavior to support account creation and approval
・Establish a clear understanding of Cisco ISE’s roles in secure and scalable BYOD access: its enterprise use cases, deployment models, policy-based control strategies, key components, Cisco ISE-specific capabilities, and onboarding designs such as single and dual SSIDs for seamless personal device integration into the network
・Configure Cisco ISE to deliver supplicants, issue certificates, and enforce policies as part of a complete BYOD onboarding pipeline
・Operate post-onboarding workflows using the My Device Portal, including revocation of certificates and device de-registration for lost or stolen endpoints
・Explain how Cisco ISE uses profiling to identify endpoints by taking advantage of classification logic, profiler components, data flows, and feed services to provide the foundation for advanced profiling and policy enforcement
・Analyze how Cisco ISE collects endpoint data using built-in probes, device sensors, and pxGrid enrichment, and how each method contributes to the accuracy and coverage of profiling
・Analyze how the profiling policies in Cisco ISE classify endpoints based on collection attributes, and how logical profiles are created and applied to support the decision-making process for determining access based on identity
・Design scalable profiling solutions by aligning design principles, probe selection, and NAD integration with diverse network environments
・Maintain visibility of profiling through dashboards and reporting tools, and improve deployment efficiency through optimization techniques
・Apply foundational understanding of Cisco ISE posture services, including agent types, flow logic, operational modes, and use cases
・Implement Cisco ISE to deliver posture agents and related resources to endpoints by configuring update services, portals, and delivery policies
・Administer Cisco ISE policies to ensure secure and compliant network access
・Test compliance-based access enforcement by simulating a variety of endpoint scenarios using Cisco AnyConnect
・Assess session behavior, interpret posture outcomes, and analyze reporting tools to confirm the effectiveness of posture policy application and remediation
・Examine Cisco ISE’s use of TACACS+ for securing administrative access, including key AAA concepts and a comparison with RADIUS to illustrate centralized authentication and authorization
・Set up Cisco ISE for TACACS+ based device administration by configuring policy elements such as command sets, profiles, and policy sets
・Onboard network devices, define access permissions, and set up authentication and authorization rules to control administrator access
・Implement advanced TACACS+ authorization logic, implement administrator command access, and implement scalable deployments using proven design guidelines
・Compare Cisco's TrustSec core architecture, operation, and design considerations, including its enhancements and planning prerequisites for enterprise deployment
・Configure Cisco TrustSec segmentation in Cisco ISE, including SGT classification, SXP propagation, and tag-based policy enforcement
・Interpret how to operationalize Cisco ISE through system maintenance, backup/restore procedures, certificate management, and structured upgrades in production environments

アウトライン

講義アウトライン

1. Cisco ISE Evolution, Foundation, and Role
2. Architecture and Design
3. Cisco ISE Installation and Initial Config
4. 802.1X in Cisco ISE
5. MAB in Cisco ISE
6. Network Device Integration with Cisco ISE
7. Identity Sources and Authentication Types
8. Active Directory and LDAP Integration
9. Identity Selection and Resolution Logic
10. Cisco ISE Policy Framework
11. Authentication Policies
12. Authorization Policies
13. Troubleshoot Policies and Sessions
14. Guest Access Overview
15. Guest Access Policies and Settings
16. Guest Portals and Lifecycle Operations
17. Sponsor Portals
18. BYOD Architecture and Use Cases
19. BYOD Onboarding with Native Supplicant Provisioning
20. BYOD Lifecycle Operations
21. Profiling Architecture and Capabilities
22. Probes and Data Collection
23. Profile Policies and Authorization
24. Profile Monitoring and Design
25. Posture Service Flow and Agents
26. Posture Updates and Client Provisioning
27. Posture Policies and Compliance-Based Access
28. Posture Testing and Monitoring
29. AAA and TACACS+
30. TACACS+ Device Administration
31. TACACS+ Command Authorization
32. Cisco TrustSec Overview
33. Cisco TrustSec in Cisco ISE
34. Cisco ISE Administration

ラボアウトライン

1. Explore the Initial Cisco ISE Configuration, GUI and System Certificate
2. Configure Network Device Groups and Network Devices
3. Integrate Cisco ISE with Active Directory
4. Configure MAB
5. Configure Wired 802.1X
6. Configure Wireless 802.1X and Optional Wired EAP-TLS and TEAP
7. Troubleshoot Cisco ISE 8021.X Configuration Errors
8. Configure Hotspot Guest Access
9. Configure Sponsored Guest Access
10. Configure BYOD
11. Manage BYOD Devices
12. Configure Profiling
13. Configure Authorization Policy Rules and Run Profiler Reports
14. Configure Posture Preparations and Client Provisioning
15. Configure Posturing and Reporting
16. Configure TACACS+ Basic Device Administration
17. Configure TACACS+ Command Authorization
18. Configure Cisco TrustSec
19. Configure Secure Syslog with TLS v1.3 and Install Cisco ISE Patch

受験バウチャー

「バウチャーあり」をお申し込みのお客様には、以下の受験バウチャー(１回分)をお渡しします。

• 300-xxx Professional Level Concentration exams (300-試験共通)

※有効期間は、コース開始日から11ヶ月間を保証します。

※受験バウチャーの有効期限は、予告なく変更になる場合があります。

ご注意・ご連絡事項

本トレーニングコースには、申し込み手続き期限、キャンセル、日程変更に関する扱いが定められています。

• 申し込み手続き期限: コース開始日の21日前までとします。期限後のお申し込みを検討されている場合は 「お問い合わせ」(https://www.topout.co.jp/inquiry) からご相談ください。
• キャンセル: コース開始日の20日前以降のお申し出の場合は、代金を全額お支払いいただきます。
• 日程変更: コース開始日の20日前以降のお申し出は、受付いたしかねます。
  当該日が当社休業日にあたる場合は、直前の営業日とします。