Which option lists key Cisco TrustSec architecture components?
Click on the arrows to vote for the correct answer
A. B. C. D.B.
https://www.cisco.com/c/en/us/td/docs/switches/lan/trustsec/configuration/guide/trustsec/arch_over.pdfCisco TrustSec is a security architecture that provides scalable and dynamic segmentation of network traffic for better visibility, control, and security. The key components of the Cisco TrustSec architecture are:
D. Identify, Enforcement, Authentication:
Identify: Cisco TrustSec classifies network traffic based on the user, device, or application, and assigns it to a specific security group. This classification is done using different mechanisms such as VLAN, IP address, MAC address, or identity-based policies. This step enables organizations to have a better understanding of the network traffic and the security policies that apply to each group.
Enforcement: Cisco TrustSec enforces the security policies for each security group by applying access control rules to the network traffic. The enforcement can be done at different levels of the network infrastructure, including switches, routers, firewalls, and wireless controllers. Cisco TrustSec supports different enforcement mechanisms, such as VLAN-based, SGACL-based, or MACsec-based enforcement.
Authentication: Cisco TrustSec provides authentication mechanisms to ensure that only authorized users, devices, or applications can access the network resources. This can be done using different authentication methods such as 802.1X, MACsec, or MAB (MAC Authentication Bypass). Authentication provides an additional layer of security to the network and prevents unauthorized access.
Option A: Classify, Mark, Deny: This option does not list the complete set of Cisco TrustSec components. It only describes the traffic classification and access control rules. It does not mention the authentication mechanism, which is a critical component of the Cisco TrustSec architecture.
Option B: Authentication, Authorization, Access Control: This option lists three important security concepts, but it does not describe the complete set of Cisco TrustSec components. It does not mention the traffic classification, which is a critical component of the Cisco TrustSec architecture.
Option C: Permit, Deny, Log: This option describes the basic access control rules, but it does not list the complete set of Cisco TrustSec components. It does not mention the traffic classification and authentication, which are critical components of the Cisco TrustSec architecture.
In conclusion, option D (Identify, Enforcement, Authentication) is the correct answer as it lists the complete set of Cisco TrustSec components.