nerdexam
Cisco

350-401 · Question #1094

Which two methods are used to assign security group tags to the user in a Cisco TrustSec. architecture? (Choose two.)

The correct answer is A. web authentication B. IEEE 802.1x. In Cisco TrustSec, Security Group Tags (SGTs) are assigned to users primarily through network admission control mechanisms like IEEE 802.1X and web authentication.

Submitted by layla.eg· Mar 6, 2026Security

Question

Which two methods are used to assign security group tags to the user in a Cisco TrustSec. architecture? (Choose two.)

Options

  • Aweb authentication
  • BIEEE 802.1x
  • CDHCP
  • Dmodular QoS
  • Epolicy routing

How the community answered

(37 responses)
  • A
    95% (35)
  • D
    3% (1)
  • E
    3% (1)

Why each option

In Cisco TrustSec, Security Group Tags (SGTs) are assigned to users primarily through network admission control mechanisms like IEEE 802.1X and web authentication.

Aweb authenticationCorrect

Web authentication (also known as Central Web Authentication) is a method where users authenticate via a web browser, and upon successful authentication, the identity and corresponding SGT can be assigned by the Cisco Identity Services Engine (ISE).

BIEEE 802.1xCorrect

IEEE 802.1X is a port-based network access control protocol that authenticates users or devices when they attempt to connect to a network. Upon successful 802.1X authentication, Cisco ISE can assign a Security Group Tag (SGT) to the authenticated entity.

CDHCP

DHCP (Dynamic Host Configuration Protocol) assigns IP addresses and network configuration parameters, but it is not a direct mechanism for assigning Security Group Tags based on user identity in TrustSec.

Dmodular QoS

Modular QoS (Quality of Service) policies prioritize traffic, which is related to network performance, not user identity or SGT assignment.

Epolicy routing

Policy routing (PBR) is used to forward packets based on administrator-defined policies rather than the destination IP address, and it does not directly assign SGTs to users.

Concept tested: Cisco TrustSec SGT assignment methods

Source: https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Security/TrustSec_1-0/TrustSec_SRND/ts_arch.html

Topics

#TrustSec#security group tags#802.1x#web authentication

Community Discussion

No community discussion yet for this question.

Full 350-401 Practice