Passed SISAS!!!!

Hey guys, I ended up retaking this test after failing it about two weeks ago because it really fired me up and gave me the extra boost to get through this. Basically after the first attempt I felt comfortable with ISE and the theoretical material but was thrown some very specific questions that I needed to go back on and perfect. You can't really predict what is on these and sometimes even if you know the material you might be asked something that you either did not implement or have not seen (I don't mean big features like probes or posture but more subtle stuff that might facilitate the deployment of those for example), and basically I used my weaknesses from the first attempt to hone in on that specific material.

And of course I also discovered that there was some stuff that I did not know or had not explored deeply enough the first time around but given there's no OCG I found myself digging sometimes too deeply on topics.

For what it's worth, apparently MACsec and SGA were my weak areas on both attempts.

Walking away from this exam I basically discovered how much I like 802.1x and how relevant this exam was to the real world. In fact the documentation for a lot of these features is scarce which made it interesting to research. 802.1x is not just installing an appliance and flipping a switch, it's a paradigm shift for your network infrastructure.

My sources were the official Cisco documentation on the ISE site including the ISE User Guide (all ~700 pages of it) and some ISE videos I found from Cisco that I referenced elsewhere. I used the ipExpert video series which kind of grew on me and I'll be using it again for SITCS. I'd like to give that one a shot before the end of the year.

Find more posts tagged with

Comments

cyberguypr

Congrats!

Vask3n

cyberguypr wrote: »

Congrats!

Thanks!!

snadam

congrats on the pass! Looking forward to seeing your progress!

Red90

Was there any simulations or labs on the SISAS that required you to type CLI commands on a switch or such? Or was it pretty much all GUI-based ISE questions where you had to navigate through it and change/examine configurations?

Vask3n

Red90 wrote: »

Was there any simulations or labs on the SISAS that required you to type CLI commands on a switch or such? Or was it pretty much all GUI-based ISE questions where you had to navigate through it and change/examine configurations?

For this test you should be familiar with both the ISE command line and GUI configuration. Speaking of GUIs, make sure that you are familiar with not just the ISE GUI but let's say, any other devices that you might deploy along with ISE in a dot1x deployment. In other words, look at 1.3.h of the Exam topics:

1.3.h Network access devices

Vask3n

snadam wrote: »

congrats on the pass! Looking forward to seeing your progress!

Many thanks, looking forward to sharing more as I prepare for SITCS

Iristheangel

Congrats!

Vask3n

Iristheangel wrote: »

Congrats!

Many thanks, by the way iris I just saw your ISE lab in another post, pretty epic.

lrb

Awesome work dude!

JustFred

Nice. well done.

Vask3n

lrb wrote: »

Awesome work dude!

JustFred wrote: »

Nice. well done.

Thanks guys, on the road to SITCS now. Will be posting about it soon

Niko-scoorpioon

Feb 2016

Hi, I’ve passed 300-208 SISAS exam. It was my second try. Prepare for this questions which I haven’t seen in any cert **** / VCE file:

==========
QUESTIONS:
==========
1. After how many days will ISE purge expired guest user accounts.
Possible answers: 1 day, 10 days, 15 days, …

2. After what time will ISE purge authentication session without receiving RADIUS Accounting Stop message.
Possible answers: 1 day, x days, y days…

3. ISE 2.0 TACACS – Screenshot with TACACS Shell Profile with configured default privilege level 9 and maximum privilege level 10. Question is what commands is user allowed to execute.
Possible options: Configure t, privilege 10, show run, exit,…

4. ISE 2.0. TACACS – Screenshot with TACACS Command Set with entries with wildcards used:
1. permit ping .*
2. permit conf t
3. permit s*w .*
4. deny xxx
5. deny always yyy

Question is what commands is user allowed to execute.
Possible options: Show ip int brief, show ver, configure term, ping 10.20.0.1, …

5. BYOD – what components are needed in client provisioning.
I don’t remember possible answers, I think there was Wizard, Agent, Supplicant profile, etc…

6. ISE 1.3 Client Certificates: What 2 options are awailable to take with certificate.
Possible options: Export, Delete, Revoke, Unrevoke, …

7. ISE 1.3 Sponsor portal: What actions are available for sponsor to take with user accounts.
I don’t remember possible answers.

8. ISE 2.0 – what URL will ISE use to redirect user to CWA portal.
Possible options (Check all possible portal URLs in ISE Authorization profile. The difference is in “action=” cwa / mdm / cpp / nsp / cwa&type=drw):
For a Hotspot Guest portal:
https://ip

ort/guestportal/gate...n=cwa&type=drw

For a Mobile Device Management (MDM) portal:
https://ip

ort/mdmportal/gatewa...lID&action=mdm

10. What is the main attribute which is used by ISE to distinguish MAB from Dot1x auth.
Possible options: RADIUS Service-Type 6 (Call-Check), Service-Type 8 (Framed IP), Service-Type 25 (Class), … As I remember, there are only Service Type number codes (6, 8, 25, …) no names – so learn this numbers also.

11. Redirect ACL & Downloadable ACL on Catalyst SW. There were options with different access lists permitting and/or denying access to ISE IP and/or remetiation server IP. Question was what access list combination (redirect ACL + dACL) is correct for redirect to portal & remediation server.

12. How many bits have TrustSec SGT:
Possible options: 16, 32, etc…

13. MacSec 802.1AE – Questions regarding keying – Connectivity Association Key (CAK). What is it used for.

As you can see, several questions was regarding Sponsor portal, guest portal, guest users. Some questions were about MacSec 802.1AE and TrustSec. There was simlet where you should configure MAB and correct authentication methods order (MAB > dot1x) only on Catalyst SW, not ISE. Another simlet was about editing ISE Authentication & Authorization policy and also troubleshooting output from ISE Live Log.

viper75

Congratz!

Don't sleep on SITCS. That test is tougher than it looks. I failed it once before I passed on my 2nd attempt.

Good Luck!

leugenel

Failed today. Does anyone know what "." means in command set? permit s*w .* I cannot find it anywhere.

I found that "." in regex means: "any character except a newline" but whats the point of ".*" if we can just use "*" ?

chrisone

Congrats on the PASS!