A security engineer must provision dynamic TrustSec classifications. Which two classification options must the engineer select to accomplish this task? (Choose two.)
A. MAB
B. 802.1X
C. VLAN
D. interface
E. IP subnet
Which two classification options must the engineer select to accomplish this task?
answer is A and B
A security group is a grouping of network connected devices that share access control policies. New security groups are defined by the administrator in Cisco Identity Services Engine by name with an optional description. The path in ISE is Policy > Policy Elements > Results, Security Group Access > Security Groups. ISE will automatically assign a 16 bit number to the security group tag. This number is unique across the Cisco TrustSec domain.
As a result of the Cisco TrustSec environment data download, the network devices obtain the security group table. The security group table maps SGTs to security group names. Security group names are created on the ISE and provide user-friendly names for security groups.
Assignment of security group tags to devices connecting to the network happens either dynamically or statically. Dynamic classification will happen during the authorization process of 802.1X, MAB or Web Authentication. Static classification is defined within the configuration on a network device. Once a security group tag is assigned to a network connected device, the tag information will follow traffic from that device through the Cisco TrustSec domain.
answer is A and B
dynamic classification occurs via 802.1x, MAB or web authentication, when authentication is not available, static classification methods are necessary
static classification, SGT maps to an IP, subnet, VLAN, or interface
For dynamic classification answer is A and B, (Correct Answers)
For static classification (unauthanticated) answer is VLAN, IP, Subnet
Isn’t C and D?