350-401 Question #922: Real Exam Question with Answer & Explanation

Question

What is a benefit of using segmentation with TrustSec?

Options

• AIntegrity checks prevent data from being modified in transit.
• BPackets sent between endpoints on a LAN are encrypted using symmetric key cryptography.
• CSecurity group tags enable network segmentation.
• DFirewall rules are streamlined by using business-level profiles.

Explanation

TrustSec Segmentation Benefit

TrustSec uses Security Group Tags (SGTs) to classify users and devices based on their role or identity, allowing firewall policies to be written using human-readable, business-level profiles (e.g., "Finance" or "Guest") rather than complex IP address-based rules - this dramatically simplifies and streamlines firewall management, making D correct.

Why the distractors are wrong:

• A is incorrect because TrustSec segmentation does not focus on integrity checks; that's a function of protocols like IPsec or MACsec.
• B is incorrect because TrustSec's primary function is policy enforcement and segmentation, not LAN encryption (MACsec handles encryption, but it's a separate feature).
• C is tempting and partially true - SGTs do enable segmentation - but this answer describes the mechanism, not the benefit. The question asks for the benefit, which is the simplification of security policy management using business-level profiles.

🧠 Memory Tip: Think of TrustSec as a "name badge" system - instead of remembering everyone's IP address, the network recognizes who you are (your role/profile), making policy rules as simple as "Contractors cannot access Finance." This business-level simplicity is the key benefit!

No community discussion yet for this question.