Designing for Cisco Internetwork Solutions (DESGN, legacy) — Question 48

Which one of these statements is an example of how trust and identity management solutions should be deployed in the enterprise campus network?

Answer options

• A. Authentication validation should be deployed as close to the data center as possible.
• B. Use the principle of top-down privilege, which means that each subject should have the privileges that are necessary to perform their defined tasks, as well as all the tasks for those roles below them.
• C. Mixed ACL rules, using combinations of specific sources and destinations, should be applied as close to the source as possible.
• D. For ease of management, practice defense in isolation - security mechanisms should be in place one time, in one place.

Correct answer:

Explanation

The correct answer is B, as it emphasizes the principle of top-down privilege, ensuring that users have only the necessary access rights. Option A is incorrect because authentication should be as close to the user as possible for better performance. Option C, while valid for access control, does not address trust and identity management specifically. Option D misguides by suggesting a single point of security, which can create vulnerabilities.