CCNP Secure FAQ Implementing and Configuring Basic 802.1X

ccnp-secure-faq-implementing-configuring-basic-802-1x

CCNP Secure FAQ Implementing and Configuring Basic 802.1X

Q1. Which of the following three components comprise Cisco 802.1X authentication?
A. Cisco IOS Software 802.1X authenticator
B. Cisco Secure ACS 4.2 Server
C. Cisco Secure Services Client wired 802.1X supplicant
D. Cisco MARS
E. Microsoft SQL Server

Answer: A, B, and C

Q2. Which 802.1X component is also known as the client?
A. Cisco IOS Software 802.1X authenticator
B. Cisco Secure ACS 4.2 Server
C. Cisco Secure Services Client wired 802.1X supplicant
D. Cisco MARS
E. The user

Answer: C

Q3. Which 802.1X component is the switch or router between the client and the AAA server?
A. Cisco IOS Software 802.1X authenticator
B. Cisco Secure ACS 4.2 Server
C. Cisco Secure Services Client wired 802.1X supplicant
D. Cisco MARS
E. The user

Answer: A

Q4. Which 802.1X component is also known as the AAA server?
A. Cisco IOS Software 802.1X authenticator
B. Cisco Secure ACS 4.2 Server
C. Cisco Secure Services Client wired 802.1X supplicant
D. Cisco MARS
E. The user

Answer: B

Q5. Which command adds a RADIUS server to an IOS device’s configuration?
A. router (config)# RADIUS server add
B. router (config)# aaa authentication server RADIUS
C. router (config-if)# ip aaa RADIUS host
D. router (config)# radius-server host

Answer: D

Q6. What UDP ports are used by Cisco as the default authentication and accounting ports?
A. 67 and 68
B. 1645 and 1646
C. 1812 and 1813
D. 20 and 21
E. None of the answers are correct.

Answer: B

Q7. What must the Shared Secret field on the Network Configuration screen in Cisco Secure ACS match?
A. The cryptographic key that was entered on the IOS-based switch when defining the RADIUS server

B. The IP address of the switch

C. The password that was entered for the user in the Protected Access Credential file

D. The passphrase used to encrypt data between the AAA server and the authenticator

E. The password entered on the supplicant

Answer: A

Q8. If the network between the supplicant and the AAA server is trusted, you can deploy user PAC files using which method?
A. Manually by importing a PAC file into each client’s supplicant.
B. Configure the switch to copy the PAC from its flash to the client.
C. Push the PAC to the user from the Windows Server Active Directory store.
D. Automatic (anonymous).

Answer: D

Q9. What is the tool used to create the CSSC configuration profile?
A. Cisco Secure ACS CSUtil command-line utility
B. dot1x test eapol-capable command
C. CSSC Management Utility
D. Cisco Security Device Manager

Answer: C

Q10. From where are the CSSC supplicant and the CSSC Management Utility obtained?
A. Included in the IOS image
B. Included in Microsoft Windows Operating Systems
C. Downloaded from Cisco.com
D. Obtain from a TAC engineer

Answer: C

Q11. _____ is an IEEE standard that provides a framework for authenticating and authorizing network devices connected to LAN ports and for preventing access in the event that the authentication fails.

Answer: 802.1X

Q12. Configuring _____ causes a period verification to take place, thus ensuring that the client is still connected and the port should remain in the authenticated state.

Answer: reauthentication

Q13. Enable 802.1X globally on the switch with the _____ global command.

Answer: dot1x system-auth-control

Q14. Verify the operational status of the 802.1X configuration on your device by using the _____ command.

Answer: show dot1x

Q15. _____ can be used to restrict 802.1X users to only access the network from a certain network address space.

Answer: Network Access Restrictions (NAR)

Q16. The Cisco IOS Software _____ command can be used to verify that the 802.1X authentication is functioning properly.

Answer: dot1x test eapol-capable

More Resources

About the author

Scott

Leave a Comment