300-715 Question #300: Real Exam Question with Answer & Explanation

The correct answer is B: MAC address. For a TrustSec proof of concept requiring static Security Group Tag (SGT) classifications, the engineer needs to configure MAC address and VLAN based classifications.

Policy Enforcement

Question

A security engineer has a new TrustSec projct and must create a few static security group tag classifications as proof of concept. Which two classifications must the engineer configure? (Choose two.)

Options

Aswitch ID
BMAC address
CVLAN
Duser ID
Einterface

Explanation

For a TrustSec proof of concept requiring static Security Group Tag (SGT) classifications, the engineer needs to configure MAC address and VLAN based classifications.

Common mistakes.

A. Switch ID is used for identifying the network device itself, not for classifying endpoints with SGTs.
D. User ID is typically used for dynamic SGT assignment based on user authentication, not for static classification.
E. Interface-based classification is often dynamic or part of access policy configuration, but MAC and VLAN are more direct for static SGT assignments.

Concept tested. TrustSec static SGT classification methods

Reference. https://www.cisco.com/c/en/us/td/docs/switches/lan/trustsec/configuration/guide/trustsec/concepts.html#concept_D5154316D72A4A7697B703F934177F0C

Topics

#TrustSec#Security Group Tags (SGT)#Static Classification#Endpoint Classification

Community Discussion

No community discussion yet for this question.

Full 300-715 Practice Browse All 300-715 Questions