- Home
- Networking
- CCNP Security 300-208
91.
What is Monitor Mode?
- A.R1 will always choose the Security SISAS through R22.
- B.Using the authentication open interface configuration command on 802.1X enabled interfaces
- C.A method for identifying which device would have failed authentication and correcting the root cause prior to it taking effect
- D.A method for alerting the administrator of failed authentications, so the end user may be called and manually granted network access
- Answer & Explanation
- Report
Answer : [C]
Explanation :
Explanation :
| Monitor Mode is a process, not just a command on a switch. The process is to enable authentication (with authentication open), see exactly what devices fail and which ones succeed, and correct the failed authentications before they cause any problems. |
92.
What is Low-Impact Mode?
- A.One of the two end states of authentication that limits access but still uses the authentication open interface configuration command
- B.One of the two end states of authentication that limits access but is less secure than closed mode
- C.A method to ensure authentications occur, but the authorizations are ignored, so as not to cause a denial of service
- D.A method for identifying which device would have failed authentication and correcting the root cause prior to it taking effect
- Answer & Explanation
- Report
Answer : [A]
Explanation :
Explanation :
| Low-Impact Mode uses authentication open, but adds security on top of the framework that was built in Monitor Mode. It uses a PACL on the switch port to permit critical traffic of certain endpoints, like thin-clients, to function prior to an attempted authentication. After the authentication, the authorization should provide specific access, unlike Monitor Mode, which is the same pre and post authentication. |
93.
What is the primary benefit of a phased deployment approach?
- A.It allows an endpoint to go through multiple phases of authentication prior to gaining network access, including dual-factor authentication.
- B.It permits you to use Cisco proprietary technology and therefore increase Cisco’s stock value.
- C.It enables additional security protocols to extend authentications, such as the use of smart cards.
- D.To ensure that a port, switch, or location is fully ready to be successful before enabling enforcement and specific authorization results.
- Answer & Explanation
- Report
Answer : [D]
Explanation :
Explanation :
| By using a phased deployment approach, you are able to start off in Monitor Mode and gradually transition into the end state of either Low-Impact Mode or Closed Mode. By doing so, you can avoid the denial of service that can often happen with 802.1X deployments. |
94.
True or False? The authentication open command performs EAP authentications but ignores
authorization results.
- A.True
- B.False
- Answer & Explanation
- Report
Answer : [A]
Explanation :
Explanation :
| authentication open will ignore RADIUS Access-Reject responses, but all other authorization results will be honored and enforced. |
95.
True of False? authentication open allows all traffic to pass through the switch port before the
authentication result is received from the AAA server.
- A.True
- B.False
- Answer & Explanation
- Report
Answer : [A]
Explanation :
Explanation :
| authentication open allows traffic to flow with our without an authentication. When an authorization result is sent back from the authentication server, the switch will ignore RADIUS Access-Reject responses, but all other authorization results will be honored and enforced. |
|
|
||||||||||||||||||||||||||||
