A network engineer is implementing Cisco TrustSec in an enterprise network. Which two components are required for TrustSec to function correctly? (Choose two.)
ISE is the policy server that defines TrustSec policies and distributes SGTs.
Why this answer
Cisco TrustSec uses the Identity Services Engine (ISE) as the centralized policy server to define and enforce security group tags (SGTs) and access policies. ISE is the mandatory policy decision point that assigns SGTs to endpoints and distributes them to network devices via SXP or inline tagging. Without ISE, there is no mechanism to create, manage, or propagate the SGT-based policies that TrustSec relies on.
Exam trap
Cisco often tests the distinction between required components (ISE and SXP) and optional or derivative elements (AAA server, Firepower, SGACLs) to catch candidates who confuse the policy enforcement mechanism with the foundational infrastructure.