PrepAway - Latest Free Exam Questions & Answers

Which of the following controls would allow a company to reduce the exposure of sensitive systems from unmanag

Which of the following controls would allow a company to reduce the exposure of sensitive systems from
unmanaged devices on internal networks?

PrepAway - Latest Free Exam Questions & Answers

A.
802.1x

B.
Data encryption

C.
Password strength

D.
BGP

Explanation:
IEEE 802.1X (also known as Dot1x) is an IEEE Standard for Port-based Network Access Control (PNAC). It is
part of the IEEE 802.1 group of networking protocols. It provides an authentication mechanism to devices
wishing to attach to a LAN or WLAN.
802.1X authentication involves three parties: a supplicant, an authenticator, and an authentication server.
The supplicant is a client device (such as a laptop) that wishes to attach to the LAN/WLAN – though the
term ‘supplicant’ is also used interchangeably to refer to the software running on the client that provides
credentials to the authenticator. The authenticator is a network device, such as an Ethernet switch or
wireless access point; and the authentication server is typically a host running software supporting the
RADIUS and EAP protocols.
The authenticator acts like a security guard to a protected network. The supplicant (i.e., client device) is
not allowed access through the authenticator to the protected side of the network until the supplicant’s
identity has been validated and authorized. An analogy to this is providing a valid visa at the airport’s
arrival immigration before being allowed to enter the country. With 802.1X port-based authentication,
the supplicant provides credentials, such as user name/password or digital certificate, to the
authenticator, and the authenticator forwards the credentials to the authentication server for
verification. If the authentication server determines the credentials are valid, the supplicant (client
device) is allowed to access resources located on the protected side of the network.
Incorrect Answers:
B: Data encryption encrypts data whether it is in transit over a network or stored on a hard drive or other
storage. It is not used to prevent access to network switches or other network devices.
C: Password strength determines the length or complexity of a password. It is not used to prevent access
to network switches or other network devices.
D: BGP (Border Gateway Protocol) is a routing protocol. It is not used to prevent access to network
switches or other network devices.
http://en.wikipedia.org/wiki/IEEE_802.1X


Leave a Reply