Which Cisco TrustSec feature uses EAP-FAST to authenticate devices and negotiates IEEE 802.1AE encryption?

The correct answer focuses on Network Device Admission Control (NDAC), which plays a vital role in the Cisco TrustSec architecture. NDAC employs the Extensible Authentication Protocol - Fast (EAP-FAST) for authenticating devices on the network. This authentication process is crucial for ensuring that only legitimate and safe devices gain access to network resources.

In conjunction with EAP-FAST, NDAC also negotiates IEEE 802.1AE encryption, which is fundamental for securing the communication between the endpoint and the network infrastructure. This encryption ensures that data is transmitted securely, protecting against eavesdropping and tampering.

NDAC facilitates a robust security posture by not only authenticating devices but also ensuring they are correctly classified and assigned the appropriate Security Group Tags (SGTs). This adds another layer of security by determining what resources network devices are permitted to access based on their group classifications.

This process is central to TrustSec's ability to implement role-based access control and enforce security policies dynamically, providing a more secure and manageable network environment.