Exam 300-715 topic 1 question 180 discussion

The answer is The device is performing inline tagging without acting as a SXP speaker. When a Cisco device is performing inline tagging, it inserts a Security Group Tag (SGT) into the packet header. This allows the device to enforce security policies based on the SGT. However, if the device is not acting as a SXP speaker, it can only accept connections from hosts that are assigned the same SGT as the device. This is because the device cannot learn about other SGTs without being a SXP speaker. The VLAN trunk link supports a maximum of 8 VLANs because each VLAN requires a unique SGT. If the device were to accept connections from hosts with different SGTs, it would not be able to enforce security policies correctly.

https://www.cisco.com/c/en/us/td/docs/switches/lan/trustsec/configuration/guide/trustsec/sxp_config.html#Restriction%20for%20SGT%20Exchange%20Protocol The following restrictions are applicable when running Cisco TrustSec in enforcement mode or inline tagging mode. These restrictions do not apply when these switches are used as an SXP speaker: • An IP subnet address cannot be statically mapped to a Security Group Tag (SGT). • If a port is configured in multi-authentication mode, all hosts connecting to that port must be assigned the same SGT. • Cisco TrustSec enforcement mode on a VLAN trunk line supports only up to eight VLANs. If more than eight VLANs are configured on a VLAN trunk link and Cisco TrustSec is enabled on those VLANs,

Correct answer is A https://www.cisco.com/c/en/us/td/docs/switches/lan/trustsec/configuration/guide/trustsec/sxp_config.html