Securing Local Area Networks
Here you will find answers to Securing Local Area Networks Questions
Question 1
You suspect an attacker in your network has configured a rogue layer 2 device to intercept traffic from multiple VLANS, thereby allowing the attacker to capture potentially sensitive data. Which two methods will help to mitigate this type of activity? (Choose two)
A. Turn off all trunk ports and manually configure each VLAN as required on each port
B. Disable DTP on ports that require trunking
C. Secure the native VLAN, VLAN 1 with encryption
D. Set the native VLAN on the trunk ports to an unused VLAN
E. Place unused active ports in an unused VLAN
Answer: B D
Question 2
In an IEEE 802. lx deployment, between which two devices EAPOL messages typically are sent?
A. Between the RADIUS server and the authenticator
B. Between the authenticator and the authentication server
C. Between the supplicant and the authentication server
D. Between the supplicant and the authenticator
Answer: D
Explanation
On many networks, a PC sends a DHCP request to obtain an IP address for use on the network. However, with Cisco Identity-Based Networking Services (IBNS), an 802.1x-enabled PC initially sends an Extensible Authentication Protocol over LAN (EAPOL) request. The Cisco Catalyst switch connected to the PC sees the EAPOL request and responds to the PC with a challenge. The challenge asks the PC to provide credentials for network access, such as a valid username and password combination. The switch forwards these credentials to a RADIUS server for verification. Upon verification of the supplied credentials, the switch grants the PC access to the network.
In this question, the supplicant is the 802.1x-enabled PC and the authenticator is the secured switch.
For Q2: Is it “B. Disable DTP on ports that require trunking” correct?
We disable DTP on all access ports and enable on trunking ports. else we have to create manually trunk ON for trunk ports.
What abt D: place unused active ports in an unused vlan?
@Security-guy: We should focus on protecting trunking links as they carry all the data. For answer E – Place unused active ports in an unused VLAN, we should shut down ports that are unused.
Hi @Security-guy:
In CCNA Security exam, is there any LAB to design VPN on routers???
Please confirm
Thanks
Ladak
Hi, I’ve my exam on 19th august 2011. Is P4S 4.38 still valid? Questions shown here are still valid? Has anyone given exam recently?
Hello, just required you to know I he added your website to my Google bookmarks due to your layout. But seriously, I feel your web website has 1 in the freshest theme I??ve came across. It extremely helps make studying your web site significantly easier.