PrepAway - Latest Free Exam Questions & Answers

Which two statements about 802.1x authentication with port security are true?

Which two statements about 802.1x authentication with port security are true? (Choose
two.)

PrepAway - Latest Free Exam Questions & Answers

A.
If any client causes a security violation, the port is immediately placed in
spanning-tree disabled mode.

B.
An entry is created in the secure host table for any client that is authenticated
and manually configured for port security, even if the table is full.

C.
802.1x manages network access for all authorized MAC addresses.

D.
If a client is authenticated and the port security table is full, the oldest client is
aged out.

E.
If any host causes a security violation, the port is immediately error-disabled.

Explanation:
If 802.1X detects the violation, the action is to err-disable the port.
If port security detects the violation, the action is to shutdown or restrict the port (the
action is configurable).
When a client is authenticated, and the port security table is not full, the client’s MAC
address is added to the port security list of secure hosts. The port then proceeds to
come up normally.When a client is authenticated and manually configured for port security, it is guaranteed an entry in the secure host table (unless port security static aging has been enabled)
The following describes when port security and 802.1X security violations occur:
In single host mode, after the port is authorized, any MAC address received other than
the client’s causes a 802.1X security violation.
In single host mode, if installation of an 802.1X client’s MAC address fails because port
security has already reached its limit (due to a configured secure MAC addresses), a port
security violation is triggered.
In multi host mode, once the port is authorized, any additional MAC addresses that cannot be installed because the port security has reached its limit triggers a port security
violation.
In addition to setting up dynamic learning of secure MAC addresses, you may configure
static secure MAC address entries using the interface-level command switchport portsecurity mac-address <mac-address>. The static entries also count against the maximum
number of allowed MAC addresses on an interface. You may configure a port to age
static secure MAC address entries as well by using the interface-level command
switchport port-security aging static. This may be useful when you need to set up guaranteed access for a specific MAC address for some amount of time.


Leave a Reply