Tag Archives: 802.1x

An administrator is adding a switch to a network that is running Cisco ISE and is only for IP Phones. The phones do not have the ability to authenticate via 802.1X. Which command is needed on each switch port for authentication?

A. dot1x system-auth-control B. enable bypass-MAC C. enable network-authentication D. mab Answer: Option D. Explanation: No answer description available for this question Show AnswerDiscussion The post An administrator is adding a switch to a network that is running Cisco ISE and is only for IP Phones. The phones do not have the ability to authenticate via 802.1X. <br>Which… Read More »

An engineer is implementing Cisco ISE and needs to configure 802.1X. The port settings are configured for port-based authentication. Which command should be used to complete this configuration?

A. aaa authentication dot1x default group radius B. dot1x system-auth-control C. authentication port-control auto D. dot1x pae authenticator Answer: Option B. Explanation: No answer description available for this question Show AnswerDiscussion The post An engineer is implementing Cisco ISE and needs to configure 802.1X. The port settings are configured for port-based authentication.<br> Which command should be used to… Read More »

An engineer is configuring 802.1X and wants it to be transparent from the users’ point of view. The implementation should provide open authentication on the switch ports while providing strong levels of security for non-authenticated devices. Which deployment mode should be used to achieve this?

A. closed B. high-impact C. low-impact D. open Answer: Option C. Explanation: Reference: https://community.cisco.com/t5/security-documents/ise-secure-wired-access-prescriptivedeployment-guide/ta- p/3641515 Show AnswerDiscussion The post An engineer is configuring 802.1X and wants it to be transparent from the users’ point of view. The implementation should provide open authentication on the switch ports while providing strong levels of security for non-authenticated devices.<br> Which deployment mode… Read More »

A network administrator must configure endpoints using an 802.1X authentication method with EAP identity certificates that are provided by the Cisco ISE. When the endpoint presents the identity certificate to Cisco ISE to validate the certificate, endpoints must be authorized to connect to the network. Which EAP type must be configured by the network administrator to complete this task?

A. EAP-TTLS B. EAP-TLS C. EAP-FAST D. EAP-PEAP-MSCHAPv2 Answer: Option B. Explanation: Reference: https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/214975configure-eap-tls- authentication-with-is.html Show AnswerDiscussion The post A network administrator must configure endpoints using an 802.1X authentication method with EAP identity certificates that are provided by the Cisco ISE. When the endpoint presents the identity certificate to Cisco ISE to validate the certificate, endpoints must be… Read More »

An organization wants to standardize the 802.1X configuration on their switches and remove static ACLs on the switch ports while allowing Cisco ISE to communicate to the switch what access to provide. What must be configured to accomplish this task?

A. dynamic access list within the authorization profile B. extended access-list on the switch for the client C. security group tag within the authorization policy D. port security on the switch based on the client’s information Answer: Option C. Explanation: No answer description available for this question Show AnswerDiscussion The post An organization wants to standardize the 802.1X… Read More »

A network security engineer needs to configure 802.1X port authentication to allow a single host to be authenticated for data and another single host to be authenticated for voice. Which command should the engineer run on the interface to accomplish this goal?

A. authentication host-mode multi-domain B. authentication host-mode single-host C. authentication host-mode multi-auth D. authentication host-mode multi-host Answer: Option A. Explanation: Reference: https://www.pearsonitcertification.com/articles/article.aspx?p=1762597 Show AnswerDiscussion The post A network security engineer needs to configure 802.1X port authentication to allow a single host to be authenticated for data and another single host to be authenticated for voice.<br> Which command should… Read More »

An organization wants to implement 802.1X and is debating whether to use PEAP-MSCHAPv2 or PEAP-EAP-TLS for authentication. Drag the characteristics on the left to the corresponding protocol on the right Select and Place:

An organization wants to implement 802.1X and is debating whether to use PEAP-MSCHAPv2 or PEAP-EAP-TLS for authentication. Drag the characteristics on the left to the corresponding protocol on the right Select and Place: Answer: Explanation: No answer description available for this question Show AnswerDiscussion The post An organization wants to implement 802.1X and is debating whether to use… Read More »

An administrator is configuring a switch port for use with 802.1X. What must be done so that the port will allow voice and multiple data endpoints?

A. Connect a hub to the switch port to allow multiple devices access after authentication. B. Configure the port with the authentication host-mode multi-auth command. C. Connect the data devices to the port, then attach the phone behind them. D. Use the command authentication host-mode multi-domain on the port. Answer: Option B. Explanation: Reference: https://networklessons.com/cisco/ccie-routing-switching-written/mac-authentication-bypass-mab Show AnswerDiscussion The… Read More »

An administrator is troubleshooting an endpoint that is supposed to bypass 802.1X and use MAB. The endpoint is bypassing 802.1X and successfully getting network access using MAB, however the endpoint cannot communicate because it cannot obtain an IP address. What is the problem?

A. The endpoint is using the wrong protocol to authenticate with Cisco ISE. B. The 802.1X timeout period is too long. C. The DHCP probe for Cisco ISE is not working as expected. D. An ACL on the port is blocking HTTP traffic. Answer: Option B. Explanation: No answer description available for this question Show AnswerDiscussion The post… Read More »

Drag the descriptions on the left onto the components of 802.1X on the right.

Drag the descriptions on the left onto the components of 802.1X on the right. Select and Place: Answer: Explanation: Authenticator – device that controls physical access to the network based on the authentication status Supplicant – software on the endpoint that communicates with EAP at layer 2 Authentication server – device that validates the identity of the endpoint… Read More »