Which of the following controls would allow a company to reduce the exposure of sensitive
systems from unmanaged devices on internal networks?
A.
802.1x
B.
Data encryption
C.
Password strength
D.
BGP
Explanation:
Get 50% Discount on All Your Purchases
at PrepAway.com - Latest Exam Questions
This is ONE TIME OFFER
50%
WHAT IS 802.1X?
0
0
What? Perhaps you might open a book to the index and therein look it up. Kind of a “AAA” term.
0
0
Don’t get this answer at all. Why not use password strength and /or encryption?
0
0
802.1X is part of VLAN tagging.
Since the devices are unmanaged…by implementing tagging, you can separate these devices into their own logical network…minimizing exposure.
1
0
The key word in here is :Exposure.
This leades to yet another question: What do they mean by exposure?
• Are we talking about data at rest exposure? (Access)
• Are we talking about data in transit exposure? (Access)
• Are we talking about network exposure ? (Visibility)
What we are really talking about is anyone’s guess
Having said that, in most business, it is crucial to Identifying Critical Information and Systems.
Having done that, an assessment must be done to determine the level of Internal and External Exposure.
After accurately locating critical information, organizations can then assess the risk of data loss based on where sensitive information is being sent, who is sending it, and how often it is happening. During this phase of an information exposure assessment, it is common for organizations to also uncover broken business processes that can lead to vulnerability.
(http://www.infosectoday.com/Articles/Assessing_Reducing_Information_Exposure.htm)
So exposure to my mind speaks of data in TRANSIT, hence we are talking about network exposure (Visibility)
Incorrect Answers:
B: Data encryption encrypts data whether it is in transit over a network or stored on a hard drive or other storage. It is not used to prevent access to network switches or other network devices.
C: Password strength determines the length or complexity of a password. It is not used to prevent access to network switches or other network devices.
D: BGP (Border Gateway Protocol) is a routing protocol. It is not used to prevent access to network switches or other network devices.
So the best explanation is indeed A.802.1x
IEEE 802.1X (also known as Dot1x) is an IEEE Standard for Port-based Network Access Control (PNAC).
It is part of the IEEE 802.1 group of networking protocols. It provides an authentication mechanism to devices wishing to attach to a LAN or WLAN.
802.1X authentication involves three parties:
a supplicant,
an authenticator, and
an authentication server.
The supplicant is a client device (such as a laptop) that wishes to attach to the LAN/WLAN
– though the term ‘supplicant’ is also used interchangeably to refer to the software running on the client that provides credentials to the authenticator.
The authenticator is a network device, such as an Ethernet switch or wireless access point; and the authentication server is typically a host running software supporting the RADIUS and EAP protocols.
The authenticator acts like a security guard to a protected network. The supplicant (i.e., client device) is not allowed access through the authenticator to the protected side of the network until
the supplicant’s identity has been validated and authorized. An analogy to this is providing a valid visa at the airport’s arrival immigration before being allowed to enter the country. With 802.1X portbased
authentication, the supplicant provides credentials, such as user name/password or digital certificate, to the authenticator, and the authenticator forwards the credentials to the authentication server for verification.
If the authentication server determines the credentials are valid, the supplicant (client device) is allowed to access resources located on the protected side of the network.
0
0