Cisco Certified Internetwork Expert (CCIE) 2025 – 400 Free Practice Questions to Pass the Exam

The correct answer regarding the duration of how long Cisco TrustSec (CTS) can retain Security Group Tag (SGT) mapping entries after a peer disconnects is three minutes. This retention period is crucial for maintaining the session context in scenarios where a device disconnects but may reconnect shortly after.

The three-minute retention allows for graceful handling of instances where a device might temporarily disconnect and then need to quickly re-establish its SGT mappings without going through the complete authentication and mapping process again. This can optimize performance and reduce unnecessary overhead in environments where devices frequently connect and disconnect, thus enhancing the overall efficiency of the security framework within the network.

Understanding the retention policy is important for network design, especially in environments where dynamic connectivity is common, ensuring that security policies can be applied without delay while also maintaining seamless user experiences.