Designing Cisco Enterprise Networks (ENSLD) — Question 116

How is end-to-end microsegmentation enforced in a Cisco SD-Access architecture?

Answer options

• A. VLANs are used to segment traffic at Layer 2.
• B. 5-tuples and ACLs are used to permit or deny traffic.
• C. SGTs and SGTACLs are used to control access to various resources.
• D. VRFs are used to segment traffic at Layer 3.

Correct answer: C

Explanation

The correct answer is C because SGTs (Security Group Tags) and SGTACLs (Security Group Tag Access Control Lists) specifically help in controlling access to resources in a microsegmented environment. Options A and D reference VLANs and VRFs, which do not provide the same level of granular control as SGTs for microsegmentation. Option B focuses on 5-tuples and ACLs, which are more traditional traffic control methods and do not fully encapsulate the capabilities of microsegmentation in SD-Access.