Module 13: Quiz – Endpoint Security (Answers) Network Security

1. A switch has the following command issued as part of an 802.1X deployment.

address ipv4 10.1.1.50 auth-port 1812 acct-port 1813

What is the purpose of this command?

  • It identifies the address of the default gateway and the ports used for traffic destined for remote networks.
  • It identifies the address of the RADIUS server and ports on the server used for RADIUS traffic.
  • It identifies the address of the RADIUS server and the ports used for EAPOL messages.
  • It identifies the address of the switch to which the client connects and the ports used for the EAPOL messages.

Explanation: When using 802.1x authentication, a switch must be configured with the IP address of the RADIUS server, and the port numbers used to communicate with the authentication server.

2. Which device is used as the authentication server in an 802.1X implementation?

  • wireless router
  • Ethernet switch
  • access point
  • RADIUS server

Explanation: In an 802.1x implementation the authentication server is typically a host server running software supporting the RADIUS and EAP protocols.

3. What are two main capabilities of a NAC system? (Choose two.)

  • route filtering
  • incident response
  • DMZ protection
  • security posture check
  • administrative role assignment

Explanation: The primary goal of a network access control (NAC) system is to allow only authorized and compliant systems onto the network. NAC systems can have the following capabilities:

  • profiling and visibility – recognize and profile users and devices before malicious code can cause damage
  • guest network access – manage guest access including authentication, registration, and sponsoring
  • security posture check – evaluate security policy compliance by user type, device type, and operating system
  • incident response – mitigate network threats by enforcing security policies

4. Which Cisco appliance can be used to filter network traffic contents to report and deny traffic based on the web server reputation?

  • ASA
  • AVC
  • ESA
  • WSA

Explanation: The Cisco Web Security Appliance (WSA) acts as a web proxy for an enterprise network. WSA can provide many types of logs related to web traffic security including ACL decision logs, malware scan logs, and web reputation filtering logs. The Cisco Email Security Appliance (ESA) is a tool to monitor most aspects of email delivery, system functioning, antivirus, antispam operations, and block list and allowed list decisions. The Cisco ASA is a firewall appliance. The Cisco Application Visibility and Control (AVC) system combines multiple technologies to recognize, analyze, and control over 1000 applications.

5. Which command is used to enable AAA as part of the 802.1X configuration process on a Cisco device?

  • aaa new-model
  • dot1x pae authenticator
  • dot1x system-auth-control
  • aaa authentication dot1x

Explanation: The first step in configuring 802.1X is to enable AAA using the aaa new-model global configuration command. The next step is to designate the RADIUS server and configure its address and ports.

6. The switch port to which a client attaches is configured for the 802.1X protocol. The client must authenticate before being allowed to pass data onto the network. Between which two 802.1X roles is EAP data encapsulated using RADIUS? (Choose two.)

  • encrypter
  • authenticator
  • data nonrepudiation server
  • supplicant
  • authentication server

Explanation: When a client supplicant is starting the 802.1X message exchange, an EAPOL-Start message is sent between the supplicant and the authenticator, which is the switch. The authenticator then sends EAP data, encapsulated using RADIUS, to the authentication server.

7. Which host-based security measure is used to restrict incoming and outgoing connections?

  • host-based firewall
  • antivirus/antimalware software
  • host-based IPS
  • rootkit

Explanation: A host-based firewall is software installed on a single host that restricts incoming and outgoing connections to that host.

8. Which security service is provided by 802.1x?

  • malware analysis of files
  • malware analysis and protection across the full attack continuum
  • protection against emerging threats for Cisco products
  • port-based network access control

Explanation: 802.1x is an industry standard for providing port-based network access control. It provides a mechanism to authenticate devices onto the local-area networks and WLANs.

9. Why is it important to protect endpoints?

  • After an endpoint is breached, an attacker can gain access to other devices.
  • Endpoints are the starting point for VLAN attacks.
  • Endpoints are susceptible to STP manipulation attacks that can disrupt the rest of the LAN.
  • A breached endpoint gives a threat actor access to system configuration that can modify security policy.

Explanation: Two internal LAN elements to protect are the endpoints and the network infrastructure devices. Endpoints are susceptible to malware-related attacks and once infiltrated, can become a starting point to access other system devices.

10. Websites are rated based on the latest website reputation intelligence. Which endpoint security measure prevents endpoints from connecting to websites that have a bad rating?

  • spam filtering
  • DLP
  • host-based IPS
  • antimalware software
  • denylisting

Explanation: Denylisting blocks endpoints from connecting to suspicious websites that have a bad reputation based on the latest intelligence.

11. When would the authentication port-control command be used during an 802.1X implementation?

  • when a client has sent an EAPOL-logoff message
  • when the authentication server is located at another location and cannot be reached
  • when the authentication server is located in the cloud
  • when an organization needs to control the port authorization state on a switch

Explanation: The authentication port-control switch interface command is used when an organization wants to control the port authorization state, of a particular port, during the 802.1X authentication process. When the authentication port-control auto command is issued, it enables 802.1X port-based authentication and only allows EAPOL, STP, and CDP traffic to be sent until the client device has been authenticated.

12. When using 802.1X authentication, what device controls physical access to the network, based on the authentication status of the client?

  • the authentication server
  • the router that is serving as the default gateway
  • the supplicant
  • the switch that the client is connected to

Explanation: The devices involved in the 802.1X authentication process are as follows:

  • The supplicant, which is the client that is requesting network access
  • The authenticator, which is the switch that the client is connecting and that is actually controlling physical network access
  • The authentication server, which performs the actual authentication

13. A port has been configured for the 802.1X protocol and the client has successfully authenticated. Which 802.1X state is associated with this PC?

  • up
  • authorized
  • enabled
  • forwarding

Explanation: When a port is configured for 802.1X, the port starts in the unauthorized state and stays that way until the client has successfully authenticated. Once authenticated, the port moves to the authorized state and the client is granted access to the network.


Related Articles

guest
0 Comments
Inline Feedbacks
View all comments