- Home
- Networking
- CCNP Security 300-208
16.
True or False? To allow endpoints without configured supplicants to connect to a network
where IEEE 802.1X has been enabled, the administrator must disable 802.1X on the endpoints’
switch port.
- A.True
- B.False
- Answer & Explanation
- Report
Answer : [B]
Explanation :
Explanation :
| The available options for nonauthenticating endpoints are MAC Authentication Bypass (MAB) and Web Authentication (WebAuth). |
17.
Which of the following is true?
- A.With nonauthenticating endpoints, the authenticator takes over the EAP communication instead of the endpoint.
- B.With nonauthenticating endpoints, the authenticator can be configured to send the MAC address of the endpoint to the authentication server in a RADIUS Access-Request message.
- C.The endpoint’s supplicant uses RADIUS to communicate the endpoint’s MAC address to the authentication server.
- D.The authenticator can use TACACS+ to send the endpoint’s MAC address to the authentication server.
- Answer & Explanation
- Report
Answer : [B]
Explanation :
Explanation :
| With nonauthenticating endpoints, the authenticator (a switch, for example) can be configured to send the MAC address of the endpoint to the authentication server in a RADIUS Access-Request message. This process is known as MAC authentication bypass (MAB). |
18.
Which of following is an accurate statement when using MAC authentication bypass (MAB)?
- A.An administrator is limited in the types of authorization results that can be sent and is restricted to a simple Permit-All or Deny-All result.
- B.An administrator can assign all authorization results, except for VLAN assignment.
- C.An administrator can assign all authorization results, except for security group tags (SGTs).
- D.An administrator is not limited in the types of authorization results that can be sent, which can include dACL, VLAN Assignment, SGT, and others.
- Answer & Explanation
- Report
Answer : [D]
Explanation :
Explanation :
| With MAB, it is not recommended to use VLAN assignment, but MAB authorizations do not limit the authorization results. |
19.
True or False? With centralized web authentication (CWA), ISE sends the username and
password to the authenticator.
- A.True
- B.False
- Answer & Explanation
- Report
Answer : [B]
Explanation :
Explanation :
| With CWA, the authenticator only recognizes a MAB, and ISE maintains administrative control of the entire session and the tracking of the user ’s credentials. |
20.
Which of following accurately describes local web authentication (LWA)?
- A.With LWA, the authenticator redirects the end user ’s web traffic to a centralized portal hosted on the authentication server, which is then returned to the local device (authenticator).
- B.With LWA, the authenticator hosts a local web portal, which is coded to send an HTTP POST to the authentication server containing the credentials of the end user. The authentication server returns an HTTP POST with the Access-Accept or Access-Reject.
- C.With LWA, the authenticator receives the credentials from the end user through a locally hosted web portal, and it is the authenticator that sends the credentials to the authentication server through a RADIUS Access-Request.
- D.With LWA, the authenticator receives the credentials from the end user through a locally hosted web portal, and the authenticator sends the credentials to the authentication server through a TACACS+ Access-Request.
- Answer & Explanation
- Report
Answer : [C]
Explanation :
Explanation :
| With LWA, the web portal is hosted within the authenticator, the end user enters her credentials into the web portal and the authenticator sends those credentials inside a RADIUS Access-Request message to the authentication server. The authentication server returns the Access-Accept or Access-Reject along with the full response. are F. |
|
|
||||||||||||||||||||||||||||
