Enforce Access Control Using Special Tags

C.

The feature that should be configured to enforce access control using special tags in a scalable manner without re-engineering the network design is C. SGT (Security Group Tags).

SGT is a feature that allows tagging network traffic with a security group tag that is carried along with the traffic as it traverses the network. This tag can be used to enforce access control policies in a scalable and granular manner without having to re-engineer the network design.

SGT works by using network devices that support the feature to apply the security group tag to traffic at the network edge. The tag is then propagated through the network along with the traffic. Other network devices that support SGT can read the tag and apply access control policies based on the tag.

By using SGT, network engineers can implement access control policies that are based on business requirements and security policies rather than on network topology or IP addresses. This can make access control policies more flexible and easier to manage.

In contrast, VLANs (D) are a network design element that can be used to segment a network into different logical domains. While VLANs can be used to enforce access control policies, they are not as flexible or scalable as SGTs.

RBAC (A) refers to Role-Based Access Control and is a method of granting or restricting access to resources based on the role or job function of the user. While RBAC can be used to enforce access control policies, it does not use special tags and does not offer the same scalability as SGTs.

dACL (B) refers to downloadable ACLs and is a feature that allows network administrators to dynamically download access control lists to network devices. While dACLs can be used to enforce access control policies, they are not as flexible or scalable as SGTs.