ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 300-715 All Questions

View all questions & answers for the 300-715 exam
Go to Exam

Exam 300-715 topic 1 question 230 discussion

Actual exam question from Cisco's 300-715
Question #: 230
Topic #: 1
[All 300-715 Questions]

A network engineer responsible for the switching environment must provision a new switch to properly propagate security group tags within the TrustSec inline method. Which CLI command must the network engineer enter on the switch to globally enable the tagging of SGTs?

  • A. cts sxp enable
  • B. cts manual
  • C. cts role-based sgt-map
  • D. cts role-based enforcement
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by thol119 at Nov. 3, 2023, 4:42 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
NikoTomas
Highly Voted 1 year, 4 months ago
Correct is D: "cts role-based enforcement" Ebook SISE: "Configuring Manual SGT Propagation on Cisco IOS XE Switches This section discusses the configuration of SGT propagation on access-layer switches such as the Catalyst 9300 and 9500 switches that have the ability to use native tags. Step 1. Enable Cisco TrustSec role-based enforcement on the switch: CAT9300(config)# cts role-based enforcement This GLOBALLY ENABLES THE TAGGING of frames. It also makes it possible to enforce SGACLs... Without this command in the global configuration, the switch does not tag the Layer 2 traffic." Example 17-4 Enabling Tagging on a 9300 Series Access Switch C9300(config)# cts role-based enforcement C9300(config)# interface g1/0/1 C9300(config-if)# cts manual C9300(config-if-cts-manual)# policy static sgt 2 trusted --- Confusing is that Cisco do not mention a word regarding tagging activation in the command reference: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9500/software/release/17-3/command_reference/b_173_9500_cr/cisco_trustsec_commands.html#wp2692401855
upvoted 7 times
...
ce1997d
Most Recent 4 months, 1 week ago
Selected Answer: B
Very poor question. cts manual is configured at interface not global. cts role-based is a global config but it only enables SGT tagging on routed interfaces which may not be used since they specified its a switching environment. So both B and D are kind of right kind of wrong.
upvoted 1 times
...
Jimmyb007
4 months, 2 weeks ago
Selected Answer: A
The question is 'provision a new switch to properly propagate security group tags'. Propagating SGT is down to SXP?
upvoted 1 times
...
TiberiuszSun
8 months, 3 weeks ago
Selected Answer: B
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_cts/configuration/xe-16/sec-usr-cts-xe-16-book/sec-usr-cts-xe-16-book_chapter_01101.html
upvoted 1 times
...
ZoneHacker
1 year ago
Selected Answer: B
The correct answer is the B. cts manual Example: SGT Static Inline Tagging This example shows how to enable an interface on the device for L2-SGT tagging or imposition and defines whether the interface is trusted for Cisco TrustSec Device# configure terminal Device(config)# interface gigabitethernet 1/0/1 Device(config-if)# cts manual Device(config-if-cts-manual)# propagate sgt Device(config-if-cts-manual)# policy static sgt 77 trusted
upvoted 1 times
Rashford10
5 months ago
Your own example nullifies your answer. The question requires you to enable it globally, cts manual is an interface-level command hence the answer is D
upvoted 1 times
...
...
HercJ
1 year, 5 months ago
Selected Answer: B
cts manual is for inline tagging
upvoted 2 times
...
egiunta
1 year, 7 months ago
I think B is the correct one. https://www1-realm.cisco.com/c/en/us/td/docs/switches/lan/trustsec/configuration/guide/trustsec/sgt_inline_tagging.pdf
upvoted 2 times
...
thol119
1 year, 8 months ago
I would go for B as it is the only command that has anything to do with inline SGT tagging. The others are for sgt-mapping, SGACL enforcment and SXP. But CTS manual is not global, it is per interface, so weird question.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel