In the use of 802.1X access control,
which three protocols are allowed through the switch port before authentication takes place? ()
A. STP
B. CDP
C. EAP MD5
D. TACACS+
E. EAP-over-LAN
F. protocols not filtered by an ACL
您可能感興趣的試卷
你可能感興趣的試題
The DAI feature has been implemented in the Company switched LAN.
Which three statements are true about the dynamic ARP inspection (DAI) feature? ()
A. DAI can be performed on ingress ports only.
B. DAI can be performed on both ingress and egress ports.
C. DAI is supported on access ports, trunk ports, EtherChannel ports, and private VLAN ports.
D. DAI should be enabled on the root switch for particular VLANs only in order to secure the ARP caches of hosts in the domain.
E. DAI should be configured on all access switch ports as untrusted and on all switch ports connected to other switches as trusted.
F. DAI is supported on access and trunk ports only.
pany has implemented 802.1X authentication as a security enhancement.
Which statement is true about 802.1x port-based authentication?()
A. TACACS+ is the only supported authentication server type.
B. If a host initiates the authentication process and does not receive a response, it assumes it is not authorized.
C. RADIUS is the only supported authentication server type.
D. Before transmitting data, an 802.1x host must determine the authorization state of the switch.
E. Hosts are required to havea 802.1x authentication client or utilize PPPoE.
F. None of the other alternatives apply.
Refer to the exhibit.
How will interface FastEthernnet0/1 respond when an 802.1x-enabled client connects to the port? ()
A. The switch will uniquely authorize the client by using the client MAC address.
B. The switch will cause the port to remain in the unauthorized state, ignoring all attempts by the client to authenticate.
C. The switch port will disable 802.1x port-based authentication and cause the port to transition to the authorized state without any further authentication exchange.
D. The switch port will enable 802.1x port-based authentication and begin relaying authentication messages between the client and the authentication server.
An attacker is launching a DoS attack on the Company network using a hacking tool designed to exhaust the IP address space available from the DHCP servers for a period of time.
Which procedure would best defend against this type of attack? ()
A. Configure only trusted interfaces with root guard.
B. Implement private VLANs (PVLANs) to carry only user traffic.
C. Implement private VLANs (PVLANs) to carry only DHCP traffic.
D. Configure only untrusted interfaces with root guard.
E. Configure DHCP spoofing on all ports that connect untrusted clients.
F. Configure DHCP snooping only on ports that connect trusted DHCP servers.
G. None of the other alternatives apply
The Company is concerned about Layer 2 security threats.
Which statement is true about these threats? ()
A. MAC spoofing attacks allow an attacking device to receive frames intended for a different network host.
B. Port scanners are the most effective defense against dynamic ARP inspection.
C. MAC spoofing, in conjunction with ARP snooping, is the most effective counter-measure against reconnaissance attacks that use dynamic ARP inspection (DAI) to determine vulnerable attack points.
D. Dynamic ARP inspection in conjunction with ARP spoofing can be used to counter DHCP snooping attacks.
E. DHCP snooping sends unauthorized replies to DHCP queries.
F. ARP spoofing can be used to redirect traffic to counter dynamic ARP inspection.
G. None of the other alternatives apply.
最新試題
What must be the same to make multiple switches part of the same Multiple Spanning Tree (MST)?()
Examine the diagram. A network administrator has recently installed the above switched network using 3550s and would like to control the selection of the root bridge.Which switch should theadministrator configure as the root bridge and which configuration command must theadministrator enter to accomplish this?()
If G1/0/1 on DS1 is shutdown, what will be the current priority value of the Vlan105’s group on DS1 ?()
Refer to the exhibit. Switch 15 is configured as the root switch for VLAN 10 but not for VLAN 20. If the STP configuration is correct, what will be true about Switch 15?()
What will occur when a nonedge switch port that is configured for Rapid Spanning Tree does not receive a BPDU from its neighbor for three consecutive hello time intervals?()
Refer to the exhibit. What does the command channel-group 1 mode desirable do? ()
Refer to the exhibit. Initially, LinkA is connected and forwarding traffic. A new LinkB is then attached between SwitchA and HubA. Which two statements are true about the possible result of attaching the second link?()
Which statement is correct about RSTP port roles?()
What is the configured priority value of the Vlan105’s group on DS2 ?()
During routine maintenance, it became necessary to shutdown G1/0/1 on DS1 and DS2. All other interface were up. During this time, DS1 became the active device for Vlan104’s HSRP group. As related to Vlan104’s HSRP group. What can be done to make the group function properly ? ()