Securing Local Area Networks
Question 1
You suspect an attacker in your network has configured a rogue layer 2
device to intercept traffic from multiple VLANS, thereby allowing the
attacker to capture potentially sensitive data. Which two methods will
help to mitigate this type of activity? (Choose two)A. Turn off all trunk ports and manually configure each VLAN as required on each port
B. Disable DTP on ports that require trunking
C. Secure the native VLAN, VLAN 1 with encryption
D. Set the native VLAN on the trunk ports to an unused VLAN
E. Place unused active ports in an unused VLAN
Answer: B D
Question 2
In an IEEE 802. lx deployment, between which two devices EAPOL messages typically are sent?A. Between the RADIUS server and the authenticator
B. Between the authenticator and the authentication server
C. Between the supplicant and the authentication server
D. Between the supplicant and the authenticator
Answer: D
Explanation
On many networks, a PC sends a DHCP request to obtain an IP address
for use on the network. However, with Cisco Identity-Based Networking
Services (IBNS), an 802.1x-enabled PC initially sends an Extensible
Authentication Protocol over LAN (EAPOL) request. The Cisco Catalyst
switch connected to the PC sees the EAPOL request and responds to the PC
with a challenge. The challenge asks the PC to provide credentials for
network access, such as a valid username and password combination. The
switch forwards these credentials to a RADIUS server for verification.
Upon verification of the supplied credentials, the switch grants the PC
access to the network.In this question, the supplicant is the 802.1x-enabled PC and the authenticator is the secured switch.
Post a Comment