Which characteristic of an SGT enforcement policy is true?

Which characteristic of an SGT enforcement policy is true?Unlike ACLs with an implicit deny at the end, Security Group ACLs (SGACLs) implemented on a switching platform have an implicit permit to Unknown or an implicit permit to all. This policy is not enforced on the Cisco ASA firewall or the Cisco IOS zone-based firewall acting as an SGFW, where an implicit deny is still maintained. On a switch, if no specific tag value is assigned to a server, the destination is considered Unknown and the packet is forwarded by default Reference: https://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise-networks/trustsec/branch-segmentation.pdf

Question:

Which characteristic of an SGT enforcement policy is true?

Options:

An SGFW has an implicit permit at the beginning.

An SGFW has an implicit deny at the end.

An SGACL has an implicit deny at the end.

An SGACL has an implicit deny at the beginning.

Correct Answer

The Correct Answer for this Question is

An SGFW has an implicit deny at the end.

Leave a Comment