Exam 350-401 topic 1 question 681 discussion

There are 2 correct answers I think C and D. Security Group Tagging transforms segmentation by simplifying administration: • Security group tags allow organizations to segment their networks without having to redesign to accommodate more VLANs and subnets. • Firewall rules are dramatically streamlined by using an intuitive business-level profile method.

I go with D here because even though both C and D are technically correct, answer D fits the question better. The question basically asks "why would you segment your network with TrustSec instead of any other technology?". C says "I would segment my network with TrustSec because the segmentation is done using SGTs ". Where is the "benefit" ? D is a much more competent answer to the question. D represents a solution to a problem. A real 'benefit'

D is correct. The question is asking for a "benefit"of using segmentation. SGTs are just the "means/tools"" by which segmentation can be achieved. The real benefit is the Policy enforcement using profiles

Why not "C" ?

The benefit of using segmentation with TrustSec is: C. Security group tags enable network segmentation. Security Group Tags (SGTs) allow for the classification and segmentation of network traffic based on user roles or device types, enhancing security and simplifying policy management without relying solely on traditional VLANs. You said: why not d ChatGPT said: ChatGPT While D. Firewall rules are streamlined by using business-level profiles is indeed a benefit of Cisco TrustSec, the primary focus of the question is on segmentation specifically. C. Security group tags enable network segmentation is a more direct answer because it highlights the core function of TrustSec in enabling network segmentation through SGTs. Streamlining firewall rules through business-level profiles is a related benefit but more of a consequence of effective segmentation rather than the primary purpose of the segmentation itself. Thus, C is the more relevant answer when specifically discussing the benefit of segmentation in TrustSec.

The core feature of Cisco TrustSec is its ability to simplify and automate network segmentation without relying on IP addresses or traditional Access Control Lists (ACLs). It achieves this through the use of Security Group Tags (SGTs). By applying SGTs, TrustSec enables identity-based segmentation, where policies and access controls are defined based on the identity or role of users, devices, or services. This approach streamlines policy management and firewall rules, making them more adaptable and easier to enforce across the network.

D is better than C

D is better than C

The main reason C is more appropriate is that it directly addresses the core benefit of TrustSec related to network segmentation. TrustSec's use of SGTs to achieve network segmentation is fundamental to its design and primary purpose. On the other hand, D describes a beneficial outcome of using SGTs, but it is not the primary feature itself.

Benefits of Segmentation with TrustSec Security Group Tagging transforms segmentation by simplifying administration: • Security group tags allow organizations to segment their networks without having to redesign to accommodate more VLANs and subnets. • Firewall rules are dramatically streamlined by using an intuitive business-level profile method. • Policy enforcement is automated, assisting compliance and increasing security efficacy. • Security auditing becomes much easier, as Qualified

D: benefit, as C is more about how it works.

Answer: C https://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise-networks/trustsec/trustsec_pci_validation.pdf

Answer: C TrustSec, which stands for Trustworthy Security, is a Cisco technology that helps organizations implement network segmentation and access control policies. One of the benefits of using TrustSec is that it relies on security group tags (SGTs) to enable network segmentation. SGTs are used to classify and label network traffic based on various attributes, such as user identity, device type, or location. These labels are then used to enforce access control policies and segment the network, ensuring that only authorized users and devices can access specific resources or segments of the network. This helps improve network security and reduce the risk of unauthorized access or lateral movement by attackers.

Key word is "benefit". Answer D

Segmentation is other words is boundary for clients' traffic (where clients' traffic can go and where can't go). Answer C is correct, but D is more correct (more details). Thus, correct answer is D.

I've changed my mind, I think D is the best answer

choice between C & D