350-401 · Question #1094
Which two methods are used to assign security group tags to the user in a Cisco TrustSec. architecture? (Choose two.)
The correct answer is A. web authentication B. IEEE 802.1x. In Cisco TrustSec, Security Group Tags (SGTs) are assigned to users primarily through network admission control mechanisms like IEEE 802.1X and web authentication.
Question
Options
- Aweb authentication
- BIEEE 802.1x
- CDHCP
- Dmodular QoS
- Epolicy routing
How the community answered
(37 responses)- A95% (35)
- D3% (1)
- E3% (1)
Why each option
In Cisco TrustSec, Security Group Tags (SGTs) are assigned to users primarily through network admission control mechanisms like IEEE 802.1X and web authentication.
Web authentication (also known as Central Web Authentication) is a method where users authenticate via a web browser, and upon successful authentication, the identity and corresponding SGT can be assigned by the Cisco Identity Services Engine (ISE).
IEEE 802.1X is a port-based network access control protocol that authenticates users or devices when they attempt to connect to a network. Upon successful 802.1X authentication, Cisco ISE can assign a Security Group Tag (SGT) to the authenticated entity.
DHCP (Dynamic Host Configuration Protocol) assigns IP addresses and network configuration parameters, but it is not a direct mechanism for assigning Security Group Tags based on user identity in TrustSec.
Modular QoS (Quality of Service) policies prioritize traffic, which is related to network performance, not user identity or SGT assignment.
Policy routing (PBR) is used to forward packets based on administrator-defined policies rather than the destination IP address, and it does not directly assign SGTs to users.
Concept tested: Cisco TrustSec SGT assignment methods
Source: https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Security/TrustSec_1-0/TrustSec_SRND/ts_arch.html
Topics
Community Discussion
No community discussion yet for this question.