Which characteristic of an SGT enforcement policy is true?

300-208 0 Comments

Which characteristic of an SGT enforcement policy is true?
A . An SGFW has an implicit permit at the beginning.
B . An SGFW has an implicit deny at the end.
C . An SGACL has an implicit deny at the end.
D . An SGACL has an explicit deny at the beginning.

Answer: B

Explanation:

Unlike ACLs with an implicit deny at the end, Security Group ACLs (SGACLs) implemented on a switching platform have an implicit permit to Unknown or an implicit permit to all. This policy is not enforced on the Cisco ASA firewall or the Cisco IOS zone-based firewall acting as an SGFW, where an implicit deny is still maintained. On a switch, if no specific tag value is assigned to a server, the destination is considered Unknown and the packet is forwarded by default

Reference: https://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise-networks/trustsec/branch-segmentation.pdf

Latest 300-208 Dumps Valid Version with 433 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download 300-208 PDF     300-208 Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments