Which one of these statements is an example of how trust and identity management solutions
should be deployed in the enterprise campus network?
A.
Authentication validation should be deployed as close to the data center as possible.
B.
Use the principle of top-down privilege, which means that each subject should have the
privileges that are necessary to perform their defined tasks, as well as all the tasks for those roles
below them.
C.
Mixed ACL rules, using combinations of specific sources and destinations, should be applied as
close to the source as possible.
D.
For ease of management, practice defense in isolation – security mechanisms should be in
place one time, in one place.
Explanation:
Validating user authentication should be implemented as close to the source aspossible, with an emphasis on strong authentication for access from untrusted networks. Access
rules should enforce policy deployed throughout the network with the following guidelines:
An integral part of identity and access control deployments is to allow only the necessary access.
Highly distributed rules allow for greater granularity and scalability but, unfortunately, increase the
management complexity. On the other hand, centralized rule deployment eases management but
lacks flexibility and scalability.
Practicing “defense in depth” by using security mechanisms that back each other up is an
important concept to understand. For example, the perimeter Internet routers should use ACLs to
filter packets in addition to the firewall inspecting packets at a deeper level.
Cisco Press CCDA 640-864 Official Certification Guide Fourth Edition, Chapter 13