» Securing Local Area Networks

By | September 24, 2012

Ensurepass
Here you will find answers to Securing Local Area Networks Questions

Question 1

You suspect an attacker in your network has configured a rogue layer 2 device to intercept traffic from multiple VLANS, thereby allowing the attacker to capture potentially sensitive data. Which two methods will help to mitigate this type of activity? (Choose two)

A. Turn off all trunk ports and manually configure each VLAN as required on each port
B. Disable DTP on ports that require trunking
C. Secure the native VLAN, VLAN 1 with encryption
D. Set the native VLAN on the trunk ports to an unused VLAN
E. Place unused active ports in an unused VLAN

 

Answer: B D

Question 2

In an IEEE 802. lx deployment, between which two devices EAPOL messages typically are sent?

A. Between the RADIUS server and the authenticator
B. Between the authenticator and the authentication server
C. Between the supplicant and the authentication server
D. Between the supplicant and the authenticator

 

Answer: D

Explanation

On many networks, a PC sends a DHCP request to obtain an IP address for use on the network. However, with Cisco Identity-Based Networking Services (IBNS), an 802.1x-enabled PC initially sends an Extensible Authentication Protocol over LAN (EAPOL) request. The Cisco Catalyst switch connected to the PC sees the EAPOL request and responds to the PC with a challenge. The challenge asks the PC to provide credentials for network access, such as a valid username and password combination. The switch forwards these credentials to a RADIUS server for verification. Upon verification of the supplied credentials, the switch grants the PC access to the network.

In this question, the supplicant is the 802.1x-enabled PC and the authenticator is the secured switch.

 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.