Professional Documents
Culture Documents
Network Security Final Exam
Network Security Final Exam
command?
d. The switch can send periodic RADIUS Access-Requests to the AAA servers to verify whether
they are still alive. The username and password will be used for that test.
Which of the following are TACACS+ messages sent from the AAA client to the AAA server?
(Select all that apply.)
b. START
d. Flex-Auth
True or False? The supplicant is required to trust the certificate of the authentication server
before it will form the TLS tunnel within which the EAP transaction will occur.
b. False
True or False? IEEE 802.1X may use TACACS+ to communicate the EAP identity to the
authentication server.
a. False
What is the name of the “secure cookie” used with EAP-FAST that can be used in lieu of a
certificate, or even in addition to a certificate?
b. True
Which of the following is true?
c. The EAP communication occurs between the supplicant and theauthentication server.
Which of the following protocols is best suited for granular command level control with device
administration AAA?
a. TACACS+
Which of the following Cisco products should be used for device administration with TACACS+?
Which of the following protocols is best suited for authenticating and authorizing a user for network
access AAA?
d. RADIUS
d. The certainty value must equal or exceed the minimum certainty value of the profile.
Which command on a Cisco switch will display the current status of the AAA server(s)?
What will happen when an ISE administrator has modified a profile and then a Feed Service update is
downloaded that contains an updated version of that profile?
a. All nonconflicting profiles will be downloaded and installed. The conflicting profiles will be ignored.
d. When communicating with an AAA protocol, the AV-pair stipulates a common attribute or object and
its assigned value.
Which of the following best describes the difference between authentication and authorization?
c. Authentication validates the user’s identity, whereas authorization determines what that user is
permitted to do.
True or False? ISE deployments must wait for Feed Service updates for new profiles.
a. False
Which of the following are types of AAA as related to the topics of this exam?
c. Network access
e. Device administration
Which ISE tool enables an administrator to drill down in to the profiles that have been assigned to locate
a specific endpoint with that profile?
c. Endpoints Drill-down
When configuring a Cisco Wireless LAN Controller (WLC) for communication with ISE, what must be
configured for the wireless LAN (WLAN)? (Choose two.)
Which command will validate that authentications are being attempted, which authentications are
successful, and which authorization results have been assigned?
True or False? Cisco switches should be configured in production to send syslog messages to the ISE
MNT node.
b. False
When using RADIUS, what tells the AAA server which type of action is being authenticated?
a. True
Name three ways in which an endpoint profile can be used in an authorization policy rule?
a. Logical profiles
c. EndPointPolicy attribute
Which host mode will permit a virtually unlimited number of endpoints per port, allowing all subsequent
MAC addresses to share the authorization result of the first endpoint authorized?
a. Multi-Host
Why is RADIUS or TACACS+ needed? Why can’t the end user authenticate directly to the authentication
server?
d. Both RADIUS and TACACS+ extend the Layer-2 authentication protocols, allowing the end user to
communicate with an authentication server that is not Layer-2 adjacent
e. Both A and D
True or False? MSCHAPv2 may be used to perform machine authentication with an LDAP connection to
Active Directory.
b. False
True or False? The profiling service is enabled by default on ISE policy service nodes.
b. True
True or False? A tunneled EAP type is able to use native EAP types as its inner method.
a. True
When configuring a Cisco switch for 802.1X, at which level of the configuration do the 802.1X -related
commands exist?
True or False? 802.1X can be configured on all switch interfaces, including Layer-3 interfaces.
a. False
b. The outer identity provides a mechanism to authenticate the identity of the endpoint during the
tunnel establishment phase.