nerdexam
Cisco

350-401 · Question #997

Which solution simplifies management of secure access to network resources?

The correct answer is D. TrustSec to logically group internal user environments and assign policies. TrustSec and Simplified Network Access Management TrustSec (Option D) simplifies management of secure access by using Security Group Tags (SGTs) to logically group users, devices, and resources regardless of their physical location, then applying consistent policies to those grou

Submitted by zhang_li· Mar 6, 2026Security

Question

Which solution simplifies management of secure access to network resources?

Options

  • ARFC 3580-based solution to enable authenticated access leveraging RADIUS and AV pairs
  • B802.1AE to secure communication in the network domain
  • CISE to automate network access control leveraging RADIUS AV pairs
  • DTrustSec to logically group internal user environments and assign policies

How the community answered

(42 responses)
  • A
    5% (2)
  • B
    7% (3)
  • C
    17% (7)
  • D
    71% (30)

Explanation

TrustSec and Simplified Network Access Management

TrustSec (Option D) simplifies management of secure access by using Security Group Tags (SGTs) to logically group users, devices, and resources regardless of their physical location, then applying consistent policies to those groups across the entire network - dramatically reducing the complexity of managing individual IP-based ACLs.

Why the distractors are wrong:

  • Option A (RFC 3580 + RADIUS AV pairs) is a valid authentication framework, but it's an older, more manual approach that doesn't simplify management at scale - it adds complexity through individual attribute configuration.
  • Option B (802.1AE/MACsec) is a Layer 2 encryption standard focused on securing data in transit, not on simplifying access control management.
  • Option C (ISE + RADIUS AV pairs) - while ISE is a powerful tool that supports TrustSec, using raw RADIUS AV pairs alone still requires granular per-policy configuration, making it less simplified than TrustSec's group-based model.

Memory Tip: Think of TrustSec as creating "security lanes" on a highway - instead of giving every car unique directions (complex ACLs), you group vehicles by type and route entire groups with one policy. Group = Simple = TrustSec.

Topics

#Cisco TrustSec#Network Access Control#Policy Management#Secure Access

Community Discussion

No community discussion yet for this question.

Full 350-401 Practice