350-401 Question #92: Real Exam Question with Answer & Explanation

Question

Which feature does Cisco TrustSec use to provide scalable, secure communication throughout a network?

Options

• Asecurity group tag ACL assigned to each port on a switch
• Bsecurity group tag number assigned to each port on a network
• Csecurity group tag number assigned to each user on a switch
• Dsecurity group tag ACL assigned to each router on a network

Explanation

Cisco TrustSec and Security Group Tags (SGTs)

Cisco TrustSec achieves scalable, secure communication by assigning a Security Group Tag (SGT) number to each port on a network, allowing policy enforcement based on user/device identity rather than IP addresses, which scales far more effectively across large networks. Option A is incorrect because SGTs are numbers (not ACLs) - SGACLs (Security Group ACLs) are a separate component that uses those tag numbers to enforce policy, making the distinction critical. Option C is wrong because SGTs are assigned to ports (and by extension the devices/users connecting through them), not directly to individual users on a single switch - the assignment is network-wide. Option D is incorrect because SGACLs are not assigned to routers specifically; TrustSec policy enforcement occurs across the broader network infrastructure, not router-by-router.

🧠 Memory Tip: Think "SGT = Number + Port + Network" - the number is the tag, it's tied to a port, and it works network-wide. If an answer says "ACL" when describing the SGT itself, it's mixing up the tag with the policy that uses the tag.

No community discussion yet for this question.