Introduction to 802.1X Operations for Cisco Security Professionals Exam v7.0 (650-472)

Page:    1 / 5   
Total 69 questions

Which two NADs does NOT support RADIUS Change of Authorization requests?(Choose two.)

  • A. Cisco Catalyst 3750 switches
  • B. Cisco Adaptive Security Appliances
  • C. Unmanaged switches and hubs
  • D. Cisco Wireless LAN Controllers


Answer : B,C

Which two choices are drivers of IEEE 802.1X adoption? (Choose two.)

  • A. Guest networks
  • B. Heterogeneous Networks
  • C. Pervasive Wireless Deployments
  • D. Unprotected switch ports
  • E. Limited 802.1X standard functionality


Answer : A,C

Which module is NOT a valid component of Cisco AnyConnect Secure Mobility Client for
Windows?

  • A. VPN Module
  • B. Profiling Module
  • C. Network Access Manager
  • D. Telemetry Module


Answer : B

Explanation:
These are the VPN modules in Cisco Anyconnect client:

Network Access Manager -

Posture Module -

Telemetry Module -

WebSecurity Module -

EAP was original created for which network type?

  • A. Point-to-Point Protocol
  • B. Local Area Network
  • C. Wide Area Network
  • D. Wireless Local Area Network


Answer : A

Reference:http://www.cisco.com/en/US/docs/wireless/wlan_adapter/cb21ag/user/vista/1.0/ configuration/guide/eap_types.html

What is the Cisco Catalyst Switch default port used for CoA?

  • A. UDP 3799
  • B. UDP 1812
  • C. UDP 1645
  • D. UDP 1700


Answer : A

Reference:http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_sw_cnfg.ht ml
Note: If using ISE then the port will be 1700 and if using ACS then it will be 3799
(according to RFC 3799 is the default port for CoA).

Which of the following RADIUS attribute is vendor specific and enables vendors to easily extend the protocol functionality?

  • A. 1
  • B. 2
  • C. 5
  • D. 26
  • E. 64


Answer : D

Reference:http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfrdat1. html

Which of the following is true about PEAP?

  • A. PEAP was created as an alternative to EAP-FAST
  • B. PEAP is limited to MS-CHAP to authenticate the supplicant
  • C. PEAP authentication operates in two phases
  • D. PEAP only requires a client-side certificate


Answer : C

Reference:http://www.cisco.com/en/US/prod/collateral/wireless/ps5678/ps430/prod_qas09
00aecd801764fa.html

Which Cisco Catalyst Switch command enables 802.1X authentication globally?

  • A. authentication priority dot1x mab
  • B. authentication order dot1x mab
  • C. dot1x pae authenticator
  • D. dot1x system-auth-control
  • E. aaa new-model


Answer : D

Reference:http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12
.1_19_ea1/configuration/guide/Sw8021x.html

Which two Cisco Catalyst switch commands are required for URL-redirection? (Choose two.)

  • A. 3k-access(config-if)# authentication webauth
  • B. 3k-access(config-if)# authentication dot1x webauth
  • C. 3k-access(config-if)# ip http secure-server
  • D. 3k-access(config-if)# authentication order dot1x webauth
  • E. 3k-access(config-if)# ip http server
  • F. 3k-access(config-if)# dot1x priority webauth


Answer : C,E

Page:    1 / 5   
Total 69 questions