Tweet
CCNA Security: Securing Local Area Networks
Question 1
You suspect an attacker in your network has configured a rogue layer 2 device to intercept traffic from multiple VLANS, thereby allowing the attacker to capture potentially sensitive data. Which two methods will help to mitigate this type of activity? (Choose two)
A. Turn off all trunk ports and manually configure each VLAN as required on each port
B. Disable DTP on ports that require trunking
C. Secure the native VLAN, VLAN 1 with encryption
D. Set the native VLAN on the trunk ports to an unused VLAN
E. Place unused active ports in an unused VLAN
Answer: B D
Question 2
In an IEEE 802. lx deployment, between which two devices EAPOL messages typically are sent?
A. Between the RADIUS server and the authenticator
B. Between the authenticator and the authentication server
C. Between the supplicant and the authentication server
D. Between the supplicant and the authenticator
Answer: D
Explanation
On many networks, a PC sends a DHCP request to obtain an IP address for use on the network. However, with Cisco Identity-Based Networking Services (IBNS), an 802.1x-enabled PC initially sends an Extensible Authentication Protocol over LAN (EAPOL) request. The Cisco Catalyst switch connected to the PC sees the EAPOL request and responds to the PC with a challenge. The challenge asks the PC to provide credentials for network access, such as a valid username and password combination. The switch forwards these credentials to a RADIUS server for verification. Upon verification of the supplied credentials, the switch grants the PC access to the network.
In this question, the supplicant is the 802.1x-enabled PC and the authenticator is the secured switch.
You suspect an attacker in your network has configured a rogue layer 2 device to intercept traffic from multiple VLANS, thereby allowing the attacker to capture potentially sensitive data. Which two methods will help to mitigate this type of activity? (Choose two)
A. Turn off all trunk ports and manually configure each VLAN as required on each port
B. Disable DTP on ports that require trunking
C. Secure the native VLAN, VLAN 1 with encryption
D. Set the native VLAN on the trunk ports to an unused VLAN
E. Place unused active ports in an unused VLAN
Answer: B D
Question 2
In an IEEE 802. lx deployment, between which two devices EAPOL messages typically are sent?
A. Between the RADIUS server and the authenticator
B. Between the authenticator and the authentication server
C. Between the supplicant and the authentication server
D. Between the supplicant and the authenticator
Answer: D
Explanation
On many networks, a PC sends a DHCP request to obtain an IP address for use on the network. However, with Cisco Identity-Based Networking Services (IBNS), an 802.1x-enabled PC initially sends an Extensible Authentication Protocol over LAN (EAPOL) request. The Cisco Catalyst switch connected to the PC sees the EAPOL request and responds to the PC with a challenge. The challenge asks the PC to provide credentials for network access, such as a valid username and password combination. The switch forwards these credentials to a RADIUS server for verification. Upon verification of the supplied credentials, the switch grants the PC access to the network.
In this question, the supplicant is the 802.1x-enabled PC and the authenticator is the secured switch.