A security administrator wants to profile endpoints and gain visibility into attempted authentications. Which 802.1x mode allows these actions?

Question:
A security administrator wants to profile endpoints and gain visibility into attempted authentications. Which 802.1x mode allows these actions?

• Monitor mode
• High-Security mode
• Low-impact mode
• Closed mode

Explanation: There are three authentication and authorization modes for 802.1x:

+ Monitor mode
+ Low impact mode
+ High security mode

Monitor mode allows for the deployment of the authentication methods IEEE 802.1X without any effect to user or endpoint access to the network. Monitor mode is basically like placing a security camera at the door to monitor and record port access behavior.

With AAA RADIUS accounting enabled, you can log authentication attempts and gain visibility into who and what is connecting to your network with an audit trail. You can discover the following:
+ Which endpoints such as PCs, printers, cameras, and so on, are connecting to your network
+ Where these endpoints connected
+ Whether they are 802.1X capable or not
+ Whether they have valid credentials
+ In the event of failed MAB attempts, whether the endpoints have known, valid MAC addresses

Monitor mode is enabled using 802.1X with the open access and multiauth mode Cisco IOS Software features enabled, as follows:
sw(config-if)#authentication open
sw(config-if)#authentication host-mode multi-auth

For more information about each mode, please read this article: http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Security/TrustSec_1-99/Phased_Deploy/Phased_Dep_Guide.html

Exam with this question: CCNA v3.0 (200-125) Study Guide – Exam Dumps