NAC

Question 1

Why should you avoid using Open Authentication by itself in an enterprise wireless deployment?

Answer 1

With Open Authentication, no authentication is performed by the wireless client before associating with an AP.

Question 2

What are the two authentication modes available to you when using a version of WPA?

Answer 2

Pre-Shared Key (Personal mode) and 802.1X (Enterprise mode)

Question 3

Where is the supplicant located when using 802.1X to authenticate wireless clients?

Answer 3

On the wireless access client

Question 4

With WebAuth, which type of Layer 3 security authenticates wireless users against a local database?

Answer 4

Local web authentication with an internal database

Question 5

What wireless authentication method uses the more secure Advanced Encryption Standard (AES) and pre-shared key for authentication?

Answer 5

WPA2 Personal

Question 6

What wireless authentication method utilizes user-level authentication along with 802.1X standards with AES encryption?

Answer 6

WPA2 Enterprise

Question 7

What wireless authentication method uses simultaneous authentication of equals (SAE) to build on WPA2 PSK to allow users to authenticate with a passphrase only?

Answer 7

WPA3 Personal

Question 8

What wireless authentication method provides protection for a network transmitting sensitive data by offering 192-bit cryptographic strength? This is considered the most secure wireless authentication method.

Answer 8

WPA3 Enterprise

Question 9

Which 802.1X component is the client device that is requesting access to the network?

Answer 9

Supplicant

Question 10

Which 802.1X component is the network device that is providing access to the network?

Answer 10

Authenticator

Question 11

Which 802.1X component is the device that accepts the user or client credentials and denies or permits access to the network based on policies and a user database?

Answer 11

Authentication server

Question 12

With wireless client authentication, what two devices share the PSK?

WLC and AP

Wireless client and WLC

Wireless client and AP

WLC and RADIUS server

Answer 12

Wireless client and AP

Question 13

Which of the following wireless authentication methods is considered the most secure?

WPA2 Personal

WPA2 Enterprise

WPA3 Personal

WPA3 Enterprise

Answer 13

WPA3 Enterprise

Question 14

True or false: When using WebAuth, passthrough mode does not require wireless users to enter credentials on a web page.

Answer 14

True

Question 15

Which wireless authentication method can you use with Open Authentication to present an acceptable use policy acknowledgment?

PSK

WebAuth

EAP

RADIUS

Answer 15

WebAuth

Question 16

Which of the following wireless authentication methods does WPA3 Personal support?

Open Authentication

PSK

EAP

WebAuth

Answer 16

PSK

Question 17

Which wireless authentication method is required if you want to integrate wireless client authentication with 802.1X?

Open Authentication

PSK

EAP

WebAuth

Answer 17

EAP

Question 18

Which of the following EAP authenication protocols requires both a client and a server digital certificate?

PEAP

EAP-TLS

LEAP

EAP-FAST

Answer 18

EAP-TLS

Question 19

Which of the following EAP authenication protocols only requires the server to have a digital certificate and clients can have a one-time password?

PEAP

EAP-TLS

LEAP

EAP-FAST

Answer 19

PEAP

Question 20

Which EAP authentication protocol is very secure, and requires client certificates to be installed on each Wi-Fi workstation? This approach requires a PKI infrastructure with extra administrative expertise.

PEAP

EAP-TLS

LEAP

EAP-FAST

Answer 20

EAP-TLS

Question 21

Which EAP authentication protocol is secure and requires only server-side certificates? Use of a PKI is optional. Cisco and Microsoft both support this type.

PEAP

EAP-TLS

LEAP

EAP-FAST

Answer 21

PEAP

Question 22

Which EAP authentication protocol is a secure solution for enterprises that cannot enforce a strong password policy and do not want to deploy certificates for authentication?

PEAP

EAP-TLS

LEAP

EAP-FAST

Answer 22

EAP-FAST

Question 23

Which EAP authentication protocol addresses the certificate issue by tunneling TLS, and thus eliminating the need for a certificate on the client side? This type is a proprietary standard, and there is a charge for supplicant and authentication server software.

PEAP

EAP-TLS

EAP-TTLS

EAP-FAST

Answer 23

EAP-TTLS

Question 24

Which EAP authentication protocol was previously a Cisco proprietary type, but now licensed to other vendors? A strong password policy should be enforced when used for authentication to prevent dictionary attacks. Not recommended for enterprise deployments.

Answer 24

LEAP

Question 25

What do Linux clients require to successfully implement Cisco IBNS?

installation of a Cisco 80x.1X supplicant

configuration of a native operating system authenticator

installation of an open-source supplicant

installation of an open-source authenticator

Answer 25

installation of an open-source supplicant

Question 26

What is a characteristic of a 802.1X single-host mode?

second client causes unauthorized port state
one device (first MAC address) authenticated
all subsequent devices get access based on first device authentication
multiple hosts can be attached to a single 802.1X-enabled port

Answer 26

Second client causes unauthorized port state. In single-host mode, only one client can be connected to the 802.1X-enabled port.