Exam 300-420 topic 1 question 53 discussion

The correct answer is C. Cisco Identity Services Engine (ISE). Cisco ISE integrates with Cisco DNA Center to perform policy segmentation and enforcement in an SD-Access network. It uses security group access control lists (SGACLs) and security group tags (SGTs) to enforce policies based on user and device profiles. ISE enables the creation and management of these security policies, ensuring that proper access is granted based on user and device identity.

SGT ==> DNAC + ISE While SGTs are administered by Cisco ISE through the tightly integrated REST APIs, Cisco DNA Center is used as the pane of glass to manage and create SGTs and define their policies.

SGT ==> DNAC + ISE While SGTs are administered by Cisco ISE through the tightly integrated REST APIs, Cisco DNA Center is used as the pane of glass to manage and create SGTs and define their policies. TrustSec--> Just a term Cisco TrustSec is an umbrella term for security improvements to Cisco network devices based on the capability to strongly identify users, hosts and network devices within a network. TrustSec provides topology independent and scalable access controls by uniquely classifying data traffic for a particular role. TrustSec ensures data confidentiality and integrity by establishing trust among authenticated peers and encrypting links with those peers. The key component of Cisco TrustSec is the Cisco Identity Services Engine. It is typical for the Cisco ISE to provision switches with TrustSec Identities and Security Group ACLs (SGACLs), though these may be configured manually.

IT IS TRUSTSEC

also if you look at the OCG, pg330, it says "Cisco ISE is a critical component of SD-Access for policy enforcement..."

Answer is C "The key component of Cisco TrustSec is the Cisco Identity Services Engine." https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SY/configuration/guide/sy_swcg/trustsec.pdf

C is the correct answer. Cisco ISE is a sd-access component. Cisco trustsec is a feature

C is correct. Policy management with identity services is enabled in an SD-Access network using ISE integrated with Cisco DNA Center for dynamic mapping of users and devices to scalable groups. https://www.cisco.com/c/en/us/td/docs/solutions/CVD/Campus/cisco-sda-design-guide.html#CiscoDNACenterSoftware

I'm torn between C and D. Trustsec is the name of the feature. But it's ISE that actually pushes SGTs and SGACLs to the NADs. DNAC is a single pane of glass to manage it. So I think the answer is more likely to be C because ISE has to be integrated with DNAC for Trustsec to work in SDA. https://www.cisco.com/c/en/us/td/docs/solutions/CVD/Campus/cisco-sda-design-guide.html#IdentityServicesEngine

Yes, it-s trustsec

Effectively, it's Cisco TrustSec - ISE is for identity context, authentication, posture validation, etc Cisco TrustSec - Security provided by Cisco TrustSec ® infrastructure (Security Group Tags [SGT], SGACLs) and Cisco segmentation capabilities (Cisco Locator/ID Separation Protocol [LISP], VXLAN, and Virtual Routing and Forwarding [VRF]). Identity context for users and devices, including authentication, posture validation, and device profiling, provided by the Cisco ISE. https://www.cisco.com/c/en/us/solutions/collateral/enterprise-networks/software-defined-access/nb-09-sda-faq-cte-en.html