Security Group Access Control Lists and Security Group Tags
Question
Which component of Cisco SD-Access integrates with Cisco DNA Center to perform policy segmentation and enforcement through the use of security group access control lists and security group tags?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.D.
The correct answer is D. Cisco TrustSec.
Cisco Software-Defined Access (SD-Access) is a solution that simplifies network segmentation by using a policy-based approach. SD-Access is based on the principles of Cisco's Digital Network Architecture (DNA), which provides an open and extensible framework for building and managing modern networks.
SD-Access uses Cisco DNA Center as its management platform, which provides a centralized location to automate network provisioning, monitoring, and troubleshooting. It also allows administrators to define policies for network segmentation and enforce them across the entire network.
Cisco TrustSec is a technology that provides secure network access by using a policy-based approach to group users and devices into logical security groups. TrustSec works by assigning Security Group Tags (SGTs) to endpoints, which are then used to enforce policies across the network.
TrustSec integrates with Cisco DNA Center to provide policy segmentation and enforcement capabilities in SD-Access. TrustSec policies are defined using Security Group Access Control Lists (SGACLs), which are based on SGTs. These policies are then pushed down to network devices, where they are enforced at the packet level.
The other answer choices are not correct:
A. Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) is a software-based controller that provides centralized management of the network infrastructure. It is not directly related to SD-Access or TrustSec.
B. Cisco Network Data Platform (NDP) is a tool that collects and analyzes network data to provide insights into network performance and security. It is not directly related to SD-Access or TrustSec.
C. Cisco Identity Services Engine (ISE) is a network access control solution that provides authentication, authorization, and accounting (AAA) services. While ISE can integrate with SD-Access and TrustSec, it is not the component that performs policy segmentation and enforcement through the use of SGTs and SGACLs.
