Config Router

  • Google Sheets
  • CCNA Online training
    • CCNA
  • CISCO Lab Guides
    • CCNA Security Lab Manual With Solutions
    • CCNP Route Lab Manual with Solutions
    • CCNP Switch Lab Manual with Solutions
  • Juniper
  • Linux
  • DevOps Tutorials
  • Python Array
You are here: Home / Cisco / CCNP Security FAQ: EAP Over LAN

CCNP Security FAQ: EAP Over LAN

June 16, 2021 by James Palmer

CCNP Security FAQ: EAP Over LAN (Also Known As 802.1X)


Figure: Components of 802.1X.

Q1. Which of the following is true?
a. The authenticator decides whether the supplicant is allowed on the network.
b. The EAP communication occurs between the supplicant and the authentication server.
c. The supplicant uses RADIUS to communicate the user’s identity to the authentication server.
d. The authenticator uses EAP to send the user’s credentials to the authentication server.

Answer: B. EAP communication occurs between the supplicant and the authentication server. The authenticator acts as a middleman and encapsulates the unmodified EAP frames within the RADIUS communication to the authentication server.

Q2. Which supplicant(s) is capable of EAP chaining?
a. Windows Native Supplicant
b. Cisco AnyConnect NAM
c. Cisco Secure Services Client (CSSC)
d. Odyssey Client

Answer: B. Only Cisco AnyConnect NAM 3.1 and newer are capable of running EAP chaining as of the date this book was published.

Q3. What is the purpose of an outer identity?
a. The outer identity is used for dual-factor authentications such as a username/password combined with a one-time password (OTP).
b. The outer identity provides a mechanism to modify the actual identity of the end user or device to allow for identity spoofing.
c. The outer identity provides a mechanism to authenticate the identity of the endpoint during the tunnel establishment phase.
d. The outer identity represents the machine, whereas the inner identity represents the user during EAP chaining.

Answer: C. The outer identity provides a mechanism to authenticate the identity of the endpoint during the tunnel establishment phase.

Q4. True or False? IEEE 802.1X may use TACACS+ to communicate the EAP identity to the authentication server.
a. True
b. False

Answer: B. IEEE 802.1X must use RADIUS or DIAMETER. Note: DIAMETER is out of scope of the exam blueprint.

Q5. True or False? The supplicant is required to trust the certificate of the authentication server before it will form the TLS tunnel within which the EAP transaction will occur.
a. True
b. False

Answer: B. Supplicants have the option to not authenticate the server certificate. Additionally, EAP-FAST offers the ability to use PAC files instead of certificates for tunnel establishment.

Q6. What is the name of the “secure cookie” used with EAP-FAST that can be used in lieu of a certificate, or even in addition to a certificate?
a. Protected password file (PPF)
b. Shadow credential file (SCF)
c. Private authorization credential (PAC)
d. Protected access credential (PAC)

Answer: D. Protected access credentials (PACs) are a type of “secure cookie” that can be used instead of or in addition to a certificate.

Q7. True or False? MSCHAPv2 may be used to perform machine authentication with an LDAP connection to Active Directory.
a. True
b. False

Answer: B. MSCHAPv2 may be used for user authentication against LDAP, but not machine authentication.

Q8. True or False? A machine authentication may use EAP-FAST.
a. True
b. False

Answer: A. The actual tunnel mechanism is unrelated to the ability to do a machine authentication. The requirement is simply that it must be EAP-MSCHAPv2 for the authentication method.

Q9. What are the three main components of IEEE 802.1X?
a. Agent, broker, authentication server
b. Supplicant, authorizer, authorization server
c. Authentication server, supplicant, authenticator
d. EAP, RADIUS, TLS

Answer: C. The three main components of 802.X are the authentication server, supplicant, and authenticator.

Q10. True or False? A tunneled EAP type is able to use native EAP types as its inner method.
a. True
b. False

Answer: A. A tunneled EAP type is able to use native EAP types as its inner method.

More Resources

  • CCNP Security FAQ
  • CCNP Security VPN FAQ
  • CCNP Secure IPS FAQ
  • CCNA Security FAQ
  • Network Security FAQ
  • CCNA Exam Answers Cisco Learning Network
  • CCNA Frequently Asked Questions
  • CCNA Exam Questions with Explanation
  • CCNA Cyber Ops FAQ

Related

Filed Under: Cisco Tagged With: CCNP, CCNP Security, CCNP Security FAQ, CCNP Security FAQ: EAP Over LAN

Recent Posts

  • How do I give user access to Jenkins?
  • What is docker volume command?
  • What is the date format in Unix?
  • What is the difference between ARG and ENV Docker?
  • What is rsync command Linux?
  • How to Add Music to Snapchat 2021 Android? | How to Search, Add, Share Songs on Snapchat Story?
  • How to Enable Snapchat Notifications for Android & iPhone? | Steps to Turn on Snapchat Bitmoji Notification
  • Easy Methods to Fix Snapchat Camera Not Working Black Screen Issue | Reasons & Troubleshooting Tips to Solve Snapchat Camera Problems
  • Detailed Procedure for How to Update Snapchat on iOS 14 for Free
  • What is Snapchat Spotlight Feature? How to Make a Spotlight on Snapchat?
  • Snapchat Hack Tutorial 2021: Can I hack a Snapchat Account without them knowing?

Copyright © 2025 · News Pro Theme on Genesis Framework · WordPress · Log in