300-715 Question #270: Real Exam Question with Answer & Explanation

The correct answer is B: cts manual. To globally enable Security Group Tag (SGT) tagging on a Cisco switch for TrustSec inline method, the cts manual command is used in global configuration mode.

Network Access Device Administration

Question

A network engineer responsible for the switching environment must provision a new switch to properly propagate security group tags within the TrustSec inline method. Which CLI command must the network engineer enter on the switch to globally enable the tagging of SGTs?

Options

Acts sxp enable
Bcts manual
Ccts role-based sgt-map
Dcts role-based enforcement

Explanation

To globally enable Security Group Tag (SGT) tagging on a Cisco switch for TrustSec inline method, the cts manual command is used in global configuration mode.

Common mistakes.

A. cts sxp enable enables Security Group Tag Exchange Protocol (SXP), which is used for SGT propagation when devices do not support inline tagging, not for globally enabling inline tagging itself.
C. cts role-based sgt-map is used for mapping SGTs to IP addresses for SXP, not for globally enabling inline tagging.
D. cts role-based enforcement is used to enable enforcement of Security Group Access Control Lists (SGACLs), which is a consequence of TrustSec, not the command to globally enable SGT tagging.

Concept tested. Cisco TrustSec SGT inline tagging global enablement

Reference. https://www.cisco.com/c/en/us/td/docs/switches/lan/trustsec/configuration/guide/trustsec-guide/trustsec-overview.html

Topics

#Cisco TrustSec#SGT tagging#Switch configuration#Inline SGT

Community Discussion

No community discussion yet for this question.

Full 300-715 Practice Browse All 300-715 Questions