Exam 350-401 topic 1 question 871 discussion

A. Web authentication Used when a user logs in using a web browser. When a user accesses the network using this method, web authentication authenticates the user and assigns a security group tag. This is an effective authentication method when the client terminal does not have an 802.1X supplicant function. B. IEEE 802.1x A network access control protocol that provides authentication and authorization. It consists of three elements: an authentication server, an authenticator, and a supplicant. When a user connects to a network, they are authenticated using 802.1x and are granted permission to access the network. Through this authentication process, users are assigned the appropriate security group tag.

Cisco TrustSec is a software-defined network security solution designed to simplify access control, segmentation, and policy enforcement in enterprise networks. It helps organizations protect their networks and data by using security group tags (SGTs) instead of traditional, complex methods like IP-based access control lists (ACLs). TrustSec is part of Cisco’s broader intent-based networking (IBN) architecture.

802.1x, MAB (MAC Authentication Bypass), or WebAuth.

A and B are correct

A and B are correct

TrustSec uses SGT tags to perform ingress tagging and egress filtering to enforce access control policy. Cisco ISE assigns the SGT tags to users or devices that are successfully authenticated and authorized through 802.1x, MAB, or WebAuth. The SGT tag assignment is delivered to the authenticator as an authorization option (in the same way as a dACL). After the SGT tag is assigned, an access enforcement policy (allow or drop) based on the SGT tag can be applied at any egress point of the TrustSec network.

AB is the correct, the rest make no sense for authentication

Admin please fix from OCG p.735 Cisco ISE assigns the SGT tags to users or devices that are successfully authenticated and authorized through 802.1x, MAB, or WebAuth.