Which three statements are true regarding Security Group Tags? (Choose three.)
Click on the arrows to vote for the correct answer
A. B. C. D. E.ACD.
Security Group Tags (SGTs) are a way of implementing network segmentation and controlling access to network resources based on user or device identity. They are a type of authorization result that can be returned by a network access control (NAC) system such as Cisco ISE or Cisco ACS.
The following statements are true regarding Security Group Tags:
A. When using the Cisco ISE solution, the Security Group Tag gets defined as a separate authorization result. This statement is true. In Cisco ISE, Security Group Tags are defined as a separate authorization result, distinct from other authorization results such as VLAN assignment or access control lists (ACLs). This allows for granular control over network access based on user or device identity.
B. When using the Cisco ISE solution, the Security Group Tag gets defined as part of a standard authorization profile. This statement is also true. In Cisco ISE, Security Group Tags can be defined as part of a standard authorization profile, which can include other authorization results such as VLAN assignment or ACLs. This allows for a more streamlined and consistent approach to network access control.
C. Security Group Tags are a supported network authorization result using Cisco ACS 5.x. This statement is true. Cisco ACS 5.x also supports Security Group Tags as a network authorization result, although they may be implemented differently than in Cisco ISE.
D. Security Group Tags are a supported network authorization result for 802.1X, MAC Authentication Bypass, and WebAuth methods of authentication. This statement is true. Security Group Tags can be used as an authorization result for a variety of NAC methods, including 802.1X, MAC Authentication Bypass, and WebAuth.
E. A Security Group Tag is a variable length string that is returned as an authorization result. This statement is also true. A Security Group Tag is a variable length string that is returned as an authorization result by a NAC system such as Cisco ISE or ACS. The string can be used to identify a specific user or device and control access to network resources based on that identity.
In summary, Security Group Tags are a flexible and powerful way of implementing network segmentation and access control based on user or device identity. They are supported by both Cisco ISE and ACS, and can be used as an authorization result for a variety of NAC methods.