The answer is D. From 31 days before CCNP, page 524:
Cisco TrustSec simplifies the provisioning and management of secure access to network services and applications.
Answer C.
So, which one simplifies access management?
Cisco ISE simplifies access management by automating authentication, authorization, and accounting (AAA) tasks. It centralizes the management of network access control policies, making it easier to enforce consistent security policies across a large network.
TrustSec simplifies network segmentation and policy enforcement based on the identity of the user or device, but it requires ISE to function.
C is correct.
why it's not D : TrustSec enables role-based access control via SGTs (Security Group Tags) but requires ISE for identity management and policy enforcement.
Answer C: While both technologies play crucial roles, ISE is the policy server that provides the foundation for managing access control and device authentication, while TrustSec is the enforcement layer that applies segmentation and policies to control traffic flows within the network. They work together to provide comprehensive security and simplified network access management.
In the context of the question you’re dealing with, the right answer depends on whether the focus is on managing access policies (ISE) or on segmentation and policy enforcement (TrustSec).
ISE without Trust Sec does not guarantee profiled secure access to network resources. So the corret answer is D. TrustSec is a next-generation access control enforcement solution developed by Cisco to address the growing operational challenges related to maintaining firewall rules and ACLs by using Security Group Tag (SGT) tags. Trust sec is simpler then using "old" solution es.Firewall/Controller devices to enforce policies based on returned AV pair Radius (post authentication)
It's D
TrustSec vs Cisco ISE
Cisco TrustSec and Cisco Identity Services Engine (ISE) are complementary technologies that work together to provide network segmentation and access control:
Cisco TrustSec
- Software-defined segmentation solution that uses security group tags (SGTs) to enforce access policies
- Simplifies network segmentation compared to traditional VLAN-based approaches
- Allows segmentation of devices without redesigning the network1
Cisco ISE
- Policy server designed to manage TrustSec
- Defines and manages SGTs on the network
- Handles authentication, authorization, and accounting (AAA) for network access
hth
How They Work Together:
Cisco ISE authenticates users and devices, then assigns Security Group Tags (SGTs) to the authenticated entities.
Cisco TrustSec then uses those SGTs to enforce policies (like what network segments the user or device can access) across the network.
So, which one simplifies access management?
Cisco ISE simplifies access management by automating authentication, authorization, and accounting (AAA) tasks. It centralizes the management of network access control policies, making it easier to enforce consistent security policies across a large network.
TrustSec simplifies network segmentation and policy enforcement based on the identity of the user or device, but it requires ISE to function.
It's C, because management of network access is much more than just TrueSec segmentation , ISE simplifies management through network visibility , centralized network/device access control, other functions
My vote is for D - TrustSec.
Yes, ISE can automate, but TrustSec uses Contextual Identification to simplify the securing of network resources by using SGTs.
For example, you can tag a server with the "HR" SGT. With that, TrustSec will only allow users/endpoints with the same HR SGT to access that server, and blocking any other endpoints from accessing it.
Option C starts getting a bit too complicated by mentioning RADIUS AV pairs, but the TrustSec option seemed pretty clear-cut.
the solution that specifically emphasizes the automation and central management of network access control, leveraging RADIUS attributes (AV pairs), is Cisco Identity Services Engine (ISE). ISE not only simplifies secure access management but also integrates well with existing network infrastructure to provide comprehensive access control and policy enforcement.
Therefore, while TrustSec (D) is an important solution for managing secure access through logical grouping and policy assignment, the best answer in terms of simplifying management specifically through automation and leveraging RADIUS AV pairs is C
This section is not available anymore. Please use the main Exam Page.350-401 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
hamish88
Highly Voted 1 year, 8 months agokozwe
Most Recent 1 month, 2 weeks agomatass_md
2 months agoEvillNL
3 months, 1 week agopost20
4 months, 3 weeks agojmarko80
3 months, 2 weeks agoNetworkJanitor
5 months, 1 week agokozwe
1 month, 2 weeks agoNetworkJanitor
5 months, 1 week agoExamTaker1017
5 months, 1 week agozbeugene7
6 months agoIgorLVG
6 months, 2 weeks agoRfvaz
8 months, 1 week agoa197cbf
9 months, 3 weeks agomerlow6674
10 months, 1 week ago[Removed]
10 months, 2 weeks ago[Removed]
11 months, 1 week agoShri_Fcb10
11 months, 1 week agoIgorLVG
1 year, 1 month agoIgorLVG
1 year, 1 month ago