- Home
- Networking
- CCNP Security 300-208
21.
A RADIUS change of authorization enables an authentication server to do which of the following?
- A.Escalate an administrative user ’s access level within the server ’s administration portal
- B.Grant context appropriate network access after initial access has previously been granted
- C.Gain root-level access of all network devices
- D.Take over the world
- Answer & Explanation
- Report
Answer : [B]
Explanation :
Explanation :
| A RADIUS CoA allows an authentication server to trigger a reauthorization. This provides an opportunity for the server to update a user ’s level of network access as the server learns additional information about an endpoint, such as endpoint posture information. |
22.
Three possible options for change of authorization actions are which of the following?
- A.IKEv1, IKEv2, SSL
- B.HTTP, FTP, Telnet
- C.No COA, Port Bounce, Reauth
- D.User mode, privileged mode, configuration mode
- Answer & Explanation
- Report
Answer : [C]
Explanation :
Explanation :
| In a situation where a CoA is warranted, an authentication server can perform a number of actions: No COA (that is, do nothing), Port Bounce (i.e. shut/no shut the relevant access “port”), or Reauth (that is, force the endpoint to reauthenticate in cases where multiple endpoints are present on a single access medium.). Supported CoA actions can vary depending on the selected authentication server. |
23.
MAC Authentication Bypass is a process by which a device does which of the following?
- A.Bypasses all authentication and authorization processes by using a supplicant
- B.Authenticates with an X.509 certificate to establish a secure tunnel with the network
- C.Authenticates without a 802.1X supplicant on the endpoint by using its MAC address as the RADIUS identity
- D.Hides its MAC address from being discovered on the network
- Answer & Explanation
- Report
Answer : [C]
Explanation :
Explanation :
| Those devices that don’t have an 802.1X supplicant available use MAC Authentication Bypass. Without the supplicant, the device does not recognize EAP messages and, therefore, EAP authentication techniques are NOT available. In the absence of EAP, the device will use its MAC address as its unique identifier to authenticate to the network. |
24.
A MAC address is six octets in length, of which the first three octets are which of the
following?
- A.A duplicate of the IP address subnet in hexadecimal format
- B.Always the same across all network devices
- C.Assigned dynamically upon connection to the network
- D.An organizationally unique identifier (OUI) that indicates the device’s vendor
- E.All F’s—that is, FF:FF:FF
- Answer & Explanation
- Report
Answer : [D]
Explanation :
Explanation :
| The first three octets of a MAC address are the organizationally unique identifier (OUI). This OUI indicates which vendor manufactured the device. This can be useful, at times, to also indicate the function of the device—for instance, an IP phone or printer. |
25.
Which devices often lack an 802.1X supplicant?
- A.Printers
- B.Laptops
- C.Cell phones
- D.All of the above
- Answer & Explanation
- Report
Answer : [A]
Explanation :
Explanation :
| Often, the “dumb” network devices are those that lack 802.1X supplicants. From this list, a printer would be the most common device to lack 802.1X support. Other examples would include an IP phone, IP cameras, and badge readers, amongst others. |
|
|
||||||||||||||||||||||||||||
