Appendix  ■   Answers to Practice Test Questions  48

Appendix 

  Answers to Practice Test Questions

because the switch acts as an authenticator to an AAA server, only allowing access 

after the user or device has been authenticated. 802.1Q is a trunking protocol used 

for transporting multiple VLANs over a layer 2 connection, and it does not provide 

authentication. An access control list (ACL) is a condition and action statement used to 

allow, deny, or log traffic. Firewalls contain ACLs and policies to allow, deny, and log 

traffic, but normally firewalls will not authenticate traffic.

 49.  B.  The end device that sends credentials is called the supplicant. The supplicant is a piece 

of software in the operating system that supplies the credentials for AAA authentication. 

The authenticator is the wireless access point (WAP) or switch configured for 802.1X. 

The AAA server is normally a RADIUS server or TACACS+ server that is configured for 

802.1X.

 50.  A.  The switch is responsible for communicating with the supplicant and sending 

information to the authenticating server. This device is called the authenticator. The end 

device that sends credentials is called the supplicant. The supplicant is a piece of software 

in the operating system that supplies the credentials for AAA authentication. The AAA 

server is normally a RADIUS server or TACACS+ server that is configured for 802.1X.

 51.  A.  The protocol used to communicate between the supplicants (OS) and the authenticator 

(switch) is 802.1X, the Extensible Authentication Protocol (EAP). 802.1X EAP is a 

layer 2 protocol used specifically for authenticating devices to switch ports and wireless. 

UDP ports 1812 and 1813 are commonly used between the authenticator and the AAA 

RADIUS server. TCP is not commonly used with 802.1X. IP is used for logical addressing 

when an authenticator needs to talk with the AAA RADIUS server.

supplicant and the authenticator. It is also used inside of the requests to the RADIUS 

server from the authenticator. The process begins by the EAP frame first being transmitted 

over the layer 2 connection via EAP over LAN (EAPoL). The switch (authenticator) 

then sends the EAP message to the RADIUS server encapsulated in a UDP packet for 

authentication. 802.1X authentication headers are used between the supplicant and the 

authenticator, such as the switch or wireless access point (WAP). IPsec is not commonly 

used with 802.1X. The RADIUS server is commonly the AAA authentication server.

operating system in which it is authenticating. The server that is providing authentication 

is the authentication server, which is commonly the AAA RADIUS server. The device 

that is controlling the access via the 802.1X protocol is the authenticator. The device 

connecting the layer 3 network is normally a router or layer 3 switch.

 54.  C.  A smart card is an example of multifactor authentication because you must have 

the smart card and know the passphrase that secures the credentials stored on the card. 

Single-factor authentication would only require having something or knowing something, 

but not both in this instance. RADIUS authentication requires an authentication server for 

validating usernames and passwords. Active Directory authentication requires a username 

and password.

Chapter 5: Security Fundamentals (Domain 5) 

Download 8,04 Mb.

Do'stlaringiz bilan baham: