Config Router

You are here: Home / Cisco / CCNP Secure FAQ 802.1X and Cisco Identity-Based Networking Services (IBNS)

CCNP Secure FAQ 802.1X and Cisco Identity-Based Networking Services (IBNS)

by

CCNP Secure FAQ 802.1X and Cisco Identity-Based Networking Services (IBNS)

Q1. Which of the following is a framework defined by the IEEE 802.1 working group that provides a standard link layer protocol for port-based access control and authentication?
A. 802.1q
B. 802.11b
C. 802.1x
D. 802.1w

Answer: C

Q2. What are the three roles the IEEE 802.1x framework defines in the authentication process?
A. Authentication server
B. Administrator
C. Authenticator
D. Supplicant
E. Client
F. Object

Answer: A, C, and D

Q3. Prior to the client authentication, which protocols are allowed to pass through a port? (Select three.)
A. EAPOL
B. RADIUS
C. CDP
D. TACACS+
E. SNMP
F. Spanning Tree Protocol (STP)

Answer: A, C, and F

Q4. Which of the following are valid IBNS deployment modes?
A. Monitor Mode
B. High-Security Mode
C. Low-Security Mode
D. Unlocked Mode
E. Low-Impact Mode

Answer: A, B, and E

Q5. Which of the following are valid EAP packet types?
A. EAPOL-Alert
B. EAPOL-Start
C. EAPOL-Logoff
D. EAPOL-Private
E. EAP-Packet

Answer: B, C, and E

Q6. Which of the following are valid configurable 802.1x port states?
A. Auto
B. Unauthorized
C. Forced-Authorized
D. Authorized
E. Forced-Unauthorized

Answer: A, C, and E

Q7. Which of the following port authentication host modes allows a single data and single voice host to be authenticated?
A. Single-Host
B. Multi-Host
C. Multi-Domain
D. Multi-Auth
E. Open

Answer: C

Q8. Which of the following is the correct Ethernet type value used with EAPOL?
A. 88:8E
B. 08:00
C. 88:E5
D. 86:DD
E. 88:08

Answer: A

Q9. Which field in the EAP frame format is 1 octet and aids in matching responses with requests?
A. Code
B. Identifier
C. Length
D. Data

Answer: B

Q10. Which of the following EAP types utilizes tunnels to encapsulate EAP traffic?
A. PEAP
B. EAP-TLS
C. EAP-TTLS
D. EAP-FAST

Answer: A, C, and D

Q11. The _____deployment mode reduces known issues with other protocols’ timeouts and networked services.

Answer: Low-Impact

Q12. The _____ feature provides the ability for a host without 802.1x support to gain full network access.

Answer: MAC Authentication Bypass (MAB)

Q13. The _____ feature provides the ability for a host to gain some network access even after failing authentication.

Answer: Restricted VLAN

Q14. When implementing 802.1x, the _____ is the entity that validates the identity of the requesting host.

Answer: authentication server

Q15. The _____ and _____ protocols are not supported by 802.1x natively without external tunneling support.

Answer:PAP, CHAP

Q16. In a LAN environment, the _____ protocol is used to transport EAP traffic.

Answer: EAPOL

Q17. When the supplicant initiates the 802.1x connection, it sends an _____ frame to start the connection.

Answer: EAPOL-Start

Q18. When using EAP-MD5, a _____ is sent in lieu of a password on the network.

Answer: hash

Q19. The _____ is relied on by EAP-FAST to help establish tunneling.

Answer: Protected Access Credential (PAC)

Q20. When using EAPOL, the PAE group address is always set to _____.

Answer: 01:80:C2:00:00:03

More Resources