300-715 · Question #361
300-715 Question #361: Real Exam Question with Answer & Explanation
The correct answer is D: SXP. {"question_number": 5, "question": "An engineer is deploying Cisco ISE in a network that contains an existing Cisco Secure Firewall ASA... Cisco TrustSec be configured so that Cisco ISE and the firewall can share SGT information...", "correct_answer": "D", "explanation": "SXP (SG
Question
An engineer is deploying Cisco ISE in a network that contains an existing Cisco Secure Firewall ASA. The customer requested that Cisco TrustSec be configured so that Cisco ISE and the firewall can share SGT information. Which protocol must be configured on Cisco ISE to meet the requirement?
Options
- ARADUIS
- BpxGrid
- CPAC
- DSXP
Explanation
{"question_number": 5, "question": "An engineer is deploying Cisco ISE in a network that contains an existing Cisco Secure Firewall ASA... Cisco TrustSec be configured so that Cisco ISE and the firewall can share SGT information...", "correct_answer": "D", "explanation": "SXP (SGT Exchange Protocol) (D) is the protocol used to propagate Security Group Tag (SGT) bindings - the mapping of IP addresses to SGTs - to network devices that cannot perform inline TrustSec tagging in hardware, such as the Cisco ASA. ISE acts as the SXP speaker (or listener) and the ASA acts as the peer, allowing the ASA to enforce SGT-based access policies using information received from ISE. pxGrid (B) is used for broader context sharing (user identity, threat data) between ISE and third-party systems, not specifically for SGT propagation. RADIUS (A) is the AAA protocol. PAC (C) is a Protected Access Credential used in EAP-FAST and for TrustSec device authentication, not for sharing SGT bindings.", "generated_by": "claude-sonnet", "llm_judge_score": 4}
Topics
Community Discussion
No community discussion yet for this question.