In which two ways does Easy Connect help control network access when used with Cisco TrustSec? (Choose two.)
In which two ways does Easy Connect help control network access when used with Cisco TrustSec? (Choose two.)
Easy Connect aids in controlling network access with Cisco TrustSec by allowing for the assignment of Security Group Tags without the need for 802.1x configuration on the switch or endpoint. This simplifies network access control and segmentation. Additionally, it allows managed endpoints that authenticate to Active Directory to be mapped to Security Groups through PassiveID, which enables granular access policies based on identity and role rather than just IP or MAC addresses.
Easy Connect simplifies network access control and segmentation by allowing the assignment of Security Group Tags to endpoints without requiring 802.1X on those endpoints, whether using wired or wireless connectivity. Active Directory logins are used to map user information onto network connections, which are then used for authorizing users on the network even when the Identity Services Engine (ISE) is not involved in the authentication process. Consequently, this authorization method only supports devices that authenticate with a Domain Controller. Easy Connect can also be used as a backup authentication method to 802.1X, to ensure that managed assets are classified even when an 802.1X supplicant is not correctly configured. This can dramatically reduce help desk calls
B. It allows for the assignment of Security Group Tags and does not require 802.1x to be configured on the switch or the endpoint. D. It allows for managed endpoints that authenticate to AD to be mapped to Security Groups (PassiveID). Easy Connect helps control network access by allowing for the assignment of Security Group Tags (SGTs) and mapping managed endpoints that authenticate to AD to Security Groups (PassiveID). This enables organizations to enforce granular access policies based on the endpoint's identity and role, rather than just its IP address or MAC address. The use of SGTs and PassiveID helps simplify the deployment of TrustSec and reduces the complexity of network access control, as it does not require the configuration of 802.1x on the switch or endpoint.
switch needs to have dot1x setup, end point does not
After I again reviewed documentation, BD is right, Easyconnect does not required dot1x on switch and integrates with TrustSec on ISE as Passive ID
https://community.cisco.com/t5/security-knowledge-base/ise-easy-connect/ta-p/3638861 MAB or 802.1X (required for ISE to stitch RADIUS session with PassiveID info) You can configure NAD w MAB, so technically 802.1x is not a requirement??
A CORRECT - EASYconenct integrate with AD to gaing visibility B- incorrect - SWITCHES NEED 802.1x configuration , Endpoints DOES not C- Does not create dashboards D - its correct - it is the main purpose E - incorrect - it is not about posture needs
why not B C since PassiveID can be used independently without easy connect feature??
im wrong C does not describe the way in which Easy Connect helps control network access so I will go for BD
I prefer B, D asy Connect simplifies network access control and segmentation by allowing the assignment of Security Group Tags to endpoints without requiring 802.1X on those endpoints, whether using wired or wireless connectivity. Reference: https://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise-networks/trustsec/trustsecwith-easy- connect-configuration-guide.p
D & E in my opinion. Cheers