Which of the following controls would allow a company to reduce the exposure of sensitive
systems from unmanaged devices on internal networks?

A.
802.1x

B.
Data encryption

C.
Password strength

D.
BGP

Explanation:
IEEE 802.1X (also known as Dot1x) is an IEEE Standard for Port-based Network Access Control
(PNAC). It is part of the IEEE 802.1 group of networking protocols. It provides an authentication
mechanism to devices wishing to attach to a LAN or WLAN.
802.1X authentication involves three parties: a supplicant, an authenticator, and an authentication
server. The supplicant is a client device (such as a laptop) that wishes to attach to the LAN/WLAN
– though the term ‘supplicant’ is also used interchangeably to refer to the software running on the
client that provides credentials to the authenticator. The authenticator is a network device, such as
an Ethernet switch or wireless access point; and the authentication server is typically a host
running software supporting the RADIUS and EAP protocols.
The authenticator acts like a security guard to a protected network. The supplicant (i.e., client
device) is not allowed access through the authenticator to the protected side of the network until
the supplicant’s identity has been validated and authorized. An analogy to this is providing a valid
visa at the airport’s arrival immigration before being allowed to enter the country. With 802.1X portbased authentication, the supplicant provides credentials, such as user name/password or digital
certificate, to the authenticator, and the authenticator forwards the credentials to the authentication
server for verification. If the authentication server determines the credentials are valid, the
supplicant (client device) is allowed to access resources located on the protected side of the

network.