Introduction to 802.1X Operations for Cisco Security Professionals Exam v7.0 (650-472)

Page:    1 / 5   
Total 72 questions

The information security policy of your organization requires that ports should remain administratively Up. Which selection represents the best practice for an 802.1X-enabled port that is configured to allow only one host to authenticate on the port?

  • A. The 3k-access(config-if)# authentication violation shutdown command can be used to prevent a second MAC address from authenticating on the port.
  • B. The 3k-access(config-if)# authentication violation restrict command can be used to prevent any MAC address from authenticating on the port.
  • C. The 3k-access(config-if)# authentication violation ignore command can be used to prevent any MAC address from authenticating on the port.
  • D. The 3k-access(config-if)# authentication violation shutdown command can be used to prevent a second MAC address from authenticating on the port.


Answer : B

Which three statements about hosts moving from port to port on the same switch that is configured for 802.1X are true? (Choose three.)

  • A. Cisco IP phones send a RADIUS packet with Cisco-av-pair UCPort= Disco to signal to the Cisco Catalyst switch that the tethered PC has disconnected.
  • B. The 3k-access(config-if)# authentication violation replace command can be used to allow a new host to authenticate to an IP phone that is not manufactured by Cisco.
  • C. The 3k-access(config-if)# authentication violation replace command can be used to allow a host to disconnect from an IP phone that is not manufactured by Cisco and authenticate on a different port on the same switch.
  • D. The 3k-access(config)# authentication mac-move permit command can be used to allow a new host to authenticate to an IP phone that is not manufactured by Cisco Cisco IP phones use Cisco Discovery Protocol to signal to the Cisco Catalyst switch that the tethered PC has disconnected.
  • E. The 3k-access(config)# authentication mac-move permit command can be used to allow a host to disconnect from an IP phone that is not manufactured by Cisco and authenticate on a different port on the same switch.


Answer : A,B,E

What must be configured on a Microsoft Windows 7 host to enable the Microsoft 802.1X supplicant for wired networks?

  • A. Wired 802.1X support requires installation of Windows 7 Service Pack JL
  • B. The 802.1X supplicant in the Authentication tab of interface Properties must be enabled.
  • C. The host must acquire its IP address from DHCP.
  • D. The Microsoft Wired AutoConfig service must be started.
  • E. 802.1X must be enabled in BIOS.
  • F. On systems running Intel 82566 Ethernet controllers, Intel driver vl6.1 or higher is required to enable 802.1X support


Answer : D

Which three selections are valid model numbers for Cisco ISE hardware appliances?
(Choose three)

  • A. Cisco ISE 3355
  • B. Cisco ISE 3315
  • C. Cisco ISE 3390
  • D. Cisco ISE 3350
  • E. Cisco ISE 3395
  • F. Cisco ISE 3310


Answer : A,B,E

What is the purpose of the ip device-tracking command on a Cisco Catalyst switch?

  • A. enables DHCP snooping, which creates a trusted binding table of MAC and IP addresses required by WebAuth
  • B. enables the local DCHP proxy service required by WebAuth
  • C. enables Dynamic ARP Inspection on an interface required by WebAuth
  • D. enables ICMP probes to discover new hosts and add them to the tracking table required by WebAuth
  • E. globally enables Dynamic ARP Inspection required by WebAuth
  • F. enables ARP probes to discover new hosts and add them to the tracking table required by WebAuth
  • G. enables port security required by WebAuth


Answer : D

Which two choices are valid components of a Cisco TrustSec wireless infrastructure solution? (Choose two.)

  • A. 802.11 supplicant
  • B. autonomous access point
  • C. lightweight access point
  • D. wired LAN controller
  • E. wireless repeater
  • F. wireless LAN controller


Answer : C,F

Which section of the 802.1X standard cites other 802 standards needed to Wry understand the scope of 802.1X?

  • A. Section 3 - Definitions
  • B. Section 2 - Normative References
  • C. Section 5 - Acronyms and Abbreviations
  • D. Section 4 - Normative Definitions
  • E. Section 6 - Conformance


Answer : B

Which section of the 802.1X standard includes use cases?

  • A. Section 4 - Acronyms and Abbreviations
  • B. Section 7 - Port-Based Network Access Control Applications
  • C. Section 2 - Normative References
  • D. Section 6 - Principles of Port-Based Network Access Control Operation
  • E. Section 3 - Definitions


Answer : B

Which two statements are true regarding communication from the authenticator to the authentication server (Cisco ISE)? (Choose two.)

  • A. EAP messages are sent encapsulated in RADIUS protocol over UDP port 1645.
  • B. EAP messages are sent encapsulated in RADIUS protocol over UDP port 1812.
  • C. EAP messages are sent to the RADIUS server over UDP port 1812.
  • D. EAP messages are sent to the RADIUS server over UDP port 1646.
  • E. EAP messages are sent encapsulated in RADIUS protocol over UDP port 1646.
  • F. EAP messages are sent to the RADIUS server over UDP port 1645.


Answer : A,B

Which four selections below describe valid Cisco ISE Personas? (Choose four.)

  • A. Cisco ISC
  • B. Standalone
  • C. Administrative
  • D. Centralized
  • E. Inline Posture
  • F. Policy Services
  • G. Monitoring
  • H. Distributed


Answer : C,E,F,G

Which statement is true regarding the initiation of an 802.1X authentication exchange?

  • A. EAPOL-Start is always initiated by the supplicant.
  • B. EAPOL-Start can be initiated by the supplicant or the authenticator.
  • C. EAPOL-Start is never initiated by the supplicant
  • D. EAPOL-Start is always initiated by the authenticator.
  • E. EAPOL-Start is never initiated by the authenticator.


Answer : A

Which protocol used to communicate between the authenticator and authentication server?

  • A. RADIUS
  • B. EAP-FAST
  • C. EAPOL
  • D. EAP-TLS
  • E. PEAP


Answer : A

Which two choices are drivers of IEEE 802.1X adoption? (Choose two.)

  • A. wireless routers
  • B. guest networks
  • C. Wired Equivalent Privacy insecurity
  • D. Wireless Encryption Protocol insecurity
  • E. open switch ports


Answer : B,E

Which EAP method requires a digital certificate on the client?

  • A. P1AP-MD5
  • B. LEAP
  • C. EAP-GTC
  • D. PEAP
  • E. EAP-TLS
  • F. EAP-MOS
  • G. EAP-FAST


Answer : E

Which two elements must you configure on a Cisco Wireless LAN Controller to allow Cisco
ISE to authenticate wireless users? (Choose two.)

  • A. Configure each WLAN to use the configured Cisco ISE node.
  • B. Configure all attached LWAPs to use the configured Cisco ISE node.
  • C. Configure the WLC to join a Microsoft Active Directory domain.
  • D. Configure Cisco ISE as a RADIUS accounting server and shared secret.
  • E. Configure Cisco ISE as a RADIUS authentication server and shared secret.
  • F. Configure RADIUS attributes for each SSID.


Answer : A,E

Page:    1 / 5   
Total 72 questions