A network security engineer needs to enable Zone Protection in an environment that makes use of Cisco TrustSec Layer 2 protections.
What should the engineer configure within a Zone Protection profile to ensure that the TrustSec packets are identified and actions are taken upon them?
To ensure that Cisco TrustSec packets are identified and appropriate actions are taken within a Zone Protection profile, the engineer should configure Ethernet SGT Protection. This feature specifically provides protection for Security Group Tag (SGT) information, which is a key component of Cisco TrustSec protocols and is used to enforce identity-based policies. Configuring Ethernet SGT Protection ensures that the TrustSec Layer 2 protections are correctly integrated and managed within the network security framework.
https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/zone-protection-and-dos-protection/zone-defense/zone-protection-profiles/ethernet-sgt-protection
Yes, should be C.
This question was on the exam.. Nov 2023
Were all these questions on the exam? I have it on the 16th, but may move it up to the 8th.
C is correct
It's C. Cisco reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_cts/configuration/xe-16/sec-usr-cts-xe-16-book/sec-usr-cts-xe-16-book_chapter_01101.html