Cisco Certified Internetwork Expert (CCIE) Practice Test

Which two statements about the device configuration are true?

• A. The device retains all existing SGT mapping entries for 3 minutes
• B. If a peer reconnects to the device within 120 seconds of terminating a CTS-SXP connection, the reconciliation timer starts
• C. It sets the internal hold-down timer of the device to 3 minutes
• D. If a peer reconnects to the device within 180 seconds of terminating a CTS-SXP connection, the reconciliation timer starts

The correct answer is: If a peer reconnects to the device within 120 seconds of terminating a CTS-SXP connection, the reconciliation timer starts

The statement regarding the reconciliation timer starting when a peer reconnects to the device within 120 seconds of terminating a Context-based Access Control Security Exchange Protocol (CTS-SXP) connection is correct because it aligns with the operational parameters of CTS-SXP sessions. In this context, the reconciliation timer is designed to streamline the process of re-establishing connections and ensuring that security group tag (SGT) mappings are maintained efficiently. When a peer reconnects within this specific time frame, the device relies on the stale mapping entries, allowing for a quicker re-establishment of those security relationships without needing to perform a full mapping from scratch. In contrast, other statements pertain to either incorrect timing or misunderstandings about the holding patterns of SGT mappings. Retaining entries for a specified period or adjusting internal timers not congruent with established protocols misses the exact timing definition and operational behavior outlined by CTS-SXP standards, which are critical for maintaining effective network security in environments utilizing security group tagging.